News has certainly been coming thick and fast with regards to how "speculative execution side-channel attacks" can be leveraged on systems built with modern processors and operating systems. While industry partners had been working on developing the corresponding mitigations for the critical hardware-based flaw, which could not be delivered as a microcode update, the issue was substantial enough to prompt Microsoft to release the patch yesterday, ahead of next week's scheduled Patch Tuesday.
While operating system patches are an important measure, Microsoft has also taken steps to thwart JavaScript-originating attacks via its Internet Explorer and Edge browsers. Specifically, support for SharedArrayBuffer objects, used to share memory between agents, was removed from the former after having just been introduced in the Windows 10 Fall Creators Update. The other change, affecting both browsers, saw the resolution of the performance.now() method reduced from 5 microseconds to 20 microseconds with up to an additional 20 microseconds of variable jitter introduced to the returned timestamp value.
With respect to these changes, John Hazen, Principal PM Lead, Microsoft Edge said that:
"These two changes substantially increase the difficulty of successfully inferring the content of the CPU cache from a browser process.
We will continue to evaluate the impact of the CPU vulnerabilities published today, and introduce additional mitigations accordingly in future servicing releases. We will re-evaluate SharedArrayBuffer for a future release once we are confident it cannot be used as part of a successful attack."
The corresponding security updates have been released by the company for the Windows 10 Fall Creators Update (Version 1709), Creators Update (Version 1703), and the original version of Windows 10 (Version 1507).
Source: Microsoft
2 Comments - Add comment