Microsoft has released an out-of-band emergency security update to Windows 10 to bring fixes to the Meltdown and Spectre kernel flaws that affect Intel, AMD and ARM chips. “We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers,” the company spokesperson said.

"We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD."

The Windows maker suggests that these security vulnerabilities haven’t been used in the wild to attack Windows consumers. “We have not received any information to indicate that these vulnerabilities had been used to attack our customers,” it added.

Spectre is Jedi mind trick; Meltdown a pickpocket…

As we reported earlier Google has made the details of these security flaws – that were first discovered last year – available to the public. Security researchers have said most of the PCs and phones being used today are affected. “Think of a Star Wars movie where someone wants to steal money,” Daniel Gruss, one of the security researchers who discovered the Meltdown and Spectre flaws, said. “Spectre is like a Jedi mind trick: you make someone else give you their money, this happens so quick that they don’t realize what they’re doing.”

“Meltdown just grabs the money very quickly like a pick-pocket. The Jedi mind trick is of course more difficult to do, but also harder to mitigate.”

Patches for Windows 10 available now – unclear exactly which variants it’s fixing

The update brings “security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.” The attack has three variants, but it remains unclear if this patch fixes all of them or only some. Microsoft will be automatically patching Windows 10 machines, according to The Verge. While the fixes are also available for supported Windows 7 and 8 versions, they won’t be automatically applied until the scheduled Patch Tuesday, next week.

Along with Microsoft and other tech companies, UK’s National Cyber Security Center has also said there is no evidence of malicious exploits in the wild. However, since the details are out in the open now along with proof of concepts, it would be wiser to deploy patches as soon as they are made available.

Here are the details of these cumulative updates bring rolled out to supported Windows 10 devices right now.

  • Windows 10 Fall Creators Update is receiving KB4056892 (Build 16299.192)
  • Windows 10 Creators Update Version 17033 gets KB4056891 (Build 15063.850)
  • Version 1607 is getting KB4056890 (Build 14393.2007)
  • 1511 receives KB4056888 (Build 10586.1356) – for enterprise and education only.
  • The original Windows 10 version is receiving KB4056893 (Build 10240.17738) – for enterprise only.

You can find more details and known issues here.