Items tagged with spectre
Ever since the Meltdown and Spectre were disclosed earlier this year, the issues surrounding the speculative execution exploits has been multi-pronged. On the one hand, there are concerns that nefarious parties taking advantage of the exploits to compromise unpatched systems. In addition, there have been concerns that the current patches to mitigate the attacks can reduce processing performance by up to 30 percent in some cases. Thankfully, Google engineers have developed a Spectre Variant 2 mitigation technique that results in a negligible impact in system performance. The mitigation...
Read more...
Microsoft is pushing out new microcode updates for Intel processors affected by recently disclosed side channel exploits, including several Spectre variants and the newer Foreshadow flaw. The microcode updates apply to Windows 10 and Windows Server, and cover a range of Skylake, Kaby Lake, and Coffee Lake processors. "This update is a stand-alone update targeted for Windows 10 version 1803 (Windows 10 April 2018 Update) and Windows Server Version 1803 (Server Core). This update also includes Intel microcode updates that were already released for these operating systems at the time of release to...
Read more...
If you thought Spectre and Meltdown were bad, there are new exploits that have the potential to seriously compromise modern Intel processors. The latest class of exploits are called Foreshadow, and were was disclosed today by Intel via a blog post. The exploit involves Intel's Software Guard Extensions, which is better known as SGX. SGX is supposed to serve as a secure enclave within memory on the processor to ward off malicious entities accessing private data. SGX has in the past been able to help mitigate Meltdown and Spectre attacks, but Foreshadow has the ability to access the SGX-protected...
Read more...
Security conscious computer users might wonder if we will ever fully put Spectre vulnerabilities behind us. Researchers were still discovering new vulnerabilities related to Spectre early this year. Intel is working to protect users from the vulnerability and only a few days ago it announced a patch for side-challenge exploits for some of it chips and awarded the researchers who found the bug $100,000 for their efforts. Google is also integrating security technology into its popular Chrome browser to protect against Spectre vulnerabilities. Those new security features come at a cost for Chrome...
Read more...
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology – like Spectre and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but Red Hat just revealed all of the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating and an ID of CVE-2018-3665 in the company's solutions database. As its name suggests,...
Read more...
Computer users around the world are still reeling from the Spectre flaws that affected many modern ARM and x86-64 CPUs, and earlier this month we learned that there was another Spectre-style vulnerability that could affect processors from Intel, AMD and ARM. Intel and Microsoft have now stepped up and officially disclosed the latest vulnerability. Intel says that following the Google Project Zero (GPZ) disclosure of speculative execution-based side-channel analysis methods back in January that it has continued working with researchers around the world to figure out if similar methods could...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element...
Read more...
Just when news of Spectre and Meltdown has seemingly died down, we're now hearing of a fresh round of exploits that might affect Intel processors. A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short. Each of the eight vulnerabilities have been assigned their own Common Vulnerability Enumerator (CVE) designation, and each will need to be patched separately according to German publication c't. Intel, which has been notified of Spectre-NG, acknowledges that four of the new exploits are considered "high risk",...
Read more...
In mid-March, Intel announced that it had made tremendous progress in releasing microcode updates to address the Meltdown and Spectre vulnerabilities in its processors. At the time, Intel said that its microcode updates had been distributed for all of its processors released in the past five years. While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on...
Read more...
When word finally spread about Spectre and Meltdown, it seemed only a matter of time before attackers would try to leverage the side-channel vulnerabilities. That is not the only concern, however. A team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamtom University say they have discovered a new side-channel attack that affects Intel processors, and that patches released for Spectre and Meltdown might prove ineffective against the exploit. Researchers are calling the newly discovered vulnerability "BranchScope."...
Read more...
It appears that the Spectre-Meltdown nightmare for Intel and its customers is finally nearing resolution. The chip giant has been working overtime to develop and distribute microcode updates for its processors to combat these vulnerabilities, and this morning announced that 100 percent of its processors released in the past five years have microcode updates to protect "against the side-channel method vulnerabilities." In addition, Intel says that it is taking proactive steps to ensure that all three primary vulnerabilities, which are listed below, are addressed in the future: Variant 1 (Spectre):...
Read more...
Today is Patch Tuesday, which means that Microsoft is pushing out a slew updates for its wide portfolio of software products. First and foremost, the company is issuing another round of updates to address the Spectre and Meltdown processor vulnerabilities that rocked the computing world back at the start of 2018. Microsoft announced that it will be expanding its Meltdown mitigation solutions to x86 version of both the legacy Windows 7 and Windows 8.1 operating systems. With this latest round of updates, all of Microsoft's [currently supported] operating systems are hardened against any known Meltdown...
Read more...
Attempts to mitigate CPU flaws affecting practically every processor released in the past two decades has not been easy. There is no 'one-size-fits-all' solution to this mess, and some of early attempts to patch CPUs against Spectre and Meltdown only caused more problems, like random reboots. Well, good news if you an own an older processor—Intel has released another batch of stable microcode updates, this time for Haswell and Broadwell CPUs. The new microcode updates replace some of the ones Intel briefly doled out in January. Intel ended up pulling those initial patches after customers...
Read more...
Just when you thought the whole Spectre and Meltdown situation could not get any messier, a new report suggests Intel withheld information about the security flaws to US cyber officials, even though it gave some of its hardware partners a heads up before the situation became public knowledge. Intel defends its position, saying it had no knowledge that the vulnerabilities had been exploited. The report essentially echoes an earlier one in which The Wall Street Journal said Intel shared information about Spectre and Meltdown to Chinese firms before the US government. At the time, Jake Williams, head...
Read more...
