AMD And Microsoft Release Spectre Fixes

AMD and Microsoft have released microcode and operating system updates that add protections against the Spectre attacks for Windows systems with AMD processors.

When the Meltdown and Spectre attacks were disclosed in January, AMD said its chips were affected less severely than those from Intel, but the company promised to release patches nevertheless.

Meltdown attacks don’t affect AMD chips due to their design, and Spectre Variant 1 can be addressed with operating system updates that have already been made available.

Spectre Variant 2 can be addressed through a combination of operating system and microcode patches, which have been released this week.

Attack protection

“While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk,” said AMD chief technology officer Mark Papermaster in an official update.

AMD said it has developed microcode updates for its processors back to the Bulldozer core in 2011. Users can obtain the patches from manufacturers in the form of BIOS updates.

The chip company published a document detailing a feature called indirect branch control that it uses to mitigate attacks along the lines of Spectre Variant 2, called indirect branch target injection attacks.

Microsoft included fixes for Spectre Variant 2 on AMD systems in Windows 10 updates released this week. The patches are currently in testing for Windows Server 2016 and will become available once they’ve been validated.

The software company began releasing Spectre patches for AMD systems shortly after the issues were disclosed, but had to release a new round of patches in February after the earlier updates stopped some systems from booting.

Papermaster said AMD has provided mitigations for Spectre Variant 2 to Linux developers and those fixes have already been released to distribution.

AMD hasn’t yet released patches for the Ryzenfall, Masterkey, Fallout, and Chimera vulnerabilities disclosed in an unusual publicity campaign in March.

Do you know all about security? Try our quiz!