AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Intel fails out to spectre meltdown1/2/2024 ![]() ![]() Windows Server customers, running either on-premises or in the cloud, also need to evaluate whether to apply additional security mitigations within each of their Windows Server VM guest or physical instances. This means that other customers running on Azure cannot attack your VMs or applications using these vulnerabilities. If you are running on Azure, you do not need to take any steps to achieve virtualized isolation as we have already applied infrastructure updates to all servers in Azure that ensure your workloads are isolated from other customers running in our cloud. For on-premises servers, this can be done by applying the appropriate microcode update to the physical server, and if you are running using Hyper-V updating it using our recent Windows Update release. Silicon Microcode Update ALSO Required on HostĬompiler change recompiled binaries now part of Windows UpdatesĮdge & IE11 hardened to prevent exploit from JavaScriptĬalling new CPU instructions to eliminate branch speculation in risky situationsīecause Windows clients interact with untrusted code in many ways, including browsing webpages with advertisements and downloading apps, our recommendation is to protect all systems with Windows Updates and silicon microcode updates.įor Windows Server, administrators should ensure they have mitigations in place at the physical server level to ensure they can isolate virtualized workloads running on the server. In partnership with our silicon partners, we have mitigated those through changes to Windows and silicon microcode. What Steps Should I Take to Help Protect My System?Ĭurrently three exploits have been demonstrated as technically possible. In an environment where multiple servers are sharing capabilities (such as exists in some cloud services configurations), these vulnerabilities could mean it is possible for someone to access information in one virtual machine from another. These attacks extend into browsers where malicious JavaScript deployed through a webpage or advertisement could access information (such as a legal document or financial information) across the system in another running software program or browser tab. On a phone or a PC, this means malicious software could exploit the silicon vulnerability to access information in one software program from another. 3, security researchers publicly detailed three potential vulnerabilities named “Meltdown” and “Spectre.” Several blogs have tried to explain these vulnerabilities further - a clear description can be found via Stratechery. In this blog, I’ll describe the discovered vulnerabilities as clearly as I can, discuss what customers can do to help keep themselves safe, and share what we’ve learned so far about performance impacts. We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure. Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers.
0 Comments
Read More
Leave a Reply. |