Microsoft Corp. today released a new patch for one of the Spectre central processing unit vulnerabilities and has announced plans to distribute further patches when they become available.

The new patch is available via the Microsoft Update Catalog for those running Windows 10 Fall Creators Update and Windows Server Core with Skylake processor chips. It addresses CVE 2017-5715, the Spectre Variant 2 “Branch Target Injection” vulnerability.

That vulnerability allows attackers to persuade a processor’s branch predictor to make a bad prediction, which can then be used to infer the value of data stored, giving hackers information they should not have access to. In essence, it allows a malicious actor to potentially load malware onto a PC or server so as to steal sensitive data.

The patch is based on Intel Corp.’s microcode release Feb. 21, but customized for Windows. In a blog post announcing the release, John Cable, a Microsoft director, shed some light on the issues that have plagued previous attempts to patch both Spectre and Meltdown, specifically that in some cases the patches had compatibility issues with antivirus software.

“We have … been working closely with our antivirus partners on compatibility with Windows updates, resulting in the vast majority of Windows devices now having compatible AV software installed,” Cable wrote. “The continued focus of our work with our AV partners and customers is to manage the risk of compatibility issues, especially those that result from AV software that makes unsupported calls into Windows kernel memory.”

Cable went on to note that it’s vital that users made sure that they had up-to-date antivirus software before installing the Spectre patch.

There’s no indication if or when Spectre and Meltdown patches may be delivered by regular Microsoft updates. Cable said only that additional microcode updates will be available from Microsoft once Intel releases them.

Image: Wikimedia Commons