Microsoft Advisory for Microsoft Windows

Description

On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21st, a new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639.

An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability. In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of CVE-2018-3639. However, Microsoft Edge, Internet Explorer, and other major browsers have taken steps to increase the difficulty of successfully creating a side channel.

Original advisories

• ADV180012

Related products

• Microsoft-Windows
• Microsoft-Windows-Server

CVE list

KB list

• 4467680
• 4467708
• 4467691
• 4467702
• 4467686
• 4467696
• 4480963
• 4480964
• 4480972
• 4480975

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com