We have not yet received any information to indicate that these vulnerabilities were used to attack customers. See the following sections for more details. We have also taken action to secure our cloud services. We have released several updates to help mitigate these vulnerabilities. Therefore, we advise customers to seek guidance from those vendors. Important: This issue also affects other operating systems, such as Android, Chrome, iOS, and macOS. Specific details for these silicon-based vulnerabilities can be found in the following ADVs (Security Advisories) and CVEs (Common Vulnerabilities and Exposures):ĪDV180002 | Guidance to mitigate speculative execution side-channel vulnerabilitiesĪDV180012 | Microsoft Guidance for Speculative Store BypassĪDV180013 | Microsoft Guidance for Rogue System Register ReadĪDV180016 | Microsoft Guidance for Lazy FP State RestoreĪDV180018 | Microsoft Guidance to mitigate L1TF variantĪDV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilitiesĪDV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesĬVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)ĬVE-2023-20569 | AMD CPU Return Address Predictor This article provides guidance for a new class of silicon-based microarchitectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems. Updated the "CVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)" registry sectionĪdded "CVE-2023-20569 | AMD CPU Return Address Predictor" to "Summary" sectionĪdded the "CVE-2023-20569 | AMD CPU Return Address Predictor" registry section Removed content about CVE-2022-23816 as the CVE number is unusedĪdded "Branch Type Confusion" under the "Vulnerabilities" section Corrected the MMIO information in the "Mitigation settings for Windows clients" section
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |