AMD Releases Microcode Update Mitigating Spectre Vulnerabilities
You may be concerned that the world has forgotten about Spectre - a family of critical vulnerabilities in modern CPU architectures uncovered by Google's Project Zero team - in the months following their disclosure. Early rounds of updates from Intel and AMD mitigated against some of the risk, but you would be forgiven for assuming that those updates would be the end of it (apart from bug-fixing distributions). Thankfully that's not the case, and as evidence AMD have just released an advisory on new mitigations for the Spectre Variant 2 vulnerability.
In their latest Processor Security Update released on April 10th AMD state that a new series of OS software and CPU microcode updates have been made available to Microsoft and OEM partners, helping users of Microsoft Windows harden their system against the GPZ Variant 2 (Spectre) vulnerability. Variant 1 of Spectre was addressed in an OS update earlier this year, while the third vulnerability variant known as Meltdown is believed to only affect Intel's CPU architecture.
The OS update for users running Windows 10 (version 1709) was released today, while final validation and testing is still in process for Windows Server 2016. Microcode updates are distributed via BIOS updates from partner vendors who should now be in the process of developing and testing new versions.
These updates are designed to protect CPUs going as far back as 2011's Bulldozer architecture, and not just the latest Ryzen range. They're also expressly mitigations; wholesale prevention is likely not possible without a redesign of branch prediction mechanisms used in modern CPUs. They also do not address the vulnerabilities associated with CTS-Labs revealed last month.
A whitepaper detailing the technical aspects of the mitigation steps is available here.
SOURCE: AMD Processor Security Updates.