![]() ![]() On August 8, 2023, we published CVE-2023-20569 | AMD CPU Return Address Predictor (also known as Inception) which describes a new speculative side channel attack that can result in speculative execution at an attacker-controlled address. Take action as required by using the advisories and registry key information that are provided in this article. You should take the following actions to help protect against these vulnerabilities:Īpply all available Windows operating system updates, including the monthly Windows security updates.Īpply the applicable firmware (microcode) update that is provided by the device manufacturer.Įvaluate the risk to your environment based on the information that is provided in Microsoft Security Advisories ADV180002, ADV180012, ADV190013, and ADV220002, in addition to the information provided in this article. Thes vulnerabilities are assigned in the following CVEs:ĬVE-2022-21123 | Shared Buffer Data Read (SBDR)ĬVE-2022-21125 | Shared Buffer Data Sampling (SBDS)ĬVE-2022-21127 | Special Register Buffer Data Sampling Update (SRBDS Update)ĬVE-2022-21166 | Device Register Partial Write (DRPW) On June 14 2022, we published ADV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities. To learn more about this class of vulnerabilities, see the following:ĪDV180012 | Microsoft Guidance for Speculative Store Bypass We will continue to improve these mitigations against this class of vulnerabilities. ![]() Windows Update will also provide Internet Explorer and Edge mitigations. This article addresses the following vulnerabilities: This includes microcode from device OEMs and, in some cases, updates to antivirus software. To get all available protections, firmware (microcode) and software updates are required. We are working closely with industry partners including chip makers, hardware OEMs, and application vendors to protect customers. ![]() We have not yet received any information to indicate that these vulnerabilities were used to attack customers. See the following sections for more details. We have also taken action to secure our cloud services. We have released several updates to help mitigate these vulnerabilities. Therefore, we advise customers to seek guidance from those vendors. Important: This issue also affects other operating systems, such as Android, Chrome, iOS, and macOS. Specific details for these silicon-based vulnerabilities can be found in the following ADVs (Security Advisories) and CVEs (Common Vulnerabilities and Exposures):ĪDV180002 | Guidance to mitigate speculative execution side-channel vulnerabilitiesĪDV180012 | Microsoft Guidance for Speculative Store BypassĪDV180013 | Microsoft Guidance for Rogue System Register ReadĪDV180016 | Microsoft Guidance for Lazy FP State RestoreĪDV180018 | Microsoft Guidance to mitigate L1TF variantĪDV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilitiesĪDV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesĬVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)ĬVE-2023-20569 | AMD CPU Return Address Predictor This article provides guidance for a new class of silicon-based microarchitectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems. Updated the "CVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)" registry sectionĪdded "CVE-2023-20569 | AMD CPU Return Address Predictor" to "Summary" sectionĪdded the "CVE-2023-20569 | AMD CPU Return Address Predictor" registry section Removed content about CVE-2022-23816 as the CVE number is unusedĪdded "Branch Type Confusion" under the "Vulnerabilities" section Corrected the MMIO information in the "Mitigation settings for Windows clients" section ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |