Microsoft fixes vulnerabilities in Office, Adobe, Windows

Krzanich's talk on "How Data is Shaping Innovation of the Future" covered the gamut of applications being enabled by advanced computing that can quickly handle huge volumes of data.

AMD itself, however, has now started delivering a fix to PC and motherboard OEMs to push out to their clients.

Microsoft said it is working with AMD to resolve the issues with the Meltdown and Spectre patches as soon as possible.

AMD's statement from Senior Vice President and Chief Technology Officer, Mark Papermaster, follows...

It said the impact of the patch, designed to prevent the bug accessing potentially sensitive data, should not be significant for "average computer users".

With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.

Spectre breaks the isolation between different applications. Updates are also available for older and supported versions of Windows online, although systems like Windows 7 or Windows 8 will not be automatically updated through Windows Update, one will have to do it manually. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical.

The Wall Street Journal even reported that the firm is advising some of its customers to hold off installing patches for the processor security flaw, which was revealed at the beginning of the month. For the latest details, please see Microsoft's website.

The microcode updates are for computers running Linux, which can apply the patches after the operating system has booted up.

Who is impacted by Meltdown & Spectre? This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Spectre, meanwhile, requires more direct access to the microchip, but affects central processing units from Intel, Advanced Micro Devices Inc and SoftBank Group Corp's ARM.

Nvidia graphics processing units are not, in fact, affected by the Spectre flaw present in nearly all computer, tablet, and phone CPUs, the company said on Wednesday. "We will then focus on issuing updates for older products as prioritised by our customers", Krzanich noted.

There have also been questions about GPU architectures.

"Nvidia is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels", said Nvidia in its advisory.

  • Buena Jesus