Windows 10 on AMD? This new update plus Microsoft's patch block Spectre attacks

AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.
Written by Liam Tung, Contributing Writer

Chipmaker AMD has released new microcode updates to mitigate the Spectre variant 2 side-channel attack, which Microsoft has supported with a Windows 10 patch for AMD systems.

AMD's latest microcode update coincided with Microsoft's April Patch Tuesday fixes and comes just weeks after Intel wrapped up its Spectre 2 mitigations for all CPU families released over the past nine years.

AMD's chief mitigation for its chips on Windows affected by variant 2 CPU indirect branch target injections is called 'indirect branch prediction barrier' (IBPB), which is only intended for cases when software switches from one user context to a context that should be protected.

AMD's whitepaper on the Meltdown and Spectre attacks advises against two other Spectre variant 2 mitigations for Windows and Linux on AMD known as Indirect Branch Restricted Speculation (IBRS) and Single Thread Indirect Branch Predictor (STIBP). It's also recommending Google's Retpoline combined with IBPB for Linux.

This context switching restriction is why Windows 10 users are being urged to install Microsoft's latest Windows 10 update KB4093112, which contains a supporting update for Windows 10 that limits ARM's IBPB to when software switches from user context to kernel context.

"Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows," wrote Mark Papermaster, AMD's CTO.

Microsoft is planning to release a similar update for AMD's fix on Windows 2016 following final validation and testing, according to Papermaster.

AMD said it has already released microcode updates to its customers and partners for all chips dating back to the first Bulldozer core products released in 2011.

Related article: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness

These updates will be released as BIOS updates from PC and server makers and motherboard providers.

Papermaster in January announced "optional microcode updates" for Ryzen and Epyx processors and flagged further microcode updates for older chips in coming weeks.

AMD at the time said its chips weren't affected by Meltdown, while Spectre version 1 attacks would be mitigated by OS updates.

Microsoft released new Windows 10 updates for AMD processors in February after an earlier update stopped AMD systems from booting.

AMD has yet to release patches for the Ryzenfall, Masterkey, Fallout, and Chimera bugs revealed in March.

Previous and related coverage

Intel: We now won't ever patch Spectre variant 2 flaw in these chips
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.

Windows 7 Meltdown patch opens worse vulnerability: Install March updates nowMicrosoft's Meltdown fix opened a gaping hole in Windows 7 security, warns researcher.

Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode Intel makes progress on reissuing stable microcode updates against the Spectre attack.

Got an old PC? Find out whether you will get Intel's latest Spectre patch (TechRepublic)
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.

Class-action suits over Intel Spectre, Meltdown flaws surge (CNET)
Since the beginning of 2018, the number of cases has risen from three to 32.

Editorial standards