Major Flaw in Millions of Intel Chips Revealed

CFC

Administrator
Staff member
Joined
Mar 9, 2013
Messages
10,564
Location
The Shire
Looks troubling. Wonder if there'll be some lawsuits flying around?


Major flaw in millions of Intel chips revealed





A serious flaw in the design of Intel's chips will require Microsoft, Linux and Apple to update operating systems for computers around the world.

Intel has not yet released the details of the vulnerability, but it is believed to affect chips in millions of computers from the last decade.

The UK's National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

Some experts said a software fix could slow down computers.

"We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms," the NCSC said in a statement.

"The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available."

The bug could allow malicious programs to read the contents of the so-called kernel memory of computers, which can include passwords and login keys.

It is also likely to affect major cloud computing platforms such as Amazon, Microsoft Azure and Google, according to The Register, which broke news of the flaw.

Read the rest here
 

Swerlz

Bluelight Crew
Joined
Sep 22, 2006
Messages
11,924
Location
Fent Liquordale
Is this related to the hardware backdoors that was discovered in the Intel Management Engine a few months ago?
 

JessFR

Moderator
Staff member
Joined
Oct 22, 2012
Messages
5,201
Impossible to know until more details are released. Seems unlikely though.
 

thujone

Bluelight Crew
Joined
Aug 31, 2006
Messages
10,126
Location
::1
All the vulnerable products are listed in this article: https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

So nearly all Intel CPUs are vulnerable to all three exploits, AMD is thought to be vulnerable to at least one of them but also invulnerable to at least one, and most ARM designs are not vulnerable.

List of patches available now: https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

However,

On January 3rd 2018, Microsoft released emergency out-of-band updates for Windows 7 SP1, Windows 8.1, Windows 10, and various Windows Server versions. Though these updates help to mitigate the Spectre and Meltdown speculative execution side-channel vulnerabilities, but to be fully protected you will also need to install the latest firmware & bios updates for your computer.
AMD has said microcode updates will be coming but for Intel processors there is no low-level fix, it will depend on the best effort of the OS.
 

CFC

Administrator
Staff member
Joined
Mar 9, 2013
Messages
10,564
Location
The Shire
^ Thanks for the Register link mate!

It affects potentially all out-of-order execution Intel processors since 1995
Until I read that, I was generally assuming I'd be OK because my Mac's Intel processors were kinda old :\
 

thujone

Bluelight Crew
Joined
Aug 31, 2006
Messages
10,126
Location
::1
np, i've been following the issue closely because of all my cloud resources :S for most users, web browsers are the most important to update now, with OS updates being slightly lower priority, and microcode updates the last line of defense. Intel CPUs are just flat-out fucked, though, hopefully it leads to a class-action suit
 

CFC

Administrator
Staff member
Joined
Mar 9, 2013
Messages
10,564
Location
The Shire
Yeah I'm going to get right to that browser fix you suggest. I'll quote it here for anyone else who's worried (the links are in the quote):

Our advice is to sit tight, install OS and firmware security updates as soon as you can, don't run untrusted code, and consider turning on site isolation in your browser (Chrome, Firefox) to thwart malicious webpages trying to leverage these design flaws to steal session cookies from the browser process.
 
Top