Microsoft Issues Advisory on Lazy Floating Point State Restore Security Issue

Microsoft earlier this month issued an advisory for the "lazy floating point state restore" security problem (CVE-2018-3665) that potentially could affect users of Windows and Intel Core processors.

Microsoft's Wednesday June 13 advisory missed by a day being announced alongside its "update Tuesday" patch release announcement for June. Little publicity attended its publication. This June 25 TechNet blog post briefly mentioned the lazy floating point state restore issue.

The lazy floating point state save/restore issue is yet another problem unearthed by researchers examining the security implications of the normal "speculative execution" functioning of processors. Speculative execution speeds up processor operations by anticipating the next steps to be taken. Unfortunately, as researchers explained back in January it's possible for malware on a machine to exploit these processes and steal information from the operating system's kernel using "side-channel" analysis methods.

The researchers described two kinds of speculative execution side-channel attack methods back in January, namely "Meltdown" and "Spectre." Four variants of those attack methods have been identified, namely:

Intel, in a June 19 e-mail from a spokesperson, explained that the lazy floating point state restore problem falls into the Variant 3a category. Also, the Intel spokesperson implied that operating system makers have been addressing this issue "for many years."

Here's the full statement from the Intel spokesperson:

This issue, known as Lazy FP state restore, is similar to Variant 3a. It has already been addressed for many years by operating system and hypervisor software used in many client and data center products. Our industry partners are working on software updates to address this issue for the remaining impacted environments and we expect these updates to be available in the coming weeks. We continue to believe in coordinated disclosure and we are thankful to Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival for reporting this issue to us. We strongly encourage others in the industry to adhere to coordinated disclosure as well.

Apparently, the lazy floating point state restore issue is possible because of an implementation chosen by the operating system maker, and presumably any future fix for the issue would come from the OS maker, rather than from Intel. Microsoft's advisory didn't provide much information about it. Microsoft had no information to share in response to reporter questions.

The gist of Microsoft's advisory is that the lazy floating point state restore setting is "enabled by default in Windows and cannot be disabled." Information about the affected Windows versions wasn't listed by Microsoft at press time. Microsoft considers lazy floating point state restore to be a medium security issue, and it does not affect customers using Microsoft Azure virtual machines.

Here's Microsoft's assessment of the lazy floating point state restore issue:

An attacker must be able to execute code locally on a system in order to exploit this vulnerability, similar to the other speculative execution vulnerabilities. The information that could be disclosed in the register state depends on the code executing on a system and whether any code stores sensitive information in FP register state.

Microsoft recommends that organizations subscribe to its technical security notifications to get apprised of any changes to its advisory, which is known as "ADV180016." Oddly, this advisory does not appear in this year's list of security advisories. It's possible that Microsoft did not send out a notification about ADV180016 earlier, even to notification subscribers.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Windows 10 Preview Adds Windows Subsystem for Linux 2 on ARM64 Devices

    Microsoft's latest Windows 10 preview release for testers (build 18980), announced on Wednesday, includes support for version 2 of the Windows Subsystem for Linux, plus ARM64 device support for WSL 2.

  • Microsoft Defender Advanced Threat Protection Evaluation Lab Now Available

    The Microsoft Defender Advanced Threat Protection (ATP) Evaluation Lab is now ready for use by organizations.

  • How Organizations Can Adapt to SharePoint's 'Modern' Shift

    In a September interview, SharePoint expert Asif Rehmani described how users, developers and organizations are dealing with SharePoint Online's so-called "modern" innovations.

  • Microsoft Urges LDAP Workaround Fix for Windows Systems

    Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.