ADV180016 | Microsoft Guidance for Lazy FP State Restore

    ADV180016 | Microsoft Guidance for Lazy FP State Restore

    ADV180016 | Microsoft Guidance for Lazy FP State Restore

    Security Advisory

    Last Updated: 19 Jul 2018 at 21:58

    Executive summary

    On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On June 13, 2018, an additional vulnerability involving side channel speculative execution, known as Lazy FP State Restore, has been announced and assigned CVE-2018-3665.

    An attacker, via a local process, could cause information stored in FP (Floating Point), MMX, and SSE register state to be disclosed across security boundaries on Intel Core family CPUs through speculative execution. An attacker must be able to execute code locally on a system in order to exploit this vulnerability, similar to the other speculative execution vulnerabilities. The information that could be disclosed in the register state depends on the code executing on a system and whether any code stores sensitive information in FP register state.

    The security boundaries that may be affected by this vulnerability include virtual machine, kernel, and process.

    Recommended actions

    1. Register for security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
    2. Review INTEL-SA-00145
    3. Apply security updates when they become available in a future Update Tuesday.

    FAQ

    1. Is Lazy restore enabled by default and can it be disabled?
    Lazy restore is enabled by default in Windows and cannot be disabled.

    2. Are VMs in Azure affected?
    Customers running VMs in Azure are not at risk from this variant. No action is required.

    3. What is the CVSS value for this vulnerability?
    CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

    Affected Products

    The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

    Product Platform Article Download Impact Severity Supersedence
    Windows 10 for x64-based Systems 4338829 Security Update Information Disclosure Important 4284860
    Windows 8.1 for x64-based systems 4338815 Monthly Rollup Information Disclosure Important 4284815
    4338824 Security Only
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 4338818 Monthly Rollup Information Disclosure Important 4284826
    4338823 Security Only
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4338818 Monthly Rollup Information Disclosure Important 4284826
    4338823 Security Only
    Windows Server 2012 4338830 Monthly Rollup Information Disclosure Important 4284855
    4338820 Security Only
    Windows Server 2012 (Server Core installation) 4338830 Monthly Rollup Information Disclosure Important 4284855
    4338820 Security Only
    Windows Server 2012 R2 4338815 Monthly Rollup Information Disclosure Important 4284815
    4338824 Security Only
    Windows Server 2012 R2 (Server Core installation) 4338815 Monthly Rollup Information Disclosure Important 4284815
    4338824 Security Only

    Mitigations

    Microsoft has not identified any mitigating factors for this vulnerability.

    Workarounds

    Microsoft has not identified any workarounds for this vulnerability.

    Acknowledgements

    Microsoft would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival for reporting this issue and working with us on coordinated disclosure.

    See acknowledgements for more information.

    Disclaimer

    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions

    Version Date Description
    1.0 06/13/2018 Information published.
    2.0 07/10/2018 Microsoft is announcing that the Windows security updates released on July 10, 2018 provide mitigations for CVE-2018-3665 - Lazy FP State Restore. These updates are available for Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and x64-based versions of Windows 8.1 and Windows 10. See the Affected Products table to download and install the security updates.
    2.1 07/16/2018 Removed Windows 10 version 1511 for 32-bit Systems and Windows 10 Version 1511 for x64-based Systems from the Affected Products table. This is an informational change only.
    3.0 07/19/2018
    To address a known issue in the security updates released on July 10, Microsoft is releasing Alternate Cumulative update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.







    Source: https://portal.msrc.microsoft.com/en...sory/ADV180016

    See also: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-3665
    Brink's Avatar Posted By: Brink
    13 Jun 2018


  1. Posts : 349
    Windows 10
       #1

    Supposedly this vulnerability (which is related to Meltdown) has been known about for years, and the Linux kernel was quietly patched two years ago.

    https://www.zdnet.com/article/anothe...le-lazy-state/
    Last edited by Ground Sloth; 14 Jun 2018 at 05:58.
      My Computer


  2. Posts : 27,166
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #2

    New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs
    Thankfully, researchers stated that this vulnerability would be difficult to execute via a web browser, so its impact is less than previous speculative execution vulnerabilities such as Meltdown. You can read more about the technical aspects of this vulnerability in this Twitter thread by Colin Percival.

    Click for full thread


    Intel has told BleepingComputer that this vulnerability has been addressed by oeprating system and hypervisor software for many years:

    "This issue, known as Lazy FP state restore, is similar to Variant 3a. It has already been addressed for many years by operating system and hypervisor software used in many client and data center products. Our industry partners are working on software updates to address this issue for the remaining impacted environments and we expect these updates to be available in the coming weeks. We continue to believe in coordinated disclosure and we are thankful to Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival for reporting this issue to us. We strongly encourage others in the industry to adhere to coordinated disclosure as well."

    The good news is that this vulnerability does not require new CPU microcodes from Intel, but can be fixed instead by operating system updates. Since Intel's advisory was posted, various Linux distributions and Microsoft have posted advisories related to this new vulnerability.
      My Computers


  3. Posts : 1,560
    Windows 10 Home 20H2 64-bit
       #3

    Meanwhile at the Intel Security Lab:

      My Computer


  4. Posts : 68,668
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #4

    First post updated.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:42.
Find Us




Windows 10 Forums