Microsoft has released another security patch against ‘Spectre variant 2’ bug found on Intel chips. The out-of-band update, KB4078130, is meant for Windows 7 (SP1), Windows 8.1, and Windows 10.

Intel has reported issues with recently released microcode meant to address ‘Spectre variant 2’ termed as ‘CVE 2017-5715 Branch Target Injection’.

The chipmaker noted that this microcode can cause “higher than expected reboots and other unpredictable system behaviour,” adding that situations like this may result in “data loss or corruption”.

“While Intel tests, updates and deploys new microcode, we are making available an out of band update ‘KB4078130’ that specifically disables only the mitigation against CVE-2017-5715 – Branch target injection vulnerability,” Microsoft wrote on its support page on Sunday.

“Our own experience is that system instability can in some circumstances cause data loss or corruption. In our testing this new update has been found to prevent the behaviour described,” Microsoft said.

Microsoft is also offering a new option – available for advanced users on impacted devices – to manually disable and enable the mitigation against Spectre variant 2 (CVE 2017-5715) independently via registry setting changes.

“As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers,” the support page added.

After chipmaker Intel confirmed a potential security flaw in its chips, Microsoft issued emergency updates to supported versions of Windows earlier this month.

Intel had confirmed two security flaws – Meltdown and Spectre – in its chips that were vulnerable to hacking.

Intel CEO Brian Krzanich later allayed fears of any data breach.

Addressing the gathering at his keynote address at CES 2018 earlier this month, Krzanich said: “Our primary goal has been to keep our customers safe. We have not received any information that these exploits have been used to obtain customers’ data.”

The Intel CEO urged everyone to patch their systems as soon as these are available.


Written with inputs from IANS

Source link