Items tagged with meltdown
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology – like Spectre and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but Red Hat just revealed all of the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating and an ID of CVE-2018-3665 in the company's solutions database. As its name suggests,...
Read more...
In mid-March, Intel announced that it had made tremendous progress in releasing microcode updates to address the Meltdown and Spectre vulnerabilities in its processors. At the time, Intel said that its microcode updates had been distributed for all of its processors released in the past five years. While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on...
Read more...
It appears that the Spectre-Meltdown nightmare for Intel and its customers is finally nearing resolution. The chip giant has been working overtime to develop and distribute microcode updates for its processors to combat these vulnerabilities, and this morning announced that 100 percent of its processors released in the past five years have microcode updates to protect "against the side-channel method vulnerabilities." In addition, Intel says that it is taking proactive steps to ensure that all three primary vulnerabilities, which are listed below, are addressed in the future: Variant 1 (Spectre):...
Read more...
Today is Patch Tuesday, which means that Microsoft is pushing out a slew updates for its wide portfolio of software products. First and foremost, the company is issuing another round of updates to address the Spectre and Meltdown processor vulnerabilities that rocked the computing world back at the start of 2018. Microsoft announced that it will be expanding its Meltdown mitigation solutions to x86 version of both the legacy Windows 7 and Windows 8.1 operating systems. With this latest round of updates, all of Microsoft's [currently supported] operating systems are hardened against any known Meltdown...
Read more...
Attempts to mitigate CPU flaws affecting practically every processor released in the past two decades has not been easy. There is no 'one-size-fits-all' solution to this mess, and some of early attempts to patch CPUs against Spectre and Meltdown only caused more problems, like random reboots. Well, good news if you an own an older processor—Intel has released another batch of stable microcode updates, this time for Haswell and Broadwell CPUs. The new microcode updates replace some of the ones Intel briefly doled out in January. Intel ended up pulling those initial patches after customers...
Read more...
Just when you thought the whole Spectre and Meltdown situation could not get any messier, a new report suggests Intel withheld information about the security flaws to US cyber officials, even though it gave some of its hardware partners a heads up before the situation became public knowledge. Intel defends its position, saying it had no knowledge that the vulnerabilities had been exploited. The report essentially echoes an earlier one in which The Wall Street Journal said Intel shared information about Spectre and Meltdown to Chinese firms before the US government. At the time, Jake Williams, head...
Read more...
Nobody is happy with the situation surrounding recently disclosed CPU vulnerabilities collectively known as Spectre and Metldown (there are two variants of the former and one of the latter). The anger on the part of consumers has erupted into a series of lawsuits, including at least 32 class-action suits filed against Intel and another four that have been hurled at AMD, with potentially more to come. AMD has perhaps been less of a target because it is not really affected by Meltdown, only Spectre. Be that as it may, AMD has not been immune to legal scrutiny, with four separate class-action lawsuits...
Read more...
Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods. The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime:...
Read more...
Microsoft is making it easier for businesses and IT administrators to tell if their PCs are protected from Spectre and Meltdown. Along with yesterday's collection of Patch Tuesday security updates, Microsoft upgraded its Windows Analytics service to specifically look for various mitigations against Spectre and Meltdown, including antivirus, operating system patches, and appropriate firmware. Unless you manage several PCs deployed at your workplace, you might not be familiar with Windows Analytics, a free tool that Microsoft provides to businesses. It's a cloud-based service designed to provide...
Read more...
Intel has had a rough time patching the Meltdown and Spectre chip exploits that were first publicized in early January. The company issued microcode updates that helped to mitigate the exploits on processor architectures dating back to Broadwell. However, Intel quickly found out that not all was well, with customers reporting problems with random system rebooting. After pulling the updates and conferring with its OEM partners, Intel is now an issuing a second "production" microcode update for "several" Skylake-platforms. At this time, Intel is distributing the new microcode updates to system OEMs...
Read more...
It's been roughly a month since the first reports concerning Spectre and Meltdown began appearing on the web. Since that time, hardware and software companies have been working together to release BIOS/microcode updates, software patches, and operating system kernel updates to protect customers. Even though the industry has been pushing out fixes at a rapid rate, malicious actors looking to take advantage of the exploits have also been working overtime. According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware...
Read more...
We don't think that we'd be out of line if we said the revelation of the Meltdown and Spectre chip vulnerabilities and the resultant mitigations have been somewhat of a disaster. It's bad enough that the vulnerabilities exist at all, but the fixes have resulted in in some nasty side effects. AMD users were some of the earliest victims of Meltdown-Spectre mitigations, and now Microsoft is addressing the issue head-on. Microsoft yesterday issued its third cumulative update for the Windows 10 Fall Creators Update (version 1709) for the month of January. The update takes Windows 10 to build 16299.214...
Read more...
The Razer Phone launched back in November and it packed some of the best hardware to be crammed inside a smartphone in recent memory. Razer has now launched a software update for the smartphone that brings some nice new features for owners. The new features might also push some who have been thinking about buying the device off the fence. The update is a big one clocking in at 249MB and brings with its HDR support in Netflix. This feature makes the Razer Phone one of the few smartphones in the world to support Netflix HDR. The update also brings with it updates for the cameras on the phone...
Read more...
Intel is in hot water after a report from The Wall Street Journal surfaced yesterday that claims that Intel announced to a handful of customers, including several Chinese companies, that its chips were susceptible to Meltdown and Spectre security flaws. Those two flaws affected chip technologies from Intel, AMD, and ARM. Security experts have taken issue with what Intel did because the early warning to the Chinese firms could have allowed the companies to alert Beijing officials on the flaws, giving China operatives extra lead time to exploit the vulnerabilities in the chips. Jake...
Read more...
