Remember the Spectre CPU vulnerability that reared its head for the first time in 2017? Variant 2 of Spectre is back, and as such, Microsoft has published guidance about the mitigation.
Msrc RSS
_medium.jpg)
Microsoft has published an advisory about a misconfiguration that led to its own, customer, and partner data being exposed. It has also called out security researchers for mishandling the disclosure.
Microsoft has been accused of slashing bug bounty reward money by large amounts by several security researchers. One of them said his finding was worth just 10% compared to the earlier value.
Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls.
New variants of Spectre have been discovered by Microsoft and Google, which allow attackers to read privileged data. While mitigations will be available soon, they will result in a performance hit.
