AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates.
Updates are available for products released as far as 2011, for the first processors of the Bulldozer line.
Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Similar OS-level updates have been released for Linux users earlier this year.
Yesterday’s microcode patches announcement is AMD keeping a promise it made to users in January, after the discovery of the Meltdown and Spectre (v1 and v2) vulnerabilities.
Back then, AMD said its products were not affected by the Meltdown vulnerability, said that Spectre v1 mitigations can be delivered via OS updates, and promised microcode updates to fully mitigate the Spectre v2 flaw on top of OS-level patching.
Initial attempts to patch Spectre v1 and v2 via a Windows update hit a snag when Microsoft paused their rollout for two weeks after initial fixes plunged users’ AMD-based PCs into crashes and unbootable states. Microsoft eventually resumed the patching process after working with AMD to fix the initial patch.
The KB4093112 update included in the April 2018 Patch Tuesday contains additional Spectre v2 mitigations, not included with the original January 2018 Patch Tuesday release, which AMD deems necessary to completely mitigate Spectre v2.
“These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows,” said Mark Papermaster, AMD CTO.