Emergency Update for Processor Security Bug
Emergency Update for Processor Security Bug, Fabric
Microsoft is in the process of issuing emergency updates for all supported versions of Windows. These updates are one of a range of patches that will be required to address security flaws in almost every processor made in the last 5 years (at least). This includes Intel, ARM and AMD processors used in everything from PCs, through mobile phones, to personal video recorder boxes from Virgin and Sky.
Intel has confirmed that they “have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
The flaws have been nicknamed “Meltdown” and “Spectre”.
Microsoft has already distributed the emergency update for Windows 10. If your computer has not already automatically restarted to install it, we strongly recommend you manually install updates now. Older versions of Windows will need to wait a little while for an update to be released.
Apple has also confirmed that “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.” “Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.” They have released patches for iOS (11.2), macOS (10.13.2), and tvOS (11.2) and are working on updates for Safari.
These updates do have the risk that they will stop other pieces of software working (or adversely affect their performance). There are reported issues with Anti-Virus packages. The latest version of the Microsoft update will only install if the Anti-Virus package installed confirms that it is compatible. This requires that the Anti-Virus software is updated first (https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released). Most cloud-managed Anti-Virus solutions have been updated, but those with standalone Anti-Virus or one managed from a local server may need to get these updated first.