The Lazy FP State Restore bug hit chipsets on systems running Microsoft’s Windows and this as revealed last month. Now, the tech giant finally addressed the issue by rolling out new Patch Tuesday security updates. The processor flaw involved side channel speculative execution, something that was similar to the Meltdown and Spectre hardware vulnerabilities dating back in January.
Lazy Restore bug was enabled in Windows
In June, Microsoft revealed that the Lazy Restore bug was enabled by default in Windows and PC users and admins couldn’t disable it. Redmond promised to rolled out new updates to fix the issue, and the company quickly delivered them. The fixes are available for all impacted Windows versions, namely Windows 10, Windows 8.1, Windows 7, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, and Windows Server 2012 R2.
Windows 8.1 and Windows 10 receive fixes
Microsoft stated that customers who are running Azure systems were not exposed to the bug. The company said that an attacker must be able to execute code locally on a system to exploit the flaw in a similar manner to other speculative execution vulnerabilities. The data could be disclosed in the register state, and this information depends on the code that’s executing on a system and whether any code stores sensitive data in FP register code.
“An attacker, via a local process, could cause information stored in FP (Floating Point), MMX, and SSE register state to be disclosed across security boundaries on Intel Core family CPUs through speculative execution,” Microsoft notes in the advisory.
The company also recommends users to download the fixes and install them as soon as possible. Windows 10 computers are getting the patches as part of the cumulative update this Patch Tuesday, and Windows 8.1 systems get the fixes into the monthly rollups. You can read which exactly are the affected products in Microsoft’s official notes here.
RELATED STORIES TO CHECK OUT: