Microsoft Guidance for Rogue System Register Read

ADV180013

Security Advisory

Released: May 21, 2018

Last updated: Nov 13, 2018

Assigning CNA: Microsoft

Executive Summary

On January 3, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees.  On May 21, 2018, Intel announced the Rogue System Registry Read vulnerability and assigned CVE-2018-3640.

An attacker who has successfully exploited this vulnerability could then bypass Kernel Address Space Layout Randomization (KASLR) protections. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The mitigation for this vulnerability is exclusively through a microcode/firmware update, and there is no additional Microsoft Windows operating system update.

Recommended Actions

To protect your system from this vulnerability, Microsoft recommends that you take the following actions:

Register for Security Update email alerts to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications
Deploy updated microcode when it becomes available. Surface customers will receive updated microcode in the form of a firmware update through Windows Update.  For third party OEM device hardware, we recommend customers check with their device manufacturer for microcode/firmware updates. For a list of OEM manufacturer websites see Microsoft Knowledge Base article 4073757.

References

See the following links for further information related to CVE-2018-3640:

Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

FAQ

1. When will the firmware updates be available?

If you have a non-Microsoft device, we suggest contacting your OEM for ths information. For Microsoft devices, we will amend this advisory when microcode/firmware updates become available. Additionally, we will notify customers via security notification service email. To sign up for this notification email see Microsoft Technical Security Notifications.

2. Will there be updates for Windows operating systems?

There is no software mitigation needed. The mitigation for this issue is exclusively a processor microcode/firmware update. Affected users should contact their hardware vendor for these updates.

3. Where can I find information regarding the Speculative Store Bypass (SSB) vulnerability CVE-2018-3639?

For information about CVE-2018-3639, see ADV180012 | Microsoft Guidance for Speculative Store Bypass.

4. Where can I finder further information on Microsoft guidance for Spectre and Meltdown vulnerabilities? 

See ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities.

Exploitability

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly disclosed: No
Exploited: No
Exploitability assessment: Exploitation Less Likely

Acknowledgements

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgements for more information.

Security Updates

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.

Release date Descending

Release date

Product

Platform

Impact

Max Severity

Article

Download

Build Number

May 21, 2018

Surface Pro with Advanced LTE Model 1807

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Surface Pro Model 1796

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Pro 3

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Laptop

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Book 2

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Book

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Pro 4

Security Feature Bypass

Important

4073065

Update history

May 21, 2018

Microsoft Surface Studio

Security Feature Bypass

Important

4073065

Update history

All results loaded

Loaded all 8 rows

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

version

revisionDate

description

5.0

Nov 13, 2018

The following updates have been made to this advisory: 1. Microsoft is announcing the availability of updates for Surface Book that address the Rogue System Registry Read (CVE-2018-3640) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information. 2. In the Security Updates table, the Article and Download links have been corrected.

4.0

Sep 13, 2018

Microsoft is announcing the availability of updates for Surface Studio that address the Rogue System Registry Read (CVE-2018-3640) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information.

3.0

Aug 8, 2018

Microsoft is announcing the availability of updates for Surface Book 2 and Surface Pro 3 that address the Rogue System Registry Read (CVE-2018-3640) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information.

2.0

Jul 26, 2018

Microsoft is announcing the availability of updates for Surface Pro 4, Surface Laptop, Surface Pro Model 1796, and Surface Pro with Advanced LTE Model 1807 that address the Rogue System Registry Read (CVE-2018-3640) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information.

1.0

May 21, 2018

Information published.

How satisfied are you with the MSRC Security Update Guide?