Tuesday July 10, 2018

Intel Spectre Vulnerabilities Now Have a Release Schedule

Intel has adopted a release schedule for new Spectre vulnerability disclosures. According to The Register, starting today new patches will be released quarterly to patch the latest exploits. This is akin to the Windows Patch Tuesday. I never thought that hardware would have a patch release schedule, but on the bright side, organizations can now plan in advance. I would manually set a restore point after reading this.....

News Image

The new Spectre-class side-channel vulnerability to be disclosed today in Intel's processors can be exploited through bounds-check bypass store attacks. This means malicious code already running on an Intel-powered computer can leverage speculative execution to potentially alter function pointers and return addresses in other threads to hijack applications. At that point, the malware can extract secrets from the system, and cause other merry mischief. The good news is that software mitigations available today for Spectre variant 1 will thwart bounds-check bypass store attacks. Thus, web browsers and other applications employing anti-Spectre mechanisms should be safe.

UPDATE: Intel did send over its statement and we wanted to make sure and share that with you.

"As we continue working with industry researchers, partners and academia to protect customers against evolving security threats, we are streamlining security updates and guidance for our industry partners and customers when possible. With this in mind, today we are providing mitigation details for a number of potential issues, including a new sub-variant of variant 1 called Bounds Check Bypass Store, for which mitigations or developer guidance have been released. More information can be found on our product security page. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel."