Microsoft is pushing out software updates to supported versions of its Windows operating system in an attempt to fix a newly-discovered bug that compromises security and slows down processors.
Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.
One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
Microsoft started sending out patch updates for Windows 10 on Wednesday and plans to release patches for Windows 7 and 8 next week.
In a blog post on Wednesday evening, the Washington-headquartered firm said that it was trying to protect customers of its cloud computing service Azure from an “industry-wide, hardware-based security vulnerability”.
“At the time of this blog post, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack Azure customers,” the company said. “The majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs (virtual machines) for the security update to take effect.”
Despite Microsoft’s damage control efforts, the bug may continue to affect the performance of Windows PCs until processor makers push a security fix as well. Intel may do so next week, according to one report.
Business Insider reported that the reason for performance issues is related to “speculative execution,” a key method in how the “kernel,” or core, of Windows and other operating systems interact with processors.
“Speculative execution” has been a cornerstone of Intel processor architecture since 1995.
According to Intel, this security flaw could be used by hackers to access protected data.
Microsoft also said that it was accelerating its planned maintenance timing and would begin automatically rebooting the remaining impacted VMs starting at 3:30pm PST on Wednesday.
“The self-service maintenance window that was available for some customers has now ended, in order to begin this accelerated update,” the company said.
Microsoft added that majority of Azure customers should not see a noticeable performance impact with this update.
“A small set of customers may experience some networking performance impact. This can be addressed by turning on Azure Accelerated Networking (Windows, Linux), which is a free capability available to all Azure customers,” the company said.
Like this report? Sign up for our daily newsletter to get our top reports.