- Meltdown And Spectre Patch
- Microsoft Meltdown Patch Download
- Meltdown Spectre Microsoft Patch Download Full
- Microsoft Patch Download Vista
- Meltdown Spectre Microsoft Patch Download 2017
- Spectre And Meltdown Microsoft
- Meltdown and Spectre CPU Vulnerabilities: Security Patches and Tips (Continuous Update) George Paliy Posted on January 15, 2018 June 1, 2018 Leave a comment UPDATED: 23 May,2018.
- Microsoft has previously released patches for Windows to mitigate the risk of earlier Spectre and Meltdown vulnerabilities, and it has recently added patches for the new vulnerabilities.
- Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll. More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns. This is going to take a while.
- Download the latest product modules for best protection. Is ESET compatible with the Microsoft patch that corrects the Meltdown Intel Flaw? Following the installation of Apple patches for the Spectre/Meltdown vulnerabilites in the macOS versions 10.11.6 and 10.12.6 supplemental update, system errors can occur when ESET Cyber Security aor.
- The Meltdown & Spectre vulnerabilities remain challenging to patch and mitigate. Here's the latest advice from ConnectWise Automate GM Brett Cheloff. Since Automate leverages the Microsoft update agent, as soon as patches are made available by Microsoft, Automate can instigate an inventory check for newly released patches so that you can.
PowerShell Script to patch Meltdown/Spectr e Exploits for Windows Server Please feel free to test out this script I created for autoupdating components for patching against the Meltdown and Spectre exploits.
Late last night, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995.
The Redmond-based OS maker was not planning on releasing the updates until next week, on Patch Tuesday, but was forced to roll out fixes after Google went public with details about the two vulnerabilities.
According to a Microsoft security advisories [1, 2], these are the Windows security updates that address the Meltdown and Spectre flaws for various Windows distributions.
Operating System Version | Nba live 2003 roster patch download. Update KB |
Windows Server, version 1709 (Server Core Installation) | |
Windows Server 2016 | |
Windows Server 2012 R2 | |
Windows Server 2012 | Not available |
Windows Server 2008 R2 | |
Windows Server 2008 | Not available |
Windows 10 (RTM, 1511, 1607, 1703, 1709), Windows 8.1, Windows 7 SP1 | ADV180002 (Multiple KBs, it's complicated) |
The Microsoft updates are not all-out fixes. Some Windows PCs may require additional CPU firmware updates to mitigate Spectre attacks, but the Microsoft updates appear to fully-address the Meltdown flaw.
Problems with some anti-virus software may lead to BSODs
But Microsoft also warns that the Meltdown and Spectre security fixes are incompatible with some anti-virus products.
'During our testing process, we uncovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur,' Microsoft said in a compatibility note for yesterday's security fixes.
Meltdown And Spectre Patch
'These calls may cause stop errors [..] that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.'
'If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor,' Microsoft said.
In other words, if users are employing a third-party anti-virus product, they should first check if the AV has updated its anti-virus product to support the Microsoft patches.
There have been no reports of malicious groups using neither Meltdown or Spectre in real-world attacks, so Microsoft is also recommending that users give anti-virus vendors more time to update their products.
Microsoft says that when anti-virus vendors update their product to support the Meltdown and Spectre patches, they've been instructed to create a custom registry key on the OS, which will allow Windows to download and receive the proper security fixes (if the user also agrees to it).
If users aren't willing to search their antivirus product's homepage for such info, if they find the following registry key on their systems, the antivirus product has already been updated to support the Meltdown and Spectre patches.
Microsoft Meltdown Patch Download
A security researcher is currently keeping a Google Docs spreadsheet with the status of Meltdown and Spectre patches on various anti-virus engines. At the time of writing, only Microsoft, ESET, and Kaspersky AV engines support the patches, with others set to receive updates starting tomorrow.
Meltdown Spectre Microsoft Patch Download Full
Other vendors have also issued patches. You can find a full list here.
Related Articles:
Summary of the patch status for Meltdown / Spectre
Meltdown and Spectre are hardware design vulnerabilities in all modern CPUs based onspeculative execution. Background infos:
- https://spectreattack.com/ or https://meltdownattack.com/ (both pages serve identical content)
The bug is in the hardware, but mitigations in operating systems are possible and are gettingshipped now. I'm collecting notes on the patch status in various software products. This willchange rapidly and may contain errors. If you have better info please send pull requests.
(Use at your own risk)
- Linux: Stéphane Lesimple put together a simple shell script to tell if your Linux installation is vulnerable against the 3 'speculative execution' CVEs.
- Linux: Red Hat Check Script - get the latest version from the diagnose tab of the main Red Hat vulnerability article.
- Linux: Debian Spectre-Meltdown Checker - Spectre & Meltdown vulnerability/mitigation checker available in stretch-backports.
- Microsoft Windows: See the Windows section in this document containing the link to the official Powershell script.
- In a recent tweet, Moritz Lipp (Graz University of Technology) has announced the release of their PoC implementations for Meltdown.
- In a recent tweet, Jann Horn (Google's Project Zero) has announced that the PoC code referenced in their recent blogpost about CPUs is now public.
- The LSDS group at Imperial College London has published sample code demonstrating a Spectre-like attack against an Intel SGX enclave.
- Dag-Erling Smørgrav published a Meltdown PoC for FreeBSD.
Kernel Page Table Isolationis a mitigation in the Linux Kernel, originally named KAISER.
- Version 4.14.11 contains KPTI.
- Version 4.15-rc6 contains KPTI.
- Longterm support kernels Version 4.9.75 and 4.4.110 contain KPTI backports.
Noteworthy:
- Comment by kernel developer Andrew Lutomirski that pre-4.14 kernels got an earlier version of KPTI and may contain bugs.
- Explanation of PCID, which will reduce performance impact of KPTI on newer kernels.
minipli is an unofficial fork of the former grsecurity patches (original grsecurity is no longer publiclyavailable). minipli is based on the longterm kernel 4.9, which supports KPTI since4.9.75, yet the patchset isn't ported yet.
- Fixed with Android Security Bulletin—January 2018.
- Windows Server Guidance and Windows Client Guidance. Note: both links include a Powershell tool to query the status of Windows mitigations for CVE-2017-5715 (branch target injection) and CVE-2017-5754 (rogue data cache load).
Update - Tue 9 Jan 09:00 UTC
Microsoft has reports of some customers with AMD devices getting into an unbootable state after installing this KB. To prevent this issue, Microsoft will temporarily pause Windows OS updates to devices with impacted AMD processors (older CPUs, eg. Athlon and Sempron) at this time. Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. If you have experienced an unbootable state or for more information see KB4073707. For AMD specific information please contact AMD.
Update - Sat 27 Jan
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.
Update Mon 8 Jan 18:00 UTC
Apple has released security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715):
- Safari 11.0.2 for Mac OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
- iOS 11.2.2 update for iPhone and iPad
Update - Sun 7 Jan 2018, 9:00 UTC
Based on the Apple's response posted here, Meltdown (CVE-2017-5754) is currently only addressed in iOS 11.2, macOS 10.13.2, and tvOS 11.2. Apple cannot say at this time if there will be updates to OS versions prior to the ones listed in their article at this time. The same can be said for Spectre (CVE-2017-5753 and CVE-2017-5715) and any updates for Safari. This means that at this given time there are NO patches for 10.11.x (El Capitan) or 10.12.x (Sierra).
- Red Hat Advisory
- Red Hat Check Script Get the latest version from the diagnose tab of the main Red Hat vulnerability article.
- CentOS:
- 7 - CESA-2018:0007 (kernel), CESA-2018:0012 (microcode_ctl), CESA-2018:0014 (linux-firmware), CESA-2018:0023 (qemu-kvm), CESA-2018:0029 (libvirt)
- 6 - CESA-2018:0008 (kernel), CESA-2018:0013 (microcode_ctl), CESA-2018:0024 (qemu-kvm), CESA-2018:0030 (libvirt)
- Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).Update - Wed 10 Jan 2018, 08:00 UTCFedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.
- Ubuntu (tl;dr: Patches for Meltdown now available; subsequent patches for Spectre are coming in the future before the kernels are pushed to official release branch)The first set of updates for 14.04 / 16.04 was broken on some systems, please make sure you update to the very latest kernel packages and avoid the broken ones.Update - Sun 7 Jan 2018, 22:00 UTCRelease candidate kernels 4.4.x (Trusty HWE / Xenial GA) and 4.13.x (Xenial HWE-edge / Artful GA / Artful HWE) are now publicly available from a dedicated Launchpad PPA and currently contain patches for CVE-2017-5754 aka Meltdown, with support only some architactures. Support for a broader array of architectures and patches for CVE-2017-5715 and CVE-2017-5753 aka Spectre are expected in the near future.After some testing, the patched kernels will be pushed to the main release branch.Update - Mon 8 Jan 2018, 16:00 UTCCanonical Ltd. announced that, in order to speed up the patching process for all supported distribution versions and branches, the 4.10.x Xenial HWE kernel will be migrated early to version 4.13.x, thus leaving no supported kernel branch exposed to vulnerabilities. The migration will occur concurrently to the push of patched kernels to the main distribution repositories.In addition, Ubuntu 17.04, aka Zesty Zapus, will reach End Of Life on Sat 13 Jan 2018 and will not receive any kind kernel patch support.
- 17.10: USN-3523-1
- 16.04: USN-3522-1
- 14.04: USN-3522-2
- 16.04/regression: USN-3522-3
- 14.04/regression: USN-3522-4
- Debian: 'Meltdown' fixed in stretch (4.9.65-3+deb9u2, DSA-4078-1), jessie (3.16.51-3+deb8u1, DSA-4082-1) and wheezy (3.2.96-3, DLA-1232-1). 'Spectre' mitigations are a work in progress.
- Scientific Linux:
- 7 - SLSA-2018:0007-1 (kernel), SLSA-2018:0012-1 (microcode_ctl), SLSA-2018:0014-1 (linux-firmware)
- 6 - SLSA-2018:0008-1 (kernel), SLSA-2018:0013-1 (microcode_ctl)
- CoreOS Container Linux: Fixes for Meltdown are available in all release channels now (Alpha 1649.0.0, Beta 1632.1.0, Stable 1576.5.0). Auto-updated systems will receive the releases containing the patch on 2017-01-08. Spectre patches are still WIP.
- NixOS: According to #33414, KPTI is in nixpkgs since 1e129a3.
- Gentoo:
- Oracle Linux (ELSA Security Advisory):
- CloudLinux: Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux
- Parrot Security OS: meltdown/spectre security patches
- Wind River Linux and Pulsar Linux: Wind River Security Vulnerability Notice: Meltdown and Spectre Side-Channel Attacks - (CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715) for Wind River Linux and Pulsar
- Tails: Tails 3.4 has been released. It contains the fix for Meltdown and partial mitigation for Spectre.
- Manjaro: Detail about Kernel Page-Table Isolation, patched with stable update 2018-01-05.
- XEN - XSA-254 and Xen Project Spectre/Meltdown FAQ, no patches yet
- QEMU - unofficial patch published here, official blog post, discussion on qemu-devel
- VMware
- vSphere status is tracked in KB 52245
- VMSA-2018-0004 - Update 01/13/18: All of the ESXi patches associated with VMSA-2018-0004 have been PULLED from the online repository after Intel notified VMware of faulty microcode updates for certain Haswell/Broadwell CPUs. Please see https://kb.vmware.com/s/article/52345 for affected systems & “tmp” workaround for those who’ve applied microcode update until new updates are available from Intel.
- VMware currently advises patching to the levels provided in VMSA-2018-0002.
- VMware Appliance status is tracked in KB 52264.
- vSphere status is tracked in KB 52245
- Red Hat Enterprise Virtualization - Impacts of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat Virtualization products
- Citrix XenServer - Citrix XenServer Multiple Security Updates
- Nutanix
- Update - Wed 12 Feb 2018New Nutanix Security Advisory #0007 v10 - Nutanix Side-Channel Speculative Execution Vulnerabilities
- Update - Wed 31 Jan 2018New Nutanix Security Advisory #0007 v9 - Nutanix Side-Channel Speculative Execution Vulnerabilities
- Update - Wed 17 Jan 2018New Nutanix Security Advisory #0007 v7 - Nutanix Side-Channel Speculative Execution Vulnerabilities
- Update - Mon 8 Jan 2018New Nutanix Security Advisory #0007 v2 - Nutanix Side-Channel Speculative Execution Vulnerabilities
- Nutanix Security Advisory #0007 v1 Nutanix Side-Channel Speculative Execution Vulnerabilities
- Virtuozzo - Virtuozzo Addresses Intel Bug Questions
- KVM: Update - Tue 9 Jan 07:50 UTC - Paolo Bonzini, KVM developer, posted in a tweet the following status update for CVE-2017-5715 (Spectre):
- Already in Linus's tree: clearing registers on vmexit
- First wave of KVM fixes here: https://marc.info/?l=kvm&m=151543506500957&w=2
- He is also mentioning that a full solution will require all the Linux parts to be agreed upon, but this will unblock the QEMU updates.
- Mozilla: Mitigations landing for new class of timing attack (blog post), Security Advisory 2018-01, Firefox mitigation update 57.0.4
- Chrome: Actions Required to Mitigate Speculative Side-Channel Attack Techniques
- Microsoft Edge: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer
- Webkit (open source browser engine): What Spectre and Meltdown Mean For WebKit
- Brave Browser: New desktop release just out (0.19.131) with various security enhancements, including Strict Site Isolation support.
Update Mon 8 Jan 2018, 13:00 UTC
Tencent's Xuanwu Lab has released a web-based tool that can detect whether your browser is vulnerable to Spectre Attack and can be easily exploited. Official tweet: https://twitter.com/XuanwuLab/status/950345917013504001
- Amazon AWS: Processor Speculative Execution Research Disclosure
- Google Cloud: Google’s Mitigations Against CPU Speculative Execution Attack Methods
- Microsoft Azure: Securing Azure customers from CPU vulnerability
- DigitalOcean: A Message About Intel Security Findings
- Scaleway/Online: Spectre and Meltdown vulnerabilities status
- Linode: CPU Vulnerabilities: Meltdown & Spectre
- Rackspace: Rackspace is Tracking Vulnerabilities Affecting Processors by Intel, AMD and ARM
- OVH: Meltdown, Spectre bug impacting x86-64 CPU - OVH fully mobilised (en), Vulnérabilités Meltdown/Spectre affectant les CPU x86-64 : OVH pleinement mobilisé (fr), Octave Klaba's (OVH CEO) Twitter thread
- Vultr: Intel CPU Vulnerability Alert
- Hetzner: Spectre and Meltdown
- UpCloud: Information regarding the Intel CPU vulnerability (Meltdown)
- Heroku: Meltdown and Spectre Security Update
- Alibaba Cloud: Intel Processor Meltdown and Specter Security Vulnerability Bulletin
- Zscaler: Meltdown and Spectre vulnerabilities: What you need to know
- Gandi: Meltdown and Spectre vulnerabilities
- Intel: INTEL-SA-00088 - Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method, Intel Analysis of SpeculativeExecution Side Channels (Whitepaper), Intel Issues Updates to Protect Systems from Security Exploits, Firmware Updates and Initial Performance Data for Data Center Systems, Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
- AMD: An Update on AMD Processor Security
- ARM: Security Update
- Arista: Security Advisories
- Raspberry Pi: Why Raspberry Pi isn't vulnerable to Spectre or Meltdown
- NVIDIA: Security Notice: Speculative Side Channels, NVIDIA Shield Tablet Security Updates, NVIDIA Shield TV Security Updates, NVIDIA GPU Display Driver Security Updates, NVIDIA Tegra Jetson TX2 L4T Security Updates, NVIDIA Tegra Jetson TX1 L4T and Jetson TK1 L4T Security Updates
- Lenovo: LEN-18282 - Reading Privileged Memory with a Side Channel
- IBM: Central Processor Unit (CPU) Architectural Design Flaws, Potential Impact on Processors in the POWER family
- Huawei: huawei-sn-20180104-01 - Statement on the Media Disclosure of a Security Vulnerability in the Intel CPU Architecture Design
- F5: K91229003 - Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
- Cisco CPU Side-Channel Information Disclosure Vulnerabilities
- Fortigate: CPU hardware vulnerable to Meltdown and Spectre attacks
- Cumulus Linux: Meltdown and Spectre: Modern CPU Vulnerabilities
- Check Point: Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
- Palo Alto Networks: Information about Meltdown and Spectre findings (PAN-SA-2018-0001)
- HP Enterprise: Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754), HPESBHF03805 Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure
- Juniper: 2018-01 Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method, Meltdown & Spectre: Modern CPU vulnerabilities
- Infoblox: #7346: Spectre/Meltdown Vulnerabilities - CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 (Login required)
- FireEye: FireEye Notice for CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 (“Meltdown” and “Spectre” vulnerabilities), Community Protection Event (CPE): CPU Security Flaws (Spectre/Meltdown) (Login required)
- Symantec: Meltdown and Spectre: Are Symantec Products Affected?
- Dell: Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
- Dell EMC: Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)
- NetApp: NTAP-20180104-0001 - Processor Speculated Execution Vulnerabilities in NetApp Products
- ASUS: ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- Aruba Networks: ARUBA-PSA-2018-001 - Unauthorized Memory Disclosure through CPU Side-Channel Attacks
- Pure Storage: Advisory (login required)
- Supermicro: Security Vulnerabilities Regarding Side Channel Speculative Execution and Indirect Branch Prediction Information Disclosure
- A10 Networks: SPECTRE/MELTDOWN - CVE-2017-5715/5753/5754
- Avaya: Recent Potential CPU Vulnerabilities: Meltdown and Spectre
- RSA: 000035890 - Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products (login required)
- Fujitsu: CPU hardware vulnerable to side-channel attacks, 6 SPARC server models listed as t.b.d. p.9
- Veritas Appliance: Veritas Appliance Statement on Meltdown and Spectre
- Schneider Electric: Security Notification: 'Meltdown' (CVE-2017-5754) and 'Spectre' (CVE-2017-5753 & CVE-2017-5715) - impact to APC products
- Polycom: Security Advisory Relating to the “SpeculativeExecution” Vulnerabilities with some microprocessors
- Sonicwall: Meltdown and Spectre Vulnerabilities: A SonicWall Alert
- Aerohive Networks: Aerohive's response to Meltdown and Spectre
- Barracuda Networks: Security Advisory
- Netgate: An update on Meltdown and Spectre
- Silver Peak: Security Advisory
- Arbor Networks: Security Advisory (requires support login)
- Extreme Networks: VN 2018-001 (CVE-2017-5715, CVE-2017-5753 - Spectre), VN 2018-002 (CVE-2017-5754 - Meltdown)
- KEMP Technologies: Meltdown And Spectre (CVE-2017-5754 & CVE-2017-5753)
- Pulse Secure: KB43597 - Impact of CVE-2017-5753 (Bounds Check bypass, AKA Spectre), CVE-2017-5715 (Branch Target Injection, AKA Spectre) and CVE-2017-5754 (Meltdown) on Pulse Secure Products
- Nokia: Security Advisory (requires Nokia OLCS login)
- Riverbed: Meltdown/Spectre: Side Channel Attacks against X86 hardware and Linux Kernel (requires Riverbed Support Account)
- Acer: Meltdown and Spectre security vulnerabilities
- Asus: ASUS Update on Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- Gigabyte: BIOS update for Side Channel Analysis Security issue Mitigations
- Panasonic: Security information of vulnerability by Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- MSI: MSI pushes out motherboard BIOS updates to tackle recent security vulnerabilities
- Toshiba: Intel, AMD & Microsoft Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method Security Vulnerabilities
- Vaio: Side Channel Analysis に関する脆弱性対応について (japanese only)
- HP: HPSBHF03573 rev. 4 - Side-Channel Analysis Method
- Mellanox: Mellanox Mitigates Meltdown Mess, Stops Spectre Security Slowdown
- CERT/CC: Vulnerability Note VU#584653 - CPU hardware vulnerable to side-channel attacks
- US-CERT: TA18-004A - Meltdown and Spectre Side-Channel Vulnerability Guidance
- CERT-EU: Security Advisory 2018-001 - Meltdown and Spectre Critical Vulnerabilities
- NCSC-UK: Meltdown and Spectre guidance
- CERT-FR: CERTFR-2018-ALE-001 - Multiples vulnérabilités de fuite d’informations dans des processeurs (french only)
- CERT Nazionale: Moderni processori vulnerabili ad attacchi side-channel (italian only)
- CERT-PA: Meltdown e Spectre, vulnerabilità sui microprocessori mettono potenzialmente a rischio informazioni sensibili (italian only)
- CERT-GARR: ALERT GCSA-18001 - Vulnerabilità Meltdown e Spectre (italian only)
- SingCERT: Alert on Security Flaws Found in Central Processing Units (CPUs)
- CERT.BE: Central Processor Unit (CPU) Architectural Design Flaws
- CERT-IS: Alvarlegur öryggisgalli í örgjörvum - Meltdown/Spectre (icelandic only)
- MyCERT: MA-691.012018: Alert - CPU Hardware Side-Channel Attacks Vulnerability
- CERT-BUND: Prozessor-Schwachstellen: Spectre und Meltdown (german only)
Update - Wed 17 Jan 8:30 UTC
Red Hat is currently recommending that subscribers contact their CPU OEM vendor to download the latest microcode/firmware. Red Hat is no longer providing microcode to address Spectre variant 2, due to instabilities that are causing systems to not boot. More details can be found in this article (subscription required).
Update - Tue 9 Jan 21:50 UTC
Latest Intel microcode update (released 1/8/2018) is 20180108. According to its release notes:
Update - Thu 4 Jan 2018, 15:30 UTC
It seems that the new Intel’s microcode archive (2017-12-15) provided with the latest Red Hat’s microcode_ctl update includes three new files: 06-3f-02, 06-4f-01, 06-55-04.
Based on what we know:
- it adds one new CPUID and two MSR for the variant of Spectre that uses indirect branches
- it forces LFENCE to terminate the execution of all previous instructions, thus having the desired effect for the variant of Spectre that uses conditional branches (out-of-bounds-bypass)
Those IDs belong to the following processor microarchitectures: Haswell, Broadwell, Skylake (official reference)
Update - Thu 4 Jan 2018, 16:30 UTC New xp patch download link.
Microsoft Patch Download Vista
Regarding AMD's microcode update: it seems to be only for EPYC (maybe Ryzen, not sure!) and it only adds one of the two MSRs (IA32_PRED_CMD). It uses a different bit than Intel's in the CPUID. It is also for Spectre with indirect branches. Previous microprocessors resolved it with a chicken bit. Please note that the same solution implemented at kernel level works for both Intel and AMD.
Update - Fri 5 Jan 2018, 03:35 UTC
Debian Project package maintainers released an updated version of the 'intel-microcode' package (version 2017-12-15) for the Sid (unstable) branch olny. Upon inspection, it seems to contain the same microcode additions observed in the Red Hat microcode_ctl update of Thu 4 Jan 2018, 15:30 UTC.The package in compatible with all Debian-based distributions that support post-boot microcode updates.
Some Antiviruses do things that break when installing the Windows patches, therefore Microsoft doesn't automatically install the patches on those systems.
Vendor overview: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
Feb 20, 2016 How To Download & Install Naruto Shippuden Ultimate Ninja Storm 4 PC + Official Patch 1&2. STORM 4 PC STORM 4 OFFICIAL UPDATE HOW TO DOWNLOAD. DLC DOWNLOAD DLC UNLOCK OFFICIAL PATCH OFFICIAL. Naruto ultimate ninja storm 4 free download - Naruto Shippuden Ultimate Ninja Storm 4, Ultimate Ninja Naruto Storm 4 Cheat, Naruto Shippuden: Ultimate Ninja Storm 4 for Xbox One, and many more. Feb 08, 2016 READ DESCRIPTION Test Optimization of Naruto Shippuden: Ultimate Ninja Storm 4 on my PC. My PC: Asus N56VB-S3055H - Intel Core i7 3630QM 2.4 GHz (3. Naruto ultimat ninja storm 4 official patch download. Jan 23, 2017 Now to begin with, Naruto Shippuden Ultimate Ninja Storm 4 update 1.07/8 is available and is FREE. With Road to Boruto coming out soon on February 3rd, CC2 and Namco Bandai made the update available on January 23, 2017 to all users around the world.
- Trend Micro: Important Information for Trend Micro Solutions and Microsoft January 2018 Security Updates (Meltdown and Spectre)
- Emsisoft: Chip vulnerabilities and Emsisoft: What you need to know
- Sophos: Advisory - Kernel memory issue affecting multiple OS (aka F.CKWIT, KAISER, KPTI, Meltdown & Spectre)
- Webroot: Microsoft Patch Release - Wednesday, January 3, 2018
- McAfee: Decyphering the Noise Around ‘Meltdown’ and ‘Spectre’ and Meltdown and Spectre – Microsoft update (January 3, 2018) compatibility issue with anti-virus products
- Kaspersky: Compatibility of Kaspersky Lab solutions with the Microsoft Security update of January 9, 2018
- ESET: Meltdown & Spectre: How to protect yourself from these CPU security flaws
- Avira: With our latest product update 15.0.34.17 Avira Antivirus Free, Avira Antivirus Pro and Avira Antivirus Server are compatible with the Microsoft update
- Symantec: Meltdown and Spectre: Are Symantec Products Affected?
- Avast: Meltdown and Spectre: Yes, your device is likely vulnerable
- eScan: Meltdown and Spectre – CPU Vulnerabilities
- Bitdefender: Meltdown and Spectre: decades-old CPU design flaws put businesses at risk
- SQL Server: SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
- Elastic stack: Performance Impact of Meltdown on Elasticsearch, Elastic Cloud and Meltdown
- Couchbase: Speculative Execution Processor Vulnerabilities – ‘Meltdown and Spectre’: What you need to know
- ScyllaDB: The Cost of Avoiding a Meltdown
- Redis Enterprise: Securing Redis Enterprise from Meltdown and Spectre Vulnerabilities
- Redis:
Meltdown Spectre Microsoft Patch Download 2017
- Synology: Synology-SA-18:01 Meltdown and Spectre Attacks
- Opengear: CVE-2017-5754, CVE-2017-5715, CVE-2017-5753 - Meltdown and Spectre CPU Vulnerabilities
- QNAP: NAS-201801-08 - Security Advisory for Speculative Execution Vulnerabilities in Processors
Spectre And Meltdown Microsoft
- Google's Retpoline: a software construct for preventing branch-target-injection (technical write-up)
- LLVM: An implementation is under review for official merge here
- GCC: An implementation for GCC is available here