Kit Wai Chan - Fotolia

Microsoft: Windows Analytics can detect Meltdown and Spectre exposure

Microsoft says Meltdown and Spectre vulnerabilities are now being tracked by Windows Analytics, which shows users the update status for CPU microcode and OS patches.

Windows Analytics, Microsoft's tool for Windows 10 telemetry analysis, now can be used to assess enterprise systems' exposure to the Meltdown and Spectre vulnerabilities in major microprocessor architectures.

The vulnerabilities in Meltdown and Spectre are challenging to enterprises, because mitigating them requires updating the CPU firmware microcode, as well as updating the operating system running on the vulnerable hardware.

Windows Analytics now checks the status of microcode updates and reports on whether the installed firmware protects against Meltdown and Spectre vulnerabilities. For now, this status is limited to firmware security updates from Intel, but Microsoft plans to add support from other CPU vendors' data as it is made available to Microsoft. Windows Analytics will also report on Windows updates running on a system, as well as updates that have been disabled.

In addition, according to Terry Myerson, executive vice president of Microsoft's Windows and devices group, not all antivirus software is compatible with the latest updates to Windows, so the Windows Analytics tool will now report on antivirus status, as well as Windows and firmware upgrade status for monitored Windows 10 systems.

"To help IT professionals everywhere, we have added new capabilities to our free Windows Analytics service to report the status for all the Windows devices that they manage," Myerson wrote in a blog post about the change. In addition to accumulated data about update status, administrators can also drill down to specific systems to see what steps need to be taken to protect against the Meltdown and Spectre vulnerabilities. The flaws mostly affect Intel processors, though AMD and ARM processors can be affected by the Spectre attack.

Microsoft's Windows Analytics monitors Meltdown and Spectre status
Enterprises can now view the status of patches for Meltdown and Spectre vulnerabilities for systems monitored through Microsoft's Windows Analytics service. Used with permission from Microsoft.

The vulnerabilities exploit the way modern processors implement address space layout randomization and can allow the attacker to access arbitrary system memory. The vulnerabilities were made public less than a week before affected vendors intended to do a coordinated disclosure of the flaws, which were discovered last year.

Windows Analytics is a free service based on the Upgrade Analytics service for Windows 10, a tool that Microsoft introduced in 2016 for assisting in the process of upgrading older versions of Windows.

Mitigation of the Meltdown and Spectre vulnerabilities has been a challenge thus far. Intel recently asked OEM partners and customers to stop deploying a Spectre firmware update, which was causing excessive reboot issues on certain Intel chips. Microsoft later issued an out-of-band patch to disable Intel's Spectre fix.

Dig Deeper on Application and platform security

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close