Microsoft tries again with Spectre fix for Windows

Microsoft has released a revised fix for the Meltdown and Spectre processor vulnerabilities in 32-bit versions of Windows 10 as part of its monthly patch bundle.

Microsoft had to disable its earlier revision of the Spectre patch in January due to system instability, data loss and rebooting caused by bugs in the Intel-supplied processor microcode firmware.

It has now provided a new version of the patch for 32-bit Windows 10 on Intel x86 systems.

The patches are numbered 4074596 for Windows 10, 4074591 for Windows 10 version 1511, 4074590 for Windows 10 version 1607, and 4074592 for Windows 10 version 1703.

"Microsoft recommends that customers running 32-bit systems install the applicable update as soon as possible," the company said.

Patches for other versions of 32-bit Windows are in the works, but Microsoft said it does not yet have a release schedule.

Intel has released revised production microcode to address the vulnerabilities in 22 processor families at the time of writing [pdf]. Microcode for a further 53 Intel processor families is in either planning or beta stage.

Fixing the Meltdown and Spectre vulnerabilities - which can be exploited to read system memory - has been problematic for Microsoft and its hardware partners.

Apart from the problems with Intel's microcode, Microsoft had to block patches for systems with certain AMD processors after the fixes rendered them unbootable.

AMD and Microsoft devised a fix for the problem, and the patches were reissued on January 19 this year. Microsoft did however warn that applying the patches would slow down customer systems to a varying degree.

"In testing Microsoft has seen some performance impact with these mitigations. For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer," the company said at the time.

Microsoft's February set of patches also contains a fix for an Adobe Flash Player zero-day that appears to have been deployed by North Korean government hackers against targets in South Korea.