AMD has released new microcode updates for mitigating variant 2 of the Spectre attack and Microsoft has released an OS update with the mitigation to AMD users running Windows 10.
As you might remember, AMD processors were found not to be vulnerable to Meltdown attacks, but they were affected by Spectre (both variants). Variant 1 necessitates application-level fixes and variant 2 (CVE-2017-5715) requires changes at the OS level.
Microsoft fixes problem for Windows 10 users
The mitigation is called indirect branch prediction barrier (IBPB), which makes the processor guarantee that older indirect branches cannot influence predictions of indirect branches in the future.
“As this restricts the processor from using all previous indirect branch information, it is intended to only be used by software when switching from one user context to another user context that requires protection, or from one guest to another guest,” AMD explained.
IBPB is the AMD recommended setting for Windows mitigation, and IBPB combined with Retpoline software support is the AMD recommended setting for Linux mitigation of the attack.
“‘Retpoline’ sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,” Google explained.
“The name ‘retpoline’ is a portmanteau of ‘return’ and ‘trampoline.’ It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will ‘bounce’ endlessly.”
Still more to come
AMD has also explained that support for these mitigations for AMD processors in Windows Server 2016 is in the final stages of validation and testing, so the updates are likely to be released soon.
Windows 10 users are advised to implement the KB4093112 update.
“In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first ‘Bulldozer’ core products introduced in 2011,” Mark Papermaster, Senior Vice President and Chief Technology Officer at AMD added.
“AMD customers will be able to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers.”
Earlier this month Intel announced that it had completed the release of microcode updates for all the microprocessors they launched in the last 9 or so years and which required Meltdown and Spectre patches. The company also said that they will not to provide microcode updates to plug Spectre and Meltdown vulnerabilities in a number of older processors.