Latest Patch Tuesday Patches Spectre V2 Vulnerability Affecting AMD Ryzen Windows PCs

Last night was the second Tuesday of the month, which is just in time for Microsoft Patch Tuesday. As a result, Microsoft released security updates for Windows 11, Windows 10, and Windows 8.1 and Windows 7.

Among other things, the latest November Patch Tuesday fixes an AMD CPU vulnerability similar to Spectre Variant 2 with ID "CVE-2022-23824″, which affects nearly all AMD Ryzen, EPYC and Athlon desktop, notebook and server processor SKUs. however, the latest of Zen 4-based Ryzen 7000 chips are not affected.

In an announcement released earlier today, AMD described the new security vulnerability.

AMD is aware of a potential vulnerability affecting AMD CPUs where the operating system relies on IBPB to flush the return address predictor. This could allow CVE-2017-5715 (formerly known as Spectre Variant 2) to flush the return address predictor with an attack based on RET predictions when the operating system relies on IBPB without using additional software mitigations.

CVE-2022-23824

IBPB may not be able to prevent return branch predictions from being specified by pre-IBPB branch targets, leading to a potential information leak.

Therefore, users running AMD systems with all but the latest Ryzen 7000 chips are advised to update their Windows PCs. You can use Windows Update in Settings to download updates automatically, or manually grab a standalone update from the Microsoft Update Catalog website. Find the link in the following article:

• Windows 11：22H2(KB5019980) | 21H2(KB5019961)
• Windows 10：KB5019959

The following are all affected AMD CPU families:

Desktop

• AMD Athlon™ X4 processor
• AMD Ryzen™ Threadripper™ PRO processor
• 2nd Gen AMD Ryzen™ Threadripper™ processors
• 3rd Gen AMD Ryzen™ Threadripper™ processors
• 7th Generation AMD A-Series APUs
• AMD Ryzen™ 2000 Series Desktop processors
• AMD Ryzen™ 3000 Series Desktop processors
• AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics

Mobile

• AMD Ryzen™ 2000 Series Mobile processor
• AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
• AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
• AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
• AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

Chromebook

• AMD Athlon™ Mobile processors with Radeon™ graphics

Server

• 1st Gen AMD EPYC™ processors
• 2nd Gen AMD EPYC™ processors
• 3rd Gen AMD EPYC™ processors

In addition to the CPU vulnerabilities, AMD has shared details of several security flaws affecting its graphics. The company has released graphics driver and AGESA updates to fix the issues in its GPUs and integrated graphics, respectively.

In the case of the Radeon RX 5000 and RX 6000 series GPUs, the issue has been patched with the Radeon 22.5.2 driver. If you are already using the newer drivers, you don't have to worry. For PRO series cards, you can grab the AMD software. PRO version 22.Q2 or any newer driver. For AGESA firmware updates, you can find more details on AMD's official website.