Meltdown and Spectre vulnerabilities shake industry — Risk & Repeat

Intel, along with fellow chipmakers AMD and ARM, has to come up with ways to continue reaping the benefits of that feature while making the chips more secure.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory-including that of the kernel-from a less-privileged user process such as a malicious app running on a device.

Microsoft Corp said yesterday its software patches slowed down some PCs and servers, with systems running on older Intel processors seeing a noticeable decrease in performance. Myerson said some customers will notice that their PCs' performance has changed. Even still, the company is facing at least three class-action lawsuits.

The Spectre and Meltdown flaws were originally discovered by Google engineers, and have sent computer makers scrambling to patch their hardware to protect against potential hacks.

Intel is taking the Meltdown and Spectre flaw quite seriously and is working to release further updates in the coming weeks and months. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. So, now you know what Spectre and Meltdown bugs are and how they can be exploited on a considerable number of devices.

AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week.

And the news gets worse the older the machine.

Beaumont says that companies whose AV products are designed to be used alongside other security software say they are loathe to set the key, in case other software on the system clashes with the fix.

Intel published data that showed that the recent security updates did not have significant performance impact.

"Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance", wrote Myerson. That's largely because, as the chipmaker explained an initial statement, there is a "near zero risk" to its processors.

Last week, AMD claimed the exploits barely impacted its processors.

  • Leon Brazil