Microsoft today addressed the critical security vulnerabilities in chipsets from some vendors and issued a patch for its Windows 10 operating system to fix the security bug. Meltdown and Spectre security vulnerabilities in chips from Intel, AMD, and ARM are affecting some PCs and smartphones.
Microsoft is also updating Edge and Internet Explorer with changes to protect users. Microsoft explains that with the use of speculative execution side-channel attacks, the vulnerabilities can be exploited when a JavaScript code is running in the browser, this allows the attackers to steal passwords.
“As part of these updates, we are making changes to the behavior of supported versions of Microsoft Edge and Internet Explorer 11 to mitigate the ability to successfully read memory through this new class of side-channel attacks,” Microsoft said in a blog post.
The company is also releasing the security fixes to Internet Explorer 11, available in Windows 8.1 and Windows 7. To address the bug, Microsoft says that it has removed the SharedArrayBuffer from Microsoft Edge, this was originally added to the operating system with the Windows 10 Fall Creators Update.
Microsoft is reducing the resolution of performance.now() in both browsers. It has been reduced from 5 microseconds to 20 microseconds in Microsoft Edge and Internet Explorer.
“We will continue to evaluate the impact of the CPU vulnerabilities published today, and introduce additional mitigations accordingly in future servicing releases,” the company said.
