The vulnerabilities, which could allow attackers to read sensitive information on your CPU, affected hundreds of millions of chips from the last two decades. Hackers often scour online for vulnerabilities that’ll allow them to carry out attacks. The WannaCry ransomware attack, for example, took advantage of Windows computers whose owners never implemented a Microsoft patch.
This new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks.
To ensure most people won’t see negative performance impacts, the firmware updates will set the Speculative Store Bypass protection to off-by-default. According to Leslie Culbertson, the fix will have impact on performance. Microsoft is now working with Intel and AMD to determine performance impacts on systems. That means end users will have to pick between security or optimal performance. It is reported that
As Red Hat breaks it down in a more technical explanation, the vulnerability relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.
For this bug, Intel also announced new patches. Culbertson said, “We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.” Red Hat and Microsoft announced new patches as well
Published by & last updated on May 22, 2018 6:29 am