AMD, Microsoft patch 'variant two' Spectre chip flaw

AMD has released microcode updates to server and PC makers that, together with a MIcrosoft operating system patch, are designed to address variant two of the Spectre chip flaws.

The chipmaker’s CTO Mark Papermaster said that while the company “believed it is difficult to exploit variant two on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk.”

The microcode updates have been released to server and PC makers as well as motherboard providers.

They cover AMD processors dating back to the first “Bulldozer” core products introduced in 2011.

Papermaster advised end users to “to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers.”

Users will also need to run an updated version of Windows.

“Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today,” Papermaster said.

“Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.”

AMD published a white paper [pdf] describing how it addressed the variant two flaws through the microcode update.

CPU vulnerabilities that were given the codenames Meltdown and Spectre were discovered by Google Project Zero researchers and made public in the first few days of 2018.

The industry - both those making hardware and software - has, at times, struggled with mitigations to the flaws.

Computers running older AMD CPUs were at one stage bricked by a Microsoft operating system update.

Intel has developed firmware updates for a range of processors.

Microsoft is also offering bug bounties for a limited time to security researchers who uncover more speculative execution side channel vulnerabilities like Spectre and Meltdown.