Microsoft has released new updates for Windows 10 users. The updates are the Retpoline mitigations against Spectre variant 2 attacks.
Reckoning Spectre attack - The Spectre attack first came into the light in January 2018. It is a side-channel attack that impacts most modern processors such as Intel, AMD, and ARM. The attack (CVE-2017-5753 and CVE-2017-5715) could allow attackers to bypass memory isolation mechanisms and access data from other applications including password managers, web browsers, documents, emails, instant messaging data and more.
The Spectre attack works on almost every system including desktops, laptops, cloud servers, and smartphones.
Over the course of the last year, researchers detected multiple variants of the attacks. This included Spectre Variant 1 – CVE-2017-5753 and Variant 2 – CVE-2017-5715.
A fix for Windows 10 OS - Microsoft started rolling out new updates for Windows 10 users to enable Google’s Retpoline mitigations for Spectre variant 2 attacks. Although the Retpoline mitigations were already included in Windows 10 since early 2018, they were disabled on production builds. The company is enabling Retpoline performance benefits only in Windows 10, version 1809 and Windows Server 2019, all versions.
“While Retpoline is currently disabled by default on production Windows 10 client devices, we have backported the OS modifications needed to support Retpoline so that it can be used with Windows 10, version 1809 and have those modifications in the March 1, 2019 update (KB4482887),” Microsoft explained.
The software giant plans to enable Retpoline mitigations via cloud configuration over the next months.