| Description: | An information disclosure vulnerability exists when certain central
processing units (CPU) speculatively access memory. An attacker who
successfully exploited the vulnerability could read privileged data
across trust boundaries. To exploit this vulnerability, an attacker
would have to log on to an affected system and run a specially crafted
application. The vulnerability would not allow an attacker to elevate
user rights directly, but it could be used to obtain information that
could be used to try to compromise the affected system further. On
January 3, 2018, Microsoft released an advisory and security updates
related to a newly-discovered class of hardware vulnerabilities (known
as Spectre) involving speculative execution side channels that affect
AMD, ARM, and Intel CPUs to varying degrees. This vulnerability,
released on August 6, 2019, is a variant of the Spectre Variant 1
speculative execution side channel vulnerability and has been assigned
CVE-2019-1125. Microsoft released a security update on July 9, 2019
that addresses the vulnerability through a software change that
mitigates how the CPU speculatively accesses memory. Note that this
vulnerability does not require a microcode update from your device
OEM.
|
