Category: Server Core

Last updated by at .

Techorama 2018

Speaking about Azure Stack and Hyper-V at Techorama 2018 in Antwerp Belgium

Today I am happy to announce that I am one of the speakers at the Techorama 2018 conference in Antwerp Belgium. Techorama is a yearly international technology conference which takes place at Metropolis Antwerp. Techorama welcomes about 1500 attendees, a healthy mix between developers, IT Professionals, Data Professionals and SharePoint professionals. Their commitment is to create a unique conference experience with quality content and the best speaker line-up. Techorama will take place from the 22nd -24th of May 2018.

I will be speaking in two sessions about Microsoft Azure Stack and Hyper-V

Azure Stack - Your Cloud Your Datacenter

Microsoft released Azure Stack as a Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate a Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

10 hidden Hyper-V features you should know about!

In this session Thomas Maurer will talk about 10 hidden Hyper-V features everyone should know about. This covers different features for Hyper-V on Windows Server as well as on Windows 10. Be prepared for a lot of Demos!

Hopefully see you there!



Windows Admin Center

Windows Admin Center – The Next Generation Windows Server Management Experience

Back in September Microsoft released Project Honolulu, which is the codename for a new Windows Server management experience. Today Microsoft announced the Windows Admin Center. Windows Admin Center is a flexible, locally-deployed, browser-based management platform and tools to manage Windows Server locally and remote. Windows Admin Center (WAC) gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet.

I had the chance to test and work with Windows Admin Center for a while in a private preview program. This give me the chance to test and work with WAC for quiet some time.

Windows Admin Center is the modern evolution of the “in-box” management tools of Windows Server, like Server Manager, MMC, and many others. It is complementary to other Microsoft Management solutions such as System Center and Operations Management Suite. And as Microsoft clearly states, WAC is not designed to replace these products and services. WAC is a replacement for the local only tools and is especially handy if you run Windows Server Core.

Windows Admin Center Deployment Overview

(Picture for Microsoft)

You might remember the Azure Server Management Tools (SMT). SMT were management tools hosted in Azure and allowed you to manage your servers in the cloud and on-primes. Basically a hosted services of Windows Admin Center. The feedback however was, that a lot of customer preferred a on-premise solution for their management experience. Microsoft took that feedback and created Windows Admin Center formally known as Project Honolulu.

Windows Admin Center Functionality

Windows Admin Center PowerShell

  • Simplified server management – WAC consolidates many distinct tools into one clean and simple web interface. Rather switching between different tools, you can final everything in one place.
  • Illuminate your datacenter infrastructure – With WAC you can manage Windows Server 2016, 2012/2012 R2, Hyper-V Server 2012 and higher. WAC not only allows you to manage standalone servers, but also complete solutions such a failover clusters, hyper-converged clusters based on Storage Spaces Direct and much more. And I am sure you can bet it will also support Windows Server 2019 when it arrives.
  • The tools you know, reimagined – Windows Admin Center provides the core familiar tools you have used in the past.
  • Manage Hyper-Converged Infrastructure –  WAC brings solutions to manage your Hyper-Converged systems. You get a single pane of glass to manage and operate your Storage Spaces Direct Clusters. You can easily get an overview about resources, performance, health and alerts.

Windows Admin Center Management Experience

Windows Admin Center Solutions

WAC has different solutions which give you different functionality. In the technical preview there are three solutions available, Server Manager, Failover Cluster Manager and Hyper-Converged Cluster Manager.

Server Manager

The server manager lets you is kind of like the Server Manager you know from Windows Server, but it also replaces some local only tools like Network Management, Process, Device Manger, Certificate and User Management, Windows Update and so on. The Server Manager Solution also adds management of Virtual Machines, Virtual Switches and Storage Replica.

Failover Cluster Manager

As you might think, this allows you to manage Failover Clusters.

Hyper-Converged Cluster Manager

The Hyper-Converged Cluster Manager is very interesting if you are running Storage Spaces Direct clusters in a Hyper-Converged design, where Hyper-V Virtual Machines run on the same hosts. This allows you to do management of the S2D cluster as well as some performance metrics.

WAC Deployment Options

Windows Admin Center Deployment

(Picture from Microsoft)

WAC can be deployed in several different ways, depending on your needs.

WAC Topology

Windows Admin Center On-Premise Architecture

Windows Admin Center leverages a three-tier architecture, a web server displaying web UI using HTML, a gateway service and the managed nodes. The web interface talks to the gateway service using REST APIs and the gateway connected to the managed nodes using WinRM and PowerShell remoting (Similar like the Azure Management Tools).

Windows Admin Center On-Premise and Public Cloud Architecture

You can basically access the Web UI from every machine running modern browsers like Microsoft Edge or Google Chrome. If you publish the webserver to the internet, you can also manage it remotely from everywhere. The installation and configuration of Windows Admin Center is straight forward and very simple.

The WAC Gateway Service can be installed on:

  • Windows Server 2016 (LTSC)
  • Windows Server, version 1709 (SAC)
  • and higher

You can manage the following operating systems

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 and higher

Identity Provider and RBAC

Windows Admin Center Azure Active Directroy

In Project Honolulu during the preview time, one of the missing pieces was the missing RBAC (Role-Based Access Control). Windows Admin Center now comes with RBAC so you can configure it for your needs. Also new is the possibility to use Azure Active Directory as a Identity Provider. In this case you can use your Azure AD users and groups to access the Windows Admin Center.

Conclusion

In my opinion Windows Admin Center provides us with the Windows Server management tools we were looking for. It helps us to manage our systems form a centralized, modern HTML5 web application and makes managing GUI-less servers easy.

I still think the Server Management Tools hosted in Azure were a better overall solution. Since we only needed to deploy a gateway in our datacenter and we could access and manage our systems from the Azure portal. However a lot of customers didn’t like the dependency on the cloud, so the Windows Admin Center makes perfect sense as a on-premise solutions. Of course WAC brings right now much more functionality then SMT. And the possibility to extend it with solutions and extensions form third parties makes it even better.

You can download Windows Admin Center here: http://aka.ms/WindowsAdminCenter 



Windows Server 2019

Microsoft announces Windows Server 2019 and System Center 2019

Microsoft today announced the next Long-Term Servicing Channel (LTSC) release for Windows Server called Windows Server 2019. In a blog post today, Erin Chapple, Director of Program Management Windows Server, announced the Windows Server 2019, which will be available in the second half of calendar year 2018. You can try out a Windows Server Preview build through the Windows Server Insider Program today. Microsoft also mentions that System Center 2019 will be available to manage Windows Server 2019 infrastructures.

Windows Server 2019 is built on the foundation of Windows Server 2016 and focuses on a couple of key scenarios. Microsoft in four key areas, Hybrid Cloud, Security, Application Platform and Hyper-Converged Infrastructure (HCI).

Windows Server 2019 – Hybrid Cloud Improvements

Project Honolulu Server Overview

As of today Hybrid Cloud is more real than ever. With Windows Server 2019 Microsoft is focusing to improve the customer experience in a hybrid cloud world. Taking advantage of public cloud innovation such as Artificial Intelligence and IoT, and connecting them with on-premise services is a huge enabler for customers. At Microsoft Ignite 2017, Microsoft showed of the Technical Preview of Project Honolulu, a web-based management console for Windows Server. One of the goals of Project Honolulu is to connect Windows Server deployments with Azure services. Together with Windows Server 2019 and Project Honolulu, you can easily integrate services like Azure Backup, Azure File Sync, Azure Site Recovery and much more.

Windows Server 2019 – Security

Security was already one of the big investments in Windows Server 2016. Microsoft does not stop there. With Windows Server 2019 Microsoft brings various security improvements like Shielded Virtual Machine support for Linux VMs and Encrypted Virtual Networks. One of my favorite improvements is the possibility to integrate with Windows Defender Advanced Thread Protection (ATP). ATP was first available for Windows 10 and provides preventative protection, detects attacks and zero-day exploits among other capabilities, into the operating system. This gives customers access to deep kernel and memory sensors, improving performance and anti-tampering, and enabling response actions on server machines.

Windows Server 2019 – Application Platform

Ubuntu on Windows Server using WSL

One of the key focus of Microsoft for Windows Server, was always on the developer experience. Microsoft brings a couple of improvements to make it the best application platform out there. Microsoft invests in a couple of scenarios such as bringing the Windows Subsystem for Linux (WSL) to Windows Server. Another key investment area are Windows Server Containers and Windows Server Container images. In Windows Server 2019, Microsoft reduces the Server Core base container image to a third of its current size of 5 GB. This will reduce download time of the image by 72%, further optimizing the development time and performance. Another key improvement in terms of Container support is the integration and support for Container orchestrators like Kubernetes.

Windows Server 2019 – Hyper-converged infrastructure (HCI)

The 4th improvement area is the Hyper-converged infrastructure (HCI). With Windows Server 2016 Microsoft released a new feature called Storage Spaces Direct. Together with Hyper-V and other Microsoft technologies, this was great to build you own infrastructure for your virtualization workloads. Windows Server 2019 will bring a lot of improvements for Storage Spaces Direct, Hyper-V and other related technologies. Microsoft is adding scale, performance, and reliability to the platform. Microsoft also partnered with hardware vendors to provide an affordable and yet extremely robust HCI solution with validated design.

What else?

  • Windows Server will be GA (generally available) in the second half of calendar year 2018.
  • Windows Server will be a LTSC release. LTSC will be the recommended version of Windows Server for most infrastructure scenarios and workloads like SQL Server, SharePoint and Windows Server Software-Defined Datacenter solutions.
  • With the LTSC release of Windows Server 2019, Microsoft will allow customers to use the Server with Desktop Experience as well as Windows Server Core. With the Semi-Annual Channel (SAC) release, Microsoft only provides the Windows Server Core option.
  • There will be another Semi-Annual Channel (SAC) release at the same time as Windows Server 2019 focusing on Container innovations. The SAC releases will be supported as before for 18 months, while the LTSC releases follow the normal 5+5 year support.
  • Licensing will use the same model as Windows Server 2016 today, Microsoft mentions that it is likely that they will increase the pricing for Windows Sevrer Client Access Licensing (CAL), but will share more details later.

With that we can all be very excited for the next LTSC version of Windows Server. Until then the next SAC release of Windows Server, called Windows Server 1803, will be available this spring. The Windows Server, version 1803 will focus on container improvements. If you want to try out, Windows Server 2019 or Windows Server 1803, you can join the Windows Server Insider Program.



Azure Stack PowerShell Docker Container

Run Azure Stack PowerShell and Azure Stack Tools in a Docker Container

The Azure Stack Tools is a set of scripts and tools to work with Azure Stack and Azure. If you want to run the Azure Stack Tools you will need to install the Azure Stack compatible Azure PowerShell module. To install that that can be some work and it does not allow to run the side by side today with the latest Azure PowerShell Module. For that I have a simple solution. I created two Docker Containers with preinstalled Azure Stack PowerShell and one with Azure Stack PowerShell and the Azure Stack Tools together.

AzureStack-Tools is a GitHub repository that hosts PowerShell modules for managing and deploying resources to Azure Stack. If you are planning to establish VPN connectivity, you can download these PowerShell modules to the Azure Stack Development Kit, or to a Windows-based external client

Azure Stack PowerShell Docker Container

Azure Stack PowerShell Docker Container

This container contains the Azure Stack PowerShell. To run Azure Stack PowerShell in a Docker Container, just run the following command on your server or PC with Docker installed.

Azure Stack Tools Docker Container

Azure Stack Tools Docker Container

This container contains the Azure Stack PowerShell as well as the Azure Stack Tools. To run Azure Stack Tools in a Docker Container, just run the following command on your server or pc with Docker installed.

Both Images are based on Windows Server Core and depending on the microsoft/windowsservercore Docker images.

This should help you to quickly spin up new Azure Stack Operator Workstations. And it should help you to work and interact with Azure Stack.



ExpertsLiveCafe

Speaking at Experts Live Cafe January 2018 Edition in Bern

I am happy to announce and remind you that I will be speaking at the Experts Live Cafe in Bern this Friday. The Experts Live Cafe is a Swiss IT Pro Meetup run by the Microsoft MVPs Stefan Johner and Stefan Roth. Experts Live is a non-profit organization that has a mission to enable sharing of knowledge and experience about Microsoft technologies worldwide. The ExpertsLive Cafes are user group meetups which are designed to bring IT professionals closer together.

I will be covering one of two sessions about this months Experts Live Cafe and talk about Windows Server.

What is next for Windows Server

In Fall 2017 Microsoft has updated Windows Server to the next Semi-Annual Channel release with new features and improvements and Microsoft will now release new SAC and LTSC releases. Join this session for the best of Windows Server, learn how the new Servicing Model of Windows Server works and what does it mean to use SAC or LTSC releases, and what new improvement and features Microsoft offers in the latest releases such as 1709 and 1803. You’ll get an overview about the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job.

There should be still some free seats, so hopefully see you there!

 



Windows Server Insider Preview Build 17074

Sneak Peak of Windows Server 1803 (RS4) – Windows Server Insider Preview Build 17074

Yesterday, Microsoft announced a new Windows Server Insider Preview Build (17074) which will be released as the next Semi-Annual Channel release for Windows Server. This release will likely be called Windows Server 1803 (Codename: Restone 4), which is aligned to the Windows Client releases.

Microsoft talked about improvements in the next Windows Server releases and the investments in Containers and Storage Spaces Direct at Microsoft Ignite 2017, and we already got some early Windows Server Insider Preview builds to see what is coming next. The official list is not to big right now, but we can expect Microsoft to add and announce more features in the comment weeks and months.

What is new in Windows Server 1803 (RS4)

  • Storage Spaces Direct (S2D)
    • Microsoft adds Data Deduplication support Storage Spaces Direct and ReFS
    • Microsoft removed the requirement for SCSI Enclosure Service (SES) on the hardware, which enables more hardware to work with S2D
    • Storage Spaces Direct adds support for Persistent Memory (Storage Class Memory), which brings very fast and very low latency storage to S2D. The prices for this devices is still pretty high, but we can expect this to change in the future and we can also see them as a great use as caching devices.
    • Storage Spaces Direct now also supports Direct-connect SATA devices to AHCI controller, which also make more hardware work with S2D
    • CSV Cache is now enabled by default, which delivers an in-memory write-through cache that can dramatically boost VM performance, depending on your workload.
  • Failover Clustering
    • Azure enlightened Failover Cluster – This is a very exciting feature if you run Windows Server Failover Clusters in Microsoft Azure. This feature will let the Windows Server cluster know if there is Azure host maintenance going on and will exclude the specific cluster node from placing workloads on it.

      By making high availability software running inside of an Azure IaaS VM be aware of maintenance events of the host, it can help deliver the highest levels of availability for your applications.

  • Container
    • Microsoft promised to add more Container feature and provide updated Windows Server Container Images. One feature which made it already into this and early Preview builds is a long waited feature which caused some confusion before. Developers can now use localhost or loopback (127.0.0.1) to access services running in containers on the host.
  • Other Improvements

As mentioned before we can expect Microsoft to add and announce new feature for the next Windows Server release in the next couple of weeks and months.

How to download the Windows Server Insider Preview

You can download the Windows Server Insider Previews from the Windows Server Insider Preview download page. If you are not yet an Insider, check out how to get one on the Windows Insider for Business portal.

Careful, this is pre-release software and it is not supported in production.

Test and Provide Feedback to Windows Server

For Microsoft it is very important that they get feedback about the latest releases. To send feedback use the Feedback Hub application in Windows 10, and choose the Server category with the right subcategory for your feedback.

 

 

 



Windows SpeculationControl PowerShell

Microsoft Guidance to protect against speculative execution side-channel vulnerabilities on Windows, Windows Server and Azure (Meltdown and Spectre)

Microsoft very quickly responded to the speculative execution side-channel vulnerabilities also called Meltdown and Spectre which affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM. Microsoft released some guidance how you should protect your devices against these vulnerabilities. The Microsoft Security Defense Team also published an article with guidance and more details on this: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

In this blog post I tried to quickly summarize the information and link it to the right websites.

Summary

Microsoft is aware of detailed information that has been published about a new class of vulnerabilities referred to as speculative execution side-channel attacks. This industry-wide attack method takes advantage of out-of-order execution on many modern microprocessors and is not restricted to a single chip, hardware manufacturer, or software vendor. To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has collaborated closely with industry partners to develop and test mitigations to help provide protections for our customers. At the time of publication, Microsoft had not received any information to indicate that these vulnerabilities have been used to attack our customers.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS.

Warning

Microsoft addressed protect against speculative execution side-channel vulnerabilities in the latest Windows Updates. However, customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Guidance for Windows Client

Customers should take the following actions to help protect against the vulnerabilities:

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

Read full guidance for Windows Client here: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Guidance for Windows Server

Customers should take the following actions to help protect against the vulnerabilities:

  1. Apply the Windows operating system update. For details on how to enable this update, see Microsoft Knowledge Base Article 4072699.
  2. Make necessary configuration changes to enable protection.
  3. Apply an applicable firmware update from the OEM device manufacturer.

Windows Servers-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update.

  • Windows Server, version 1709 (Server Core Installation) KB4056892
  • Windows Server 2016 KB4056890
  • Windows Server 2012 R2 KB4056898
  • Windows Server 2012 Not available yet
  • Windows Server 2008 R2 KB4056897

Your server is at increased risk if it is in one of the following categories:

  • Hyper-V hosts
  • Remote Desktop Services Hosts (RDSH)
  • For physical hosts or virtual machines that are running untrusted code such as containers or untrusted extensions for database, untrusted web content or workloads that run code that is provided from external sources.

There for Microsoft posted some additional registry keys to mitigations on servers. Microsoft also added some extra registry keys if you are running older versions of Hyper-V.

Read the full guidance for Windows Server and the registry keys here: Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Guidance for Virtual Machines running on Hyper-V

In addition to this guidance, the following steps are required to ensure that your virtual machines are protected from CVE-2017-5715 (branch target injection):

  1. Ensure guest virtual machines have access to the updated firmware. By default, virtual machines with a VM version below 8.0 will not have access to updated firmware capabilities required to mitigate CVE-2017-5715. Because VM version 8.0 is only available starting with Windows Server 2016, users of Windows Server 2012 R2 or earlier must modify a specific registry value on all machines in their cluster.
  2. Perform a cold boot of guest virtual machines.Virtual machines will not see the updated firmware capabilities until they go through a cold boot. This means the running VMs must completely power off before starting again. Rebooting from inside the guest operating system is not sufficient.
  3. Update the guest operating system as required. See guidance for Windows Server.

Read the full guidance for Guest Virtual Machines here: Protecting guest virtual machines from CVE-2017-5715 (branch target injection)

Guidance for Surface Devices

Microsoft will provide UEFI updates for the following devices:

  • Surface Pro 3
  • Surface Pro 4
  • Surface Book
  • Surface Studio
  • Surface Pro Model 1796
  • Surface Laptop
  • Surface Pro with LTE Advanced
  • Surface Book 2

The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

Read full guidance for Surface Devices here: Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability

Guidance for Azure

Microsoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder.

However, I always recommend that you also patch your operating systems and applications to be protected against other vulnerabilities.

Impact to Enterprise Cloud Services

Microsoft is not aware of any attacks on the Microsoft Cloud customers which leverage these types of vulnerabilities. Microsoft employs a variety of detection capabilities to quickly respond to any malicious activity in our enterprise cloud services.

Most of the Azure infrastructure has already received mitigations against this class of vulnerability. An accelerated reboot is occurring for any remaining hosts. Customers can check the Azure Portal for additional details.

All other enterprise cloud services such as Office 365, Dynamics 365, and Enterprise Mobility + Security have mitigations against these types of vulnerabilities. Microsoft engineering is continuing to perform analysis across the environments to confirm further protection.

Read full guidance for Microsoft Azure here: Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities

Guidance for Azure Stack

Azure Stack customers should take the following actions to help protect the Azure Stack infrastructure against the vulnerabilities:

  1. Apply Azure Stack 1712 update. See the Azure Stack 1712 update release notes for instructions about how to apply this update to your Azure Stack integrated system.
  2. Install firmware updates from your Azure Stack OEM vendor after the Azure Stack 1712 update installation is completed. Refer to your OEM vendor website to download and apply the updates.
  3. Some variations of these vulnerabilities apply also to the virtual machines (VMs) that are running in the tenant space. Customers should continue to apply security best practices for their VM images, and apply all available operating system updates to the VM images that are running on Azure Stack. Contact the vendor of your operating systems for updates and instructions, as necessary. For Windows VM customers, guidance has now been published and is available in this Security Update Guide.

Read full guidance for Microsoft Azure Stack here: Azure Stack guidance to protect against the speculative execution side-channel vulnerabilities

Guidance for SQL Server

The following versions of Microsoft SQL Server are impacted by this issue when running on x86 and x64 processor systems:

  • SQL Server 2008
  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017

IA64-based versions of SQL Server 2008 are not believed to be affected.

Microsoft made a list of different SQL Server scenarios depending on the environment that SQL Server is running in and what functionality is being used. Microsoft recommends that you deploy fixes by using normal procedures to validate new binaries before deploying them to production environments.

You can finde the list for scenarios and recommendations here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

There is also a list of updates for SQL Server available:

 

  • 4057122 Description of the security update for SQL Server 2017 GDR: January 3, 2018
  • 4058562 Description of the security update for SQL Server 2017 CU3 RTM: January 3, 2018
  • 4058561 Description of the security update for SQL Server 2016 CU7 SP1: January 3, 2018
  • 4057118 Description of the security update for SQL Server 2016 GDR SP1: January 3, 2018
  • 4058559 Description of the security update for SQL Server 2016 CU: January 6, 2018
  • 4058560 Description of the security update for SQL Server 2016 GDR: January 6, 2018
  • 4057114 Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
  • 4057113 Description of the security update for SQL Server 2008 SP3 R2 GDR: January 6, 2018

Read the full guidance for SQL Server here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

Verifying protections again speculative execution side-channel vulnerabilities

The Microsoft Security Response Center released a PowerShell Module on the PowerShell Gallery called SpeculationControl, which verifies if your system is protected or not.

You can find more here: Use PowerShell to verifying protections again peculative execution side-channel vulnerabilities CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)

 

More information on how to mitigate speculative execution side-channel vulnerabilities can be found here: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities