Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer
John Hazen, Principal PM Lead, Microsoft Edge
Microsoft has issued security updates (KB4056890) with mitigations for this class of attacks. As part of these updates, we are making changes to the behavior of supported versions of Microsoft Edge and Internet Explorer 11 to mitigate the ability to successfully read memory through this new class of side-channel attacks.
Initially, we are removing support for SharedArrayBuffer from Microsoft Edge (originally introduced in the Windows 10 Fall Creators Update), and reducing the resolution of performance.now() in Microsoft Edge and Internet Explorer from 5 microseconds to 20 microseconds, with variable jitter of up to an additional 20 microseconds. These two changes substantially increase the difficulty of successfully inferring the content of the CPU cache from a browser process.
We will continue to evaluate the impact of the CPU vulnerabilities published today, and introduce additional mitigations accordingly in future servicing releases. We will re-evaluate SharedArrayBuffer for a future release once we are confident it cannot be used as part of a successful attack.