Critical Security Update for Azure, Windows ... and Everything Else
Before the Holiday break, we sent out a notification to alert Azure customers that Microsoft would be rebooting Azure virtual machines starting on January 9th after deploying an update. As you might have read, this was in response to a critical security flaw in the hardware of most Intel processors produced in the last 10 years.
Rumours began to swirl of this flaw over the last 48 hours. Yesterday, Google, who discovered the flaw with some academics, decided to release the full details of the security vulnerability in Intel, AMD, and ARM processors, which affects all operating systems & hypervisors. We don’t know much about the AMD/ARM flaws, but we know that the Intel problem can only be fixed by an operating system update that bypasses the vulnerable kernel memory handling feature of the processor.
Microsoft has released a security fix for Windows. PLEASE read the notes on anti-virus compatibility before attempting to deploy this update. A major change is being made to the OS kernel which anti-virus products may have an issue with. The official statement from Microsoft is that you should verify that the anti-virus company supports the update. A security expert, Kevin Beaumont, has shared a spreadsheet on AV compatibility and instructions.
Please read the documentation, test & verify, before you push this critical update out to customers.