Question:
=================
Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks”
•CVE-2017-5715 - Bounds check bypass
•CVE-2017-5753 - Branch target injection
•CVE-2017-5754 - Rogue data cache load
This class of vulnerabilities will affect many modern processors and operating systems, including hardware (Intel, AMD, and ARM), software(Windows, Linux, Android, Chrome, iOS, Mac OS). Both physical and virtual machine
will be affected. At the time of publication, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.
Solution:
==================
To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has released several updates to help mitigate these vulnerabilities. We
have also taken action to secure our cloud services. Meanwhile, since the issue affect hardware, we may also need to install firmware updates from device manufacturer for increased protection. Please check with device manufacturer for relevant updates.
Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure, for more detailed information please check the following link:
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
For customers using Microsoft operation system in personal or On-premises environment, please refer to following suggestion:
-----------------
1. Apply the applicable firmware update that is provided by the device manufacturer, please refer to following device vendors’ link:
Intel:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA00088&languageid=en-fr
AMD: https://www.amd.com/en/corporate/speculative-execution
Dell :
www.dell.com/support/article/cn/zh/cnbsd1/sln308587/microprocessor-side-channelattacks--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dellproducts?lang=en
Lenovo: https://support.lenovo.com/us/zh/solutions/len-18282
HPE: https://www.hpe.com/us/en/services/security-vulnerability.html
2. Follow below blog to perform the Best Practice from Microsoft:
Server: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Client:
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
3. It is recommended to install a compatibility Anti-virus, otherwise you may not able to get the Windows security updates released January 3, for more information please refer to:
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
Please check the link below for more detailed information:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Hotfix released for this issue:
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
