Windows 10 alert: All versions get new Intel patches for Spectre, Foreshadow bugs

Microsoft releases Intel's microcode updates, including one to address the recently revealed Foreshadow flaw.
Written by Liam Tung, Contributing Writer

Video: Intel's patches for Spectre variant 4 will slow your CPU.

Microsoft has released a set of new microcode patches from Intel that address Spectre vulnerabilities, as well as the recently disclosed Foreshadow attacks.

The updates are available for all supported versions of Windows 10 and Windows Server.

As noted on the support page for Windows 10 version 1803, the microcode updates include mitigations for Spectre Variant 3a, CVE-2018-3640, Spectre Variant 4, CVE-2018-3639, as well as two of the Foreshadow bugs, CVE-2018-3615 and CVE-2018-3646, which are also known as L1TF or 'L1 Terminal Fault'.

As Microsoft recently highlighted, Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate the Foreshadow attacks.

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)

Microsoft began helping Intel deliver its microcode updates after Intel first started addressing the Meltdown and Spectre CPU flaws in January. The microcode updates help mitigate Spectre Variant 2, CVE 2017-5715.

Foreshadow includes CVE-2018-3615, which affects Intel's Software Guard Extensions (SGX) enclaves, while CVE-2018-3620 affects operating systems and System Management Mode (SMM) memory. CVE-2018-3646 impacts virtualization.

Microsoft made the updates, all dated 8/20/2018, available on the Microsoft Update Catalog this week.

Previous and related coverage

Microsoft: Here's how to limit 'Foreshadow' attack impact

Windows Server admins using Hyper-V have some complicated choices to make about how best to mitigate Foreshadow on Intel hardware.

Another day, another Intel CPU security hole: Lazy State

Intel has announced that there's yet another CPU security bug in its Core-based microprocessors.

Meltdown-Spectre: Oracle's critical patch update offers fixes against CPU attacks

The enterprise software giant is working on Spectre fixes for Solaris on Sparc V9.

New Spectre variant 4: Our patches cause up to 8% performance hit, warns Intel

Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.

Spectre chip security vulnerability strikes again; patches incoming

A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system.

Are 8 new 'Spectre-class' flaws in Intel CPUs about to be exposed?

Reports are emerging of eight new 'Spectre-class' security CPU vulnerabilities.

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.

Microsoft to Windows users: Here are new critical Intel security updates for Spectre v2

Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.

Windows 10 on AMD? This new update plus Microsoft's patch block Spectre attacks

AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.

Intel: We now won't ever patch Spectre variant 2 flaw in these chips

A handful of CPU families that Intel was due to patch will now forever remain vulnerable.

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

Microsoft's Meltdown fix opened a gaping hole in Windows 7 security, warns researcher.

Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode

Intel makes progress on reissuing stable microcode updates against the Spectre attack.

Got an old PC? Find out whether you will get Intel's latest Spectre patch TechRepublic

Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.

Class-action suits over Intel Spectre, Meltdown flaws surge CNET

Since the beginning of 2018, the number of cases has risen from three to 32.

Editorial standards