Intel have disclosed there is a serious security flaw in most of their processors manufactured since 2015.
This security flaw is very similar to the Spectre and Meltdown issues that were disclosed at the start of 2018.
Intel has been working with software and hardware manufacturers to release patches to mitigate this issue.
Microsoft have released the following recommended actions
- The best protection is to keep your computers up to date.
- Enterprise customers should:
- Inventory the processors in use across the enterprise to determine risk exposure and help inform the required protections for L1TF.
- Inventory the use of Virtualization Based Security (VBS) across the enterprise and especially in client systems to help inform the required protections.
- Evaluate the risk posed by L1TF to enterprise environments. In general terms, any system that was deemed to need protection for CVE-2017-5715 (Spectre Variant 2, Branch Target Injection) would need protection for L1TF.
- Verify the status of protection for CVE-2018-3620 using the PowerShell script Get-SpeculationControlSettings
As with Meltdown and Spectre the mitigation measures will have performance impacts in Virtual environments so please assess this before applying patches to production servers.
For more technical information on affected hardware and official Security advisories please see the following links