Microsoft pushes out Windows 10 patches to plug Spectre and Foreshadow vulns

[steven36]

Patching over problems; if only we could do that in the real world

 

 

MICROSOFT HAS FLUNG patches at Windows 10 machines to keep the Spectre and Foreshadow vulnerabilities at bay.

 

The patches come courtesy of the latest Windows 10 update and should keep the OS and processors running on the underlying PCs safe from side channel exploits, or at least until cybersecurity boffins find a new suite of such attacks.

 

"This update is a stand-alone update targeted for Windows 10 version 1803 (Windows 10 April 2018 Update) and Windows Server Version 1803 (Server Core)," explains Redmond's support page.

 

"This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM). We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft."

 

Intel has also been pushing out microcode updates to its processors to protect against the new Foreshadow attack technique that was recently discovered by security researchers to exploit side channel functions in modern processors, namely those of Intel.

 

Combined, Microsoft and Intel's patches should shore up the defences of most Windows 10 PCs. But it's worth noting that no attacks using Spectre, Meltdown or Foreshadow have been seen out in the wild as malicious attacks. While the severity of the threat is pretty high, there seem to be far easier ways for hackers to get into machines than messing around with exploiting vulnerabilities in side channel processes.

 

The updates should be pushed out automatically to the average Windows laptop or desktop user. But in firms with a highly managed IT infrastructure or patching processes, it's up to IT admins to check that Windows 10 machines on their networks are indeed up-to-date and protected from the vulnerabilities - even if they might not seem like that greater real-world threat.

 

Source

 

[straycat19]

On 8/23/2018 at 12:30 PM, steven36 said:

But it's worth noting that no attacks using Spectre, Meltdown or Foreshadow have been seen out in the wild as malicious attacks.

 

Which is why people should have an option to install the updates that can visibly slow down their systems.  The problems with all these vulnerabilities that are found in various labs and by researchers is the environment isn't the same as a person sitting at their computer system.  They don't have their hands on the system and they can't manipulate the system without gaining access to it.  The best system is the system installed from the base ISO and never allowed to update.  It isn't any more vulnerable than a system with all the updates, that requires even more updates every month to fix what all the updates before have broken.  It's just a vicious circle you can avoid by never updating from the basic install.

[steven36]

3 hours ago, straycat19 said:

It's just a vicious circle you can avoid by never updating from the basic install.

If it were not  for white hat hackers that dont got nothing better to do than to think up exploits that not been found in the wild . the patches anybody would get would only be needed ones but Microsoft , Google  and others pays hackers to find bugs that most likely no hacker will ever use. Thing about windows 10  when it comes out it dont come out bug free it be full of regressions many patches in windows 10 is to finish stabilizing a version .  I mean they released some really  buggy versions sine 2015  some humdingers and you trying tell me you going use that  with no updates ? when some people couldn't even get them to install with out updates to fix the mess they made  lol.

 

Updates are not just for security and they never have been. windows 8.1 always been way more stable than Windows 7 witch just people didn't like because it didn't have a start menu witch mine always had  one because i installed my own . I remember before Windows 7 Sp1 came out people were installing hotfixes left and right in windows 7 because it was so full of bugs  all Windows 7  is Windows Vista SP3,  they even had forums dedicated to hotfixes back then . i never have missed Windows 7 having to find 3rd party drivers for your wifi adapter and for  other hardware  ..Most people used windows 7 suffered USB plugins not working and all kinds of crap like uninstalling software  and it breaking there internet tell they reinstalled 3rd party drivers .  On Windows 10, Windows 8.1 and modern Linux Distros you can just plug stuff in and it works . After 9 years of updates it should be stable  but not all bugs were fixed in windows 7 because after 5 years they quit fixing them.