Items tagged with meltdown
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases leading to performance loss and other issues. Today, unfortunately, University of Virginia Researchers have now found a way to circumvent all of the original Spectre security mitigations, essentially resurrecting the ghostly security flaw that will now again haunt billions of PCs globally. Of the vulnerabilities that appeared in 2018, Spectre was the nastier of the two primary...
Read more...
Intel was raked over the coals three years ago when Spectre and Meltdown vulnerabilities were first discovered that could affect its consumer and enterprise processors. The company addressed the side-channel exploits with patches and subsequent hardware revisions, but AMD is now coming under the microscope for a side-channel attack that could affect processors based on its Zen 3 architecture. The attack is similar in scope to Spectre and involves a feature introduced with Zen 3 called Predictive Store Forwarding (PSF). PSF, in effect, guesses the result of a load and uses speculative execution with subsequent commands. "In typical code, PSF provides a performance benefit by speculating...
Read more...
You might not have even been aware of this, but last month's Patch Tuesday update for Windows contained a long overdue mitigation for a security flaw in Intel processors. Left upatched, the flaw essentially allows an attacker to bypass fixes that had previously been rolled out to deal with Spectre and Meltdown, the names given to serious side-channel vulnerabilities that were disclosed last year. Security researchers at Bitdefender discovered the flaw and reported it to Intel a year ago. Even though it affected every Intel processor dating back to Ivy Bridge (introduced in 2012), and potentially earlier ones as well, Intel shrugged it off, saying it already knew about the vulnerability and was...
Read more...
Where computing is concerned, security should always be a major focus. In 2018, that focus almost seemed overwhelming, thanks in part to the fact that the infamous Spectre and Meltdown security vulnerabilities impacted so many end users and industries. And let's not forget then-Intel CEO Brian Krzanich during his CES keynote, where he wasted no time at all in addressing the problem, along with the company's commitment to fix it for its processors. Over the course of the year, we were all left wondering if future patches would cripple system performance, but thankfully, the noticeable hits seem to be prevalent mostly in the enterprise. However, there is still some degradation for us regular...
Read more...
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology – like Spectre and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but Red Hat just revealed all of the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating and an ID of CVE-2018-3665 in the company's solutions database. As its name suggests, the exploit leverages the processor's FPU's (Floating Point Unit) "lazy state restore" feature...
Read more...
In mid-March, Intel announced that it had made tremendous progress in releasing microcode updates to address the Meltdown and Spectre vulnerabilities in its processors. At the time, Intel said that its microcode updates had been distributed for all of its processors released in the past five years. While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on its progress for distributing Meltdown-Spectre microcode updates. Just a small sample of the processors...
Read more...
It appears that the Spectre-Meltdown nightmare for Intel and its customers is finally nearing resolution. The chip giant has been working overtime to develop and distribute microcode updates for its processors to combat these vulnerabilities, and this morning announced that 100 percent of its processors released in the past five years have microcode updates to protect "against the side-channel method vulnerabilities." In addition, Intel says that it is taking proactive steps to ensure that all three primary vulnerabilities, which are listed below, are addressed in the future: Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass) Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection) Variant...
Read more...
Today is Patch Tuesday, which means that Microsoft is pushing out a slew updates for its wide portfolio of software products. First and foremost, the company is issuing another round of updates to address the Spectre and Meltdown processor vulnerabilities that rocked the computing world back at the start of 2018. Microsoft announced that it will be expanding its Meltdown mitigation solutions to x86 version of both the legacy Windows 7 and Windows 8.1 operating systems. With this latest round of updates, all of Microsoft's [currently supported] operating systems are hardened against any known Meltdown threats. In addition, Microsoft has expanded its catalog of Intel-validated microcode updates...
Read more...
Attempts to mitigate CPU flaws affecting practically every processor released in the past two decades has not been easy. There is no 'one-size-fits-all' solution to this mess, and some of early attempts to patch CPUs against Spectre and Meltdown only caused more problems, like random reboots. Well, good news if you an own an older processor—Intel has released another batch of stable microcode updates, this time for Haswell and Broadwell CPUs. The new microcode updates replace some of the ones Intel briefly doled out in January. Intel ended up pulling those initial patches after customers complained of random reboot issues. To Intel's credit, the company responded quickly and identified...
Read more...
Just when you thought the whole Spectre and Meltdown situation could not get any messier, a new report suggests Intel withheld information about the security flaws to US cyber officials, even though it gave some of its hardware partners a heads up before the situation became public knowledge. Intel defends its position, saying it had no knowledge that the vulnerabilities had been exploited. The report essentially echoes an earlier one in which The Wall Street Journal said Intel shared information about Spectre and Meltdown to Chinese firms before the US government. At the time, Jake Williams, head of Rendition Infosec and former NSA employee said it was "near certainty" that the Chinese government...
Read more...
Nobody is happy with the situation surrounding recently disclosed CPU vulnerabilities collectively known as Spectre and Metldown (there are two variants of the former and one of the latter). The anger on the part of consumers has erupted into a series of lawsuits, including at least 32 class-action suits filed against Intel and another four that have been hurled at AMD, with potentially more to come. AMD has perhaps been less of a target because it is not really affected by Meltdown, only Spectre. Be that as it may, AMD has not been immune to legal scrutiny, with four separate class-action lawsuits alleging a series of violations—everything from securities fraud and breach of warranty,...
Read more...
Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods. The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." That's...
Read more...
Microsoft is making it easier for businesses and IT administrators to tell if their PCs are protected from Spectre and Meltdown. Along with yesterday's collection of Patch Tuesday security updates, Microsoft upgraded its Windows Analytics service to specifically look for various mitigations against Spectre and Meltdown, including antivirus, operating system patches, and appropriate firmware. Unless you manage several PCs deployed at your workplace, you might not be familiar with Windows Analytics, a free tool that Microsoft provides to businesses. It's a cloud-based service designed to provide actionable insights into the performance, reliability, and health of Windows devices. Windows Analytics...
Read more...
Intel has had a rough time patching the Meltdown and Spectre chip exploits that were first publicized in early January. The company issued microcode updates that helped to mitigate the exploits on processor architectures dating back to Broadwell. However, Intel quickly found out that not all was well, with customers reporting problems with random system rebooting. After pulling the updates and conferring with its OEM partners, Intel is now an issuing a second "production" microcode update for "several" Skylake-platforms. At this time, Intel is distributing the new microcode updates to system OEMs like Hewlett-Packard and Dell so that they can prepare BIOS updates for their systems. If you recall,...
Read more...
It's been roughly a month since the first reports concerning Spectre and Meltdown began appearing on the web. Since that time, hardware and software companies have been working together to release BIOS/microcode updates, software patches, and operating system kernel updates to protect customers. Even though the industry has been pushing out fixes at a rapid rate, malicious actors looking to take advantage of the exploits have also been working overtime. According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware software that is designed to exploit Meltdown and Spectre chip vulnerabilities. AV-TEST goes on to...
Read more...
We don't think that we'd be out of line if we said the revelation of the Meltdown and Spectre chip vulnerabilities and the resultant mitigations have been somewhat of a disaster. It's bad enough that the vulnerabilities exist at all, but the fixes have resulted in in some nasty side effects. AMD users were some of the earliest victims of Meltdown-Spectre mitigations, and now Microsoft is addressing the issue head-on. Microsoft yesterday issued its third cumulative update for the Windows 10 Fall Creators Update (version 1709) for the month of January. The update takes Windows 10 to build 16299.214 and resolve issues in KB4056892 that was pushed to customers in early January to help fix Spectre...
Read more...
The Razer Phone launched back in November and it packed some of the best hardware to be crammed inside a smartphone in recent memory. Razer has now launched a software update for the smartphone that brings some nice new features for owners. The new features might also push some who have been thinking about buying the device off the fence. The update is a big one clocking in at 249MB and brings with its HDR support in Netflix. This feature makes the Razer Phone one of the few smartphones in the world to support Netflix HDR. The update also brings with it updates for the cameras on the phone to improve performance and image quality. An issue where the phone would capture images with a yellow...
Read more...
Intel is in hot water after a report from The Wall Street Journal surfaced yesterday that claims that Intel announced to a handful of customers, including several Chinese companies, that its chips were susceptible to Meltdown and Spectre security flaws. Those two flaws affected chip technologies from Intel, AMD, and ARM. Security experts have taken issue with what Intel did because the early warning to the Chinese firms could have allowed the companies to alert Beijing officials on the flaws, giving China operatives extra lead time to exploit the vulnerabilities in the chips. Jake Williams, head of Rendition Infosec and a former NSA employee said that it was a "near certainty"...
Read more...
If you regularly follow tech -- which we're quite sure you do -- then you likely know all about the alarming Spectre and Meltdown chip vulnerabilities that were first revealed just a few weeks ago. The good news is that software and hardware partners from around the globe have worked to issue OS patches and BIOS/microcode updates to help mitigate the exploits. Now, Intel says that it will include actual hardware fixes in silicon to address Meltdown and Spectre, in future processor releases. Intel CEO Brian Krzanich made the comments during the company's Q4 2017 earnings call yesterday, explaining that "silicon-based" fixes for Spectre and Meltdown would arrive by the end of 2018. This...
Read more...
It appears that the fallout from Intel's release of BIOS updates to address Spectre and Meltdown chip vulnerabilities continues to rain down on the PC community. Most recently, Dell has advised its customers against installing BIOS/microcode updates that have been distributed to address Spectre (Variant 2). If you recall, there are three exploits making the rounds involving Spectre and Meltdown: Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass) Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection) Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load) Dell assures customers that only the BIOS/microcode mitigation for Variant 2 is susceptible to "reboot issues and unpredictable...
Read more...
Intel has been taking heat for patches that it deployed for the Spectre and Meltdown chip flaws. Recently deployed patches have resulted in some systems being subjected to random rebooting. However, Linus Torvalds is blasting Intel for another consequence of its patching regimen. In Torvalds' words, the patches are complete garbage. "They do literally insane things. They do things that do not make sense," said Torvalds. "I think we need something better than this garbage." He made these comments via a public Linux kernel mailing list that included Amazon engineer David Woodhouse. Torvalds is of course talking about the patches and how they are implemented for the Linux kernel to address Spectre...
Read more...
Intel has a pretty big Spectre/Meltdown problem on its hands. The company over the past few weeks has issued patches to help mitigate the processor vulnerabilities, but those patches have resulted in frequent reboots of both older (Broadwell, Haswell) and newer (Skylake, Kaby Lake) processors, and everything in between. Intel is now telling customers to forgo installing the Spectre and Meltdown patches due to lingering issues that it has confirmed with customers, and identified in its own testing. In addition, Intel says that it has identified the root cause for the reboots. "We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment...
Read more...
