Bluelight

Thread: Major Flaw in Millions of Intel Chips Revealed

Results 1 to 7 of 7
  1. Collapse Details
    Major Flaw in Millions of Intel Chips Revealed 
    #1
    Moderator
    Performance Enhancing Drugs
    CFC's Avatar
    Join Date
    Mar 2013
    Location
    The Shire
    Posts
    9,975
    Record
    Looks troubling. Wonder if there'll be some lawsuits flying around?


    Major flaw in millions of Intel chips revealed





    A serious flaw in the design of Intel's chips will require Microsoft, Linux and Apple to update operating systems for computers around the world.

    Intel has not yet released the details of the vulnerability, but it is believed to affect chips in millions of computers from the last decade.

    The UK's National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

    Some experts said a software fix could slow down computers.

    "We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms," the NCSC said in a statement.

    "The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available."

    The bug could allow malicious programs to read the contents of the so-called kernel memory of computers, which can include passwords and login keys.

    It is also likely to affect major cloud computing platforms such as Amazon, Microsoft Azure and Google, according to The Register, which broke news of the flaw.

    Read the rest here
    Reply With Quote
     

  2. Collapse Details
     
    #2
    Bluelight Crew Swerlz's Avatar
    Join Date
    Sep 2006
    Location
    Fent Liquordale
    Posts
    11,852
    Is this related to the hardware backdoors that was discovered in the Intel Management Engine a few months ago?
    Reply With Quote
     

  3. Collapse Details
     
    #3
    Moderator
    Current Events & Politics

    Join Date
    Oct 2012
    Posts
    4,822
    Impossible to know until more details are released. Seems unlikely though.
    Reply With Quote
     

  4. Collapse Details
     
    #4
    Bluelight Crew thujone's Avatar
    Join Date
    Aug 2006
    Location
    ::1
    Posts
    10,043
    All the vulnerable products are listed in this article: https://www.theregister.co.uk/2018/0...vulnerability/

    So nearly all Intel CPUs are vulnerable to all three exploits, AMD is thought to be vulnerable to at least one of them but also invulnerable to at least one, and most ARM designs are not vulnerable.

    List of patches available now: https://www.bleepingcomputer.com/new...s-and-updates/

    However,

    On January 3rd 2018, Microsoft released emergency out-of-band updates for Windows 7 SP1, Windows 8.1, Windows 10, and various Windows Server versions. Though these updates help to mitigate the Spectre and Meltdown speculative execution side-channel vulnerabilities, but to be fully protected you will also need to install the latest firmware & bios updates for your computer.
    AMD has said microcode updates will be coming but for Intel processors there is no low-level fix, it will depend on the best effort of the OS.
    Reply With Quote
     

  5. Collapse Details
     
    #5
    Moderator
    Performance Enhancing Drugs
    CFC's Avatar
    Join Date
    Mar 2013
    Location
    The Shire
    Posts
    9,975
    ^ Thanks for the Register link mate!

    It affects potentially all out-of-order execution Intel processors since 1995
    Until I read that, I was generally assuming I'd be OK because my Mac's Intel processors were kinda old
    Reply With Quote
     

  6. Collapse Details
     
    #6
    Bluelight Crew thujone's Avatar
    Join Date
    Aug 2006
    Location
    ::1
    Posts
    10,043
    np, i've been following the issue closely because of all my cloud resources :S for most users, web browsers are the most important to update now, with OS updates being slightly lower priority, and microcode updates the last line of defense. Intel CPUs are just flat-out fucked, though, hopefully it leads to a class-action suit
    Reply With Quote
     

  7. Collapse Details
     
    #7
    Moderator
    Performance Enhancing Drugs
    CFC's Avatar
    Join Date
    Mar 2013
    Location
    The Shire
    Posts
    9,975
    Yeah I'm going to get right to that browser fix you suggest. I'll quote it here for anyone else who's worried (the links are in the quote):

    Our advice is to sit tight, install OS and firmware security updates as soon as you can, don't run untrusted code, and consider turning on site isolation in your browser (Chrome, Firefox) to thwart malicious webpages trying to leverage these design flaws to steal session cookies from the browser process.
    Reply With Quote
     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •