How to update Windows 10 for side channel vulnerability fixes

Since Spectre and Meltdown were discovered in 2018, other side channel vulnerabilities have emerged. These are the mitigations to consider for each of them.

In January 2018, security news media was abuzz over a new class of vulnerability called side channel vulnerabilities. Spectre, Meltdown and Foreshadow are some of the best known. They exploit weaknesses in speculative execution in microprocessors to leak unauthorized information. Side channel vulnerabilities allow attackers to bypass account permissions, virtualization boundaries and protected memory regions.

Patching these vulnerabilities is not easy. They are mitigated by a combination of patches from both the chipset vendor and the operating system provider. Worse, there is often a noticeable performance hit after installing these updates. Because of this, many of the updates can be disabled selectively. In fact, many of these updates are not enabled by default on servers, whereas they are on workstations. The theory is that you are willing to suffer a bit of performance impact on workstations whereas you wouldn’t be as willing to do so on a server.

I find that I need to review the patching status of whatever latest side channel vulnerability has come out. Recently the NSA provided updated guidance for the current state of these vulnerabilities that also pointed to an excellent recap on the GitHub site.

What are the side channel vulnerabilities?

In January 2018, the first two side channel vulnerabilities came out:

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!