Today, Microsoft released a patch to users running Windows 10 build 16299 "Fall Creators Update". The update package KB4090007 in intended to improve device protection against the Meltdown and Spectre flaws.
This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) and Windows Server version 1709 (Server Core). This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). The update is intended to protect customers against the Meltdown and Spectre flaws.
If you are not aware about the Meltdown and Spectre vulnerabilities, we have covered them in detail in these two articles:
- Microsoft is rolling out emergency fix for Meltdown and Spectre CPU flaws
- Here are Windows 7 and 8.1 fixes for Meltdown and Spectre CPU flaws
In short, both Meltdown and Spectre vulnerabilities allow a process to read the private data of any other process, even from outside a virtual machine. This is possible due to Intel's implementation of how their CPUs prefetch data. This cannot be fixed by patching the OS only. The fix involves updating the OS kernel, as well as a CPU microcode update and possibly even a UEFI/BIOS/firmware update for some devices, to fully mitigate the exploits.
Recent research indicates that ARM64 and AMD CPUs are affected as well by the Spectre vulnerability, related to speculative execution.
You can download the update from here:
Also, ensure that mitigation against Spectre Variant 2 is enabled through the registry settings documented in the following articles on Microsoft's web site:
- Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
- Windows Server Guidance to protect against speculative execution side-channel vulnerabilities