Microsoft logo

A month after details about the "Lazy FP State Restore" Intel CPU bug surfaced online, Microsoft has rolled out patches to fix this vulnerability at the operating system's level.

Microsoft rolled out the patches part of its regular Patch Tuesday security updates, which the company released this week, on July 10.

Patches for this bug are now available for Windows 10, 8.1, 7, and Windows Server 2012 R2, 2012, 2008 R2, according to the table embedded at the bottom of this story.

Microsoft delivers on its promise

The Lazy FP State Restore vulnerability, also known as Lazy FPU, is a vulnerability that was disclosed in mid-June, and which affects all Intel Core-based microprocessors. For in-depth details about this bug, you can check out our previous article, or Red Hat's technical analysis here.

In a simple description, the bug affects the CPU code that handles floating point numbers, and when exploited, it can allow a malicious program to read data being used by other processes.

When details about this vulnerability became public last month, most vendors had already fixed the issue in their code years before, while others released patches with their own fixes.

The only vendors whose OS and hypervisor software was vulnerable were Red Hat and Microsoft. At the time, Microsoft promised to release patches to address the issue, a promise it fulfilled earlier this week. Red Hat released some patches shortly after the disclosure, and published others today as well.

Product
Article
Download
Impact
Severity
Supersedence
Windows 10 for x64-based Systems 4338829 Security Update Information Disclosure Important 4284860
Windows 8.1 for x64-based systems 4338815 Monthly Rollup Information Disclosure Important 4284815
4338824 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4338818 Monthly Rollup Information Disclosure Important 4284826
4338823 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4338818 Monthly Rollup Information Disclosure Important 4284826
4338823 Security Only
Windows Server 2012 4338830 Monthly Rollup Information Disclosure Important 4284855
4338820 Security Only
Windows Server 2012 (Server Core installation) 4338830 Monthly Rollup Information Disclosure Important 4284855
4338820 Security Only
Windows Server 2012 R2 4338815 Monthly Rollup Information Disclosure Important 4284815
4338824 Security Only
Windows Server 2012 R2 (Server Core installation) 4338815 Monthly Rollup Information Disclosure Important 4284815
4338824 Security Only

Related Articles:

Windows 10 KB4100347 Intel CPU Update Causing Boot Issues & Pushed to AMD Users

Microsoft September 2018 Patch Tuesday Fixes 16 Critical Vulnerabilities

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Researchers Detail New CPU Side-Channel Attack Named SpectreRSB