Vulnerability & Exploit Database

Back to search

Microsoft ADV180002: Vulnerability in CPU Microcode Could Allow Information Disclosure

Severity CVSS Published Added Modified
5 (AV:L/AC:M/Au:N/C:C/I:N/A:N) January 08, 2018 January 08, 2018 January 10, 2018

Description

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. At the time of publishing, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers. Please review Microsoft Security Advisory ADV180002 for more details. This advisory addresses the following vulnerabilities: CVE-2017-5715 - Bounds check bypass CVE-2017-5753 - Branch target injection CVE-2017-5754 - Rogue data cache load'   CVE-2017-5715/CVE-2017-5753 are collectively known as Spectre CVE-2017-5754 is known as Meltdown

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

msft-kb4056568-1c7569ec-06a3-486e-8707-73816e2fd932

Related Vulnerabilities