Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel vulnerabilities

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel vulnerabilities



Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as 'speculative execution side-channel attacks' that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run code on the system to leverage these vulnerabilities. Microsoft has released updates to help mitigate these vulnerabilities. To get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs and in some cases updates to AV software as well. In some cases, installing these updates will have a performance impact. We have also taken action to secure our cloud services. Microsoft has no information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. Please review Microsoft Security Advisory ADV180002 for more details.


  • msft-adv180002_general_remediation_steps

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center