After the Spectre and Metldown vulnerabilities discovered in the Intel micro processing chips widely used in computing devices, Foreshadow has come forth as the latest fundamental design induced vulnerability that plagues the Intel chip range. Although the vulnerabilities cannot be resolved as they arise from core concerns in the way that the chips are hardwired, mitigation techniques and security definitions have been constantly released by Microsoft and Intel to cope with the risks and consequences posed. In line with this, Microsoft has just released a set of standalone patches specifically designed to counter the Spectre and Foreshow vulnerabilities in Windows 10.
A statement from the Redmond blog explains that “This update is a stand-alone update targeted for Windows 10 version 1803 (Windows 10 April 2018 Update) and Windows Server Version 1803 (Server Core). This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM). We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft.” The update is found to be for a variety of Intel processors ranging from the 2012 Ivy Lake setup to the most recent eighth generation processing system.
According to the information released by Microsoft on the matter, in Windows 10, in addition to the application of the patch update, Spectre variant 2 mitigation must be enabled from the registry menu for it to take action. After the release of research notes on the latest Foreshadow vulnerability, Intel reversed the techniques seen in the log of Foreshadow exploits to release an update for Windows 10 which counters them.
While in most cases such critical updates are installed automatically and deliberately by Microsoft through the mandatory Windows updates which are checked for and received in real time as Microsoft pushes them out. The updates are set to release this way for private users only though. For companies that have mass setups for IT management and integration, the updates will be released for manual application with severe warning and request for immediate action by administrators to secure their enterprise networks.