It has become quite time consuming to stay up to date with the ever increasing threats that Spectre and Meltdown pose to computer systems around the world.
New variants pop up regularly, and manufacturers like Intel and AMD, and software developers like Microsoft, release advisories, updates, and instructions regularly for some but not all hardware or software that are affected potentially.
Microsoft updated an advisory on today's Patch Day that includes instructions on enabling protection against Speculative Store Bypass (SSB) in Intel and AMD processors.
The update requires that microcode or firmware updates are installed on target machines running Intel processors. AMD systems don't require microcode updates according to Microsoft.
What you need to do to install the updates is the following therefor:
Question is: should you enable the protection? Microsoft did not enable it by default but revealed that it will enable the protection automatically if it notices exploits that are in the wild.
Installing the update won't affect performance according to Microsoft but enabling the protection in the the Registry will have an impact on the device's performance; this is the most likely reason why Microsoft did not enable the protection by default.
The following table shows the vulnerabilities and their default state on all supported versions of Windows.
|Windows 10||Enabled by default||Enabled by default||Disabled by default - see ADV180012|
|Windows Server 2016||Disabled by default - see KB4072698||Disabled by default - see KB4072698||Disabled by default - see ADV180012|
|Windows 8.1||Enabled by default||Enabled by default||Not applicable|
|Windows Server 2012 R2||Disabled by default - see KB4072698||Disabled by default - see KB4072698||Disabled by default - see ADV180012|
|Windows RT 8.1||Enabled by default||Enabled by default||Not applicable|
|Windows 7||Enabled by default||Enabled by default||Disabled by default - see ADV180012|
|Windows Server 2008 R2||Disabled by default - see KB4072698||Disabled by default - see KB4072698||Disabled by default - see ADV180012|
|Windows Server 2008||Enabled by default||Enabled by default||Not applicable|
To enable the Speculative Store Bypass protection in Windows, do the following:
Note: We recommend that you backup the Registry or create a system backup before you run these commands.
To undo the protection outlined under 3) above run the following from an elevated command prompt:
See KB4073119 for additional information or updates.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.