Not intended to be comprehensive, but as of the morning of 4-January, all the worthwhile information I can find published by Microsoft on the Speculative Execution issue:
Note that the “Install-Module” PowerShell cmdlet requires PowerShell v5 or above.
Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
Windows Server Guidance to protect against the speculative execution side-channel vulnerabilities
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Public disclosure
https://bugs.chromium.org/p/project-zero/issues/detail?id=1272
SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
https://support.microsoft.com/en-us/help/4073225
Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities
https://support.microsoft.com/en-us/help/4073235
I have not found any evidence of a KB for Exchange Server Guidance.
Client Patch (Windows 10)
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
Server Patch (Server Core 1709)
https://support.microsoft.com/en-us/help/4056892
Server Patch (Server 2016)
https://support.microsoft.com/en-us/help/4056890
Server Patch (Server 2012R2)
https://support.microsoft.com/en-us/help/4056898
Server Patch (Server 2008R2)
https://support.microsoft.com/en-us/help/4056897
Follow me on twitter: @EssentialExch
CERT Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653
CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility
https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0
Note: I have no independent verification for this document, but it “looks reasonable”.
(h/t Susan Bradley)
I have no idea what they are going to do about chips that don’t take firmware/microcode updates, but:
Intel Issues Updates to Protect Systems from Security Exploits
https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/
US-CERT: Alert (TA18-004A)
Meltdown and Spectre Side-Channel Vulnerability Guidance
https://www.us-cert.gov/ncas/alerts/TA18-004A
A chilling example of Spectre at work: https://twitter.com/Snowden/status/949047283357806593