You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/virtual-machines-common-mitigate-se.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,13 +5,13 @@
5
5
author: cynthn
6
6
ms.service: virtual-machines
7
7
ms.topic: include
8
-
ms.date: 08/08/2019
8
+
ms.date: 11/12/2019
9
9
ms.author: cynthn;kareni
10
10
ms.custom: include file
11
11
---
12
12
13
13
14
-
**Last document update**: 9 August 2019 10:00 AM PST.
14
+
**Last document update**: 12 November 2019 10:00 AM PST.
15
15
16
16
The disclosure of a [new class of CPU vulnerabilities](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002) known as speculative execution side-channel attacks has resulted in questions from customers seeking more clarity.
17
17
@@ -24,11 +24,8 @@ More information about how security is integrated into every aspect of Azure is
24
24
> [!NOTE]
25
25
> Since this document was first published, multiple variants of this vulnerability class have been disclosed. Microsoft continues to be heavily invested in protecting our customers and providing guidance. This page will be updated as we continue to release further fixes.
26
26
>
27
-
> On May 14, 2019, [Intel disclosed](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html) a new set of speculative execution side channel vulnerability known as Microarchitectural Data Sampling (MDS see the Microsoft Security Guidance [ADV190013](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013)), which has been assigned multiple CVEs:
28
-
> -CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
29
-
> -CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
30
-
> -CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
31
-
> -CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
27
+
> On November 12, 2019, Intel published a technical advisory around Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort (TAA) vulnerability that is assigned [CVE-2019-11135](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135). Microsoft has released updates to help mitigate this vulnerability and the OS protections are enabled by default for Windows Client OS Editions.
28
+
32
29
>
33
30
> This vulnerability affects Intel® Core® processors and Intel® Xeon® processors. Microsoft Azure has released operating system updates and is deploying new microcode, as it is made available by Intel, throughout our fleet to protect our customers against these new vulnerabilities. Azure is closely working with Intel to test and validate the new microcode prior to its official release on the platform.
34
31
>
@@ -99,6 +96,7 @@ Windows OS support for kernel VA shadow is enabled: True
99
96
Windows OS support for speculative store bypass disable is enabled system-wide: False
100
97
Windows OS support for L1 terminal fault mitigation is enabled: True
101
98
Windows OS support for MDS mitigation is enabled: True
99
+
Windows OS support for TAA mitigation is enabled: True
102
100
```
103
101
104
102
If the output shows `MDS mitigation is enabled: False`, please [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) for available mitigation options.
@@ -177,6 +175,8 @@ This article provides guidance to the below speculative execution side-channel a
177
175
-CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
178
176
-CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
0 commit comments