More flaws discovered in Intel chips - some serious, expect patches
But it seems the worse isn’t over yet, as security boffins have discovered eight more vulnerabilities affecting Intel CPUs, caused due to the same design problem that led to Spectre and Meltdown. For the time being, it isn’t clear if or to what extent CPUs from other manufacturers are affected. All eight vulnerabilities will be uniquely identified on the Common Vulnerabilities and Exposures (CVE), a database for cybersecurity vulnerabilities, and are expected to require discrete patches to fix. The good news is that several teams of security researchers have already reported them to Intel, so the compromising bits aren't quite in the public domain yet, giving the Intel some much needed time to work on a solution.
That being said, it appears that Google’s Project Zero may have discovered at least one of the eight vulnerabilities a while ago, and their stringent 90-day non-disclosure window may be very close to lapsing, perhaps as early as May 7, if sources are to be believed. After that, their policy is to publicly release information on the vulnerability, regardless of whether a fix is out. While this incentivizes manufacturers to release patches on time, the hard 90-day deadline could be a double-edged sword at times, given the potential impact to user security should a solution fail to arrive before public disclosure. In any case, Intel is expected to release microcode updates in two waves; one in May, and the other in August. Microsoft is also likely working on a fix, which should align with Intel’s timeline.
As for the vulnerabilities themselves, Intel has classified four as ‘high risk’ and the others as ‘medium risk’. At the moment, at least one vulnerability is being deemed riskier than the rest, primarily because it may allow malicious code to be executed at the VM-level, before ultimately leveling an attack at the host, or at other VMs on the same server. Hackers could also intercept sensitive data such as passwords and keys, given Intel’s Software Guard Extensions (SGX) aren't entirely immune to Spectre either.
In the interests of disclosure, and to avoid a potential PR debacle, Leslie Culbertson, Intel’s Executive Vice President and General Manager of Product Assurance has already released a statement, essentially confirming the vulnerabilities.
However, to put things in perspective, designing and engineering CPUs is a difficult task and takes a lot of time. To date, we're yet to see any new CPUs with actual hardware-level changes to the microarchitecture that resolve the first-generation Spectre and Meltdown vulnerabilities. In the meantime, pushing out microcode updates and software patches is the only workaround.
Posted:
Related Forum: PC General Forum
Source: https://www.neowin.net/news/more-flaws-discovered-in-intel-chips---some-serious-expect-patches-soon
Related Articles
Comments
Latest Downloads
- 01. Need for Speed: Most Wanted (2005) - SaveGame (0% career, 2 BMWs in the garage)(0)
- 02. [EU] CARX DRIFT RACING ONLINE - PROGRESS SAVE 6 SP DUO (CUSA15633)(3)
- 03. Fallout Shelter Modded Save PC(0)
- 04. Remember Me: SaveGame (The Game done 100%)(0)
- 05. The Long Drive: SaveGame (American pickup)(0)
- 06. Goemon's Great Adventure (US / NTSC) - Nintendo 64 Game Save(1)
- 07. The Long Drive: SaveGame (blue VW Beetle)(0)
- 08. Deadly Creatures | Complete Savegame(0)
- 09. Driift Mania | 100% Savegame(0)
- 10. LostWinds: Winter of the Melodias | 100% Savegame(0)
- 11. Lost Winds | 100% Savegame(0)
- 12. Mega Man 10 | Savegame(0)
- 13. Mega Man 9 | Savegame(0)
- 14. LASTFIGHT Secret character unlocked(1)
- 15. PC Horizon Forbidden West Complete Save(14)
Latest Tutorials
- 01. The Redress Of Mira 100% Walkthrough | Trophy & Achievement(430)
- 02. Russian Pinocchio Quick Trophy Guide(527)
- 03. Venatrix Quick Trophy & Achievement Guide(491)
- 04. Call of the Sea 100% Platinum Walkthrough(633)
- 05. Wire Lips 100% Platinum Walkthrough(599)
- 06. The Expanse 100% Platinum Walkthrough | Trophy & Achievement(555)
- 07. Doctor Who: The Edge of Reality - PS4 Platinum P/Thru(472)
- 08. Doctor Who:The Lonely Assassins - 100% Guide(447)
- 09. DAYMARE 1998 PS4 - Full game 100% TROPHY WALKTHROUGH(406)
- 10. Stray Platinum Walkthrough | Trophy & Achievement Guide(429)
- 11. Raji: An Ancient Epic | Complete Gameplay Walkthrough(574)
- 12. Corpse Killer: 25th Anniversary Edition - Longplay(544)
- 13. Song of Horror: Complete Edition Gameplay Walkthrough(387)
- 14. Remoteness 100% All Trophies Walkthrough(553)
- 15. Detective Inspector Mysterious Clues Platinum Walkthrough(492)
"More flaws discovered in Intel chips - some serious, expect patches" :: Login/Create an Account :: 1 comment