Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.
Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS. Therefore, we advise customers to seek guidance from those vendors.
Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more details.
Microsoft has yet not received any information to indicate that these vulnerabilities have been used to attack customers. Microsoft is working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.