Spectre and AMD logos

AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates.

Updates are available for products released as far as 2011, for the first processors of the Bulldozer line.

Microcode updates come with additional Windows Update

Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Similar OS-level updates have been released for Linux users earlier this year.

Yesterday's microcode patches announcement is AMD keeping a promise it made to users in January, after the discovery of the Meltdown and Spectre (v1 and v2) vulnerabilities.

Back then, AMD said its products were not affected by the Meltdown vulnerability, said that Spectre v1 mitigations can be delivered via OS updates, and promised microcode updates to fully mitigate the Spectre v2 flaw on top of OS-level patching.

Initial attempts to patch Spectre v1 and v2 via a Windows update hit a snag when Microsoft paused their rollout for two weeks after initial fixes plunged users' AMD-based PCs into crashes and unbootable states. Microsoft eventually resumed the patching process after working with AMD to fix the initial patch.

AMD views KB4093112 as must-install

The KB4093112 update included in the April 2018 Patch Tuesday contains additional Spectre v2 mitigations, not included with the original January 2018 Patch Tuesday release, which AMD deems necessary to completely mitigate Spectre v2.

"These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows," said Mark Papermaster, AMD CTO.

AMD has also released a technical whitepaper that detail its Spectre v2 mitigation efforts.

The company is still preparing patches for the RyzenFall, MasterKey, Fallout, and Chimera vulnerabilities that came to light last month, considered less dangerous and easier to fix than the Meltdown and Spectre flaws.

Related Articles:

Windows 10 KB4100347 Intel CPU Update Causing Boot Issues & Pushed to AMD Users

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

Backdoor Mechanism Discovered in VIA C3 x86 Processors

New NetSpectre Attack Can Steal CPU Secrets via Network Connections

Researchers Detail New CPU Side-Channel Attack Named SpectreRSB