New CPU Microcode Updates for Intel Processors

Intel has released a new round of CPU microcode updates that address the Spectre variant #2 CPU vulnerability that now include older processor microarchitectures (all the way back to Haswell). There is always a delay between when Intel makes these updates available and when the system vendors and motherboard manufacturers do their validation and release […]

Checking Your SQL Server Instance for Spectre/Meltdown Patches

If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list: SQL Server Guidance […]

Checking Your Intel Processor Features Regarding the Meltdown Exploit

By now, you have probably heard plenty about the Spectre and Meltdown exploits that affect many modern processors. The Meltdown exploit (CVE-2017-5754) in particular only affects Intel processors. Microsoft has already patched most of their client and server operating systems to mitigate against Meltdown. Depending on the exact model of Intel processor you are using, […]

Performance Effects of Meltdown and Partial Spectre Fixes on Intel Core i7-7500U Laptop

I have a fairly recent vintage HP Spectre x360-13w023dx laptop (slightly over a year old) that has an Intel Core i7-7500U (Kaby Lake-U) processor, 16GB of DDR4 RAM, and a 512GB Samsung PM961 M.2 NVMe SSD that is running Windows 10 Professional Version 1709. Last night, I installed the Windows 10 January 2018 Security Update […]

Checking Your Meltdown and Spectre Mitigation Status in Windows

As I have previously discussed, there has been an explosion of information and speculation about the Spectre and Meltdown vulnerabilities. Here is the official information about all three vulnerabilities. Spectre CVE-2017-5753 (Bounds Check Bypass) CVE-2017-5715 (Branch Target Injection) Meltdown CVE-2017-5754 (Rogue Data Cache Load) Checking Your Meltdown and Spectre Mitigation Status in Windows Microsoft has […]

Microsoft SQL Server Updates for Meltdown and Spectre Exploits

Over the last couple of days, you have probably heard quite a bit of chatter and speculation about some newly disclosed ways to attack various processors. The initial reports were that only Intel processors were affected, but some sources indicate that some AMD and ARM processors are also vulnerable. Security researchers at Graz University (who […]

Guidance for WannaCrypt/WannaCry Attacks

There has been quite a bit of media coverage about the WannaCrypt/WannaCry ransomware over the past several days. Microsoft has a new page with information about this particular issue and steps that can be taken to protect your systems. I have also collected some more detailed background information about this and about SQL Server security […]