Last week we reported about Spectre-NG, eight new vulnerabilities similar to Spectre, of which four tagged as critical have been detected. Intel would have been working behind scenes on patching the new vulnerabilities, as it now seems it will take at least another two weeks before Intel can release the initial patches.

The news is reported today by Heise in Germany and is based on sources that are familiar with Intel's patch plans. From the looks of it, Intel is not capable of finishing up the patches before the disclosure publication date of what the new vulnerabilities mean and are. Up-to-now, any and all technical information on the Spectre-NG variants are disclosed. Likely all detected and to be published by Google Project Zero.

Intel set a new target for initial patches and firmware updates at the 21st of May, however also indicated they might not make that date and if so, requested technical disclosure until July 10th 2018. New microcode updates are due to be released on this date. At the same time, technical information on the nature of at least two of the Specter NG vulnerabilities are likely to be published. Heise states that a wide number of systems would be affected by the leaks including pretty much Core-i processors, Xeon variants, as well as Pentium and Celeron proc based Atom CPUs released ever since 2013. Later in August, it will address and patch the most serious leak that involves virtualized environments like cloud hosts, making it possible to obtain secure information directly from the CPU. The patch date for that specific vulnerability would be August 14 according to Heise. AMD has indicated it is investigating all reports. It is completely unclear whether the company was affected by the vulnerabilities as well.

To secure the architecture, Intel plans a combination of hardware updates in the form of new microcode and software improvements that the operating system manufacturers have to implement.

Intel Has to Delay Patches for new Spectre-NG Vulnerabilities