Items tagged with meltdown
You might not have even been aware of this, but last month's Patch Tuesday update for Windows contained a long overdue mitigation for a security flaw in Intel processors. Left upatched, the flaw essentially allows an attacker to bypass fixes that had previously been rolled out to deal with Spectre and Meltdown, the names given to serious side-channel vulnerabilities that were disclosed last year. Security researchers at Bitdefender discovered the flaw and reported it to Intel a year ago. Even though it affected every Intel processor dating back to Ivy Bridge (introduced in 2012), and potentially earlier ones as well, Intel shrugged it off, saying it already knew about the vulnerability and was...
Read more...
Where computing is concerned, security should always be a major focus. In 2018, that focus almost seemed overwhelming, thanks in part to the fact that the infamous Spectre and Meltdown security vulnerabilities impacted so many end users and industries. And let's not forget then-Intel CEO Brian Krzanich during his CES keynote, where he wasted no time at all in addressing the problem, along with the company's commitment to fix it for its processors. Over the course of the year, we were all left wondering if future patches would cripple system performance, but thankfully, the noticeable hits seem to be prevalent mostly in the enterprise. However, there is still some degradation for us regular...
Read more...
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology – like Spectre and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but Red Hat just revealed all of the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating and an ID of CVE-2018-3665 in the company's solutions database. As its name suggests, the exploit leverages the processor's FPU's (Floating Point Unit) "lazy state restore" feature...
Read more...
In mid-March, Intel announced that it had made tremendous progress in releasing microcode updates to address the Meltdown and Spectre vulnerabilities in its processors. At the time, Intel said that its microcode updates had been distributed for all of its processors released in the past five years. While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on its progress for distributing Meltdown-Spectre microcode updates. Just a small sample of the processors...
Read more...
It appears that the Spectre-Meltdown nightmare for Intel and its customers is finally nearing resolution. The chip giant has been working overtime to develop and distribute microcode updates for its processors to combat these vulnerabilities, and this morning announced that 100 percent of its processors released in the past five years have microcode updates to protect "against the side-channel method vulnerabilities." In addition, Intel says that it is taking proactive steps to ensure that all three primary vulnerabilities, which are listed below, are addressed in the future: Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass) Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection) Variant...
Read more...
Today is Patch Tuesday, which means that Microsoft is pushing out a slew updates for its wide portfolio of software products. First and foremost, the company is issuing another round of updates to address the Spectre and Meltdown processor vulnerabilities that rocked the computing world back at the start of 2018. Microsoft announced that it will be expanding its Meltdown mitigation solutions to x86 version of both the legacy Windows 7 and Windows 8.1 operating systems. With this latest round of updates, all of Microsoft's [currently supported] operating systems are hardened against any known Meltdown threats. In addition, Microsoft has expanded its catalog of Intel-validated microcode updates...
Read more...
Attempts to mitigate CPU flaws affecting practically every processor released in the past two decades has not been easy. There is no 'one-size-fits-all' solution to this mess, and some of early attempts to patch CPUs against Spectre and Meltdown only caused more problems, like random reboots. Well, good news if you an own an older processor—Intel has released another batch of stable microcode updates, this time for Haswell and Broadwell CPUs. The new microcode updates replace some of the ones Intel briefly doled out in January. Intel ended up pulling those initial patches after customers complained of random reboot issues. To Intel's credit, the company responded quickly and identified...
Read more...
Just when you thought the whole Spectre and Meltdown situation could not get any messier, a new report suggests Intel withheld information about the security flaws to US cyber officials, even though it gave some of its hardware partners a heads up before the situation became public knowledge. Intel defends its position, saying it had no knowledge that the vulnerabilities had been exploited. The report essentially echoes an earlier one in which The Wall Street Journal said Intel shared information about Spectre and Meltdown to Chinese firms before the US government. At the time, Jake Williams, head of Rendition Infosec and former NSA employee said it was "near certainty" that the Chinese government...
Read more...
Nobody is happy with the situation surrounding recently disclosed CPU vulnerabilities collectively known as Spectre and Metldown (there are two variants of the former and one of the latter). The anger on the part of consumers has erupted into a series of lawsuits, including at least 32 class-action suits filed against Intel and another four that have been hurled at AMD, with potentially more to come. AMD has perhaps been less of a target because it is not really affected by Meltdown, only Spectre. Be that as it may, AMD has not been immune to legal scrutiny, with four separate class-action lawsuits alleging a series of violations—everything from securities fraud and breach of warranty,...
Read more...
Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods. The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." That's...
Read more...
Microsoft is making it easier for businesses and IT administrators to tell if their PCs are protected from Spectre and Meltdown. Along with yesterday's collection of Patch Tuesday security updates, Microsoft upgraded its Windows Analytics service to specifically look for various mitigations against Spectre and Meltdown, including antivirus, operating system patches, and appropriate firmware. Unless you manage several PCs deployed at your workplace, you might not be familiar with Windows Analytics, a free tool that Microsoft provides to businesses. It's a cloud-based service designed to provide actionable insights into the performance, reliability, and health of Windows devices. Windows Analytics...
Read more...
Intel has had a rough time patching the Meltdown and Spectre chip exploits that were first publicized in early January. The company issued microcode updates that helped to mitigate the exploits on processor architectures dating back to Broadwell. However, Intel quickly found out that not all was well, with customers reporting problems with random system rebooting. After pulling the updates and conferring with its OEM partners, Intel is now an issuing a second "production" microcode update for "several" Skylake-platforms. At this time, Intel is distributing the new microcode updates to system OEMs like Hewlett-Packard and Dell so that they can prepare BIOS updates for their systems. If you recall,...
Read more...
It's been roughly a month since the first reports concerning Spectre and Meltdown began appearing on the web. Since that time, hardware and software companies have been working together to release BIOS/microcode updates, software patches, and operating system kernel updates to protect customers. Even though the industry has been pushing out fixes at a rapid rate, malicious actors looking to take advantage of the exploits have also been working overtime. According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware software that is designed to exploit Meltdown and Spectre chip vulnerabilities. AV-TEST goes on to...
Read more...
We don't think that we'd be out of line if we said the revelation of the Meltdown and Spectre chip vulnerabilities and the resultant mitigations have been somewhat of a disaster. It's bad enough that the vulnerabilities exist at all, but the fixes have resulted in in some nasty side effects. AMD users were some of the earliest victims of Meltdown-Spectre mitigations, and now Microsoft is addressing the issue head-on. Microsoft yesterday issued its third cumulative update for the Windows 10 Fall Creators Update (version 1709) for the month of January. The update takes Windows 10 to build 16299.214 and resolve issues in KB4056892 that was pushed to customers in early January to help fix Spectre...
Read more...
