Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Guru3D Winter 2019 PC Buyer Guide
Corsair QL120 and QL140 RGB fan review
Promo: Windows 10 Pro for $13 With Office 2016 For $33
Corsair Void RGB Elite Wireless Headset review
Team Group PD400 Portable SSD review
AMD Athlon 3000G review
Team Group T-Force Delta Max 1 TB SSD review
Guru3D Rig of the Month - November 2019
ASUS ROG Rampage VI Extreme Encore review
Toshiba RC500 500GB NVMe M.2 SSD review

New Downloads
GPU-Z Download v2.28.0
3DMark Download v2.11.6846 + Port Royale
HWiNFO64 Download v6.20
AMD Radeon Adrenalin Edition 19.12.1 driver download
Crystal DiskMark Download v7.0.0f
AMD Ryzen Master Utility Download v2.1.0.1424
Quake II RTX Download v1.2
GeForce 441.41 WHQL driver download
Oculus TrayTool download v0.86.3.1
AMD Chipset Drivers Download v1.11.22.0454


New Forum Topics
NVIDIA Working on Tile-based Multi-GPU Rendering Technique Called CFR - Checkered Frame Rendering Guru3D 2019 December 9th contest: Win a Macube 310P White Chassis+ Castle 240 EX White Ryzen 4000 and X670 scheduled for late 2020 Rumored NVIDIA Next Gen-GPU codenamed Hopper gets a registered trademark ThreadRipper + Diffrent RAM? Intel reverses EOL Pentium G3420 and starts selling 2013 22nm processors again 8700K delid temps Fine Utilise Power of RadeonPRO Software & SweetFX Part 2 Review: Red Dead Redemption 2: PC graphics benchmark analysis The AMD Ryzen All In One Tread /Overclocking/Memory Speeds & Timings/Tweaking/Cooling Part 2




Guru3D.com » News » Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

by Hilbert Hagedoorn on: 05/03/2018 09:55 AM | source: | 92 comment(s)
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.

German c't / Heise reports and breaks the news today, as the new vulnerabilities have not been made public just yet. There would be 'no doubt' that these are real vulnerabilities. While technical details are missing, the attack scenarios resemble close to what the Spectre vulnerabilities are. 

Currently, most at risk are shared hosting providers, once you have access to your rented server-container, you could exploit the processor to retrieve secure data. All eight vulnerabilities share the same design problem that the "Meltdown and Spectre" vulnerabilities detailed as well - they are, so to speak, Spectre Next Generation ergo Spectre NG. c't mentions they have concrete information about Intel's processors and their patch plans. However, there are some indications that other processors are affected as well, at least some ARM CPUs are also vulnerable to some extent. Further research into whether and to what extent the AMD processor architecture is vulnerable at (if at all), is not yet known.

Intel is reportedly actively and nervously working on Spectre NG patches behind the scenes; other patches are developed in collaboration with the operating system manufacturers (Microsoft / Linux etc). When exactly the first Spectre NG patches and firmware updates will become available is not yet clear. According to information, Intel is planning at least two patch waves: a first one should start in May; a second is currently scheduled for August. For at least one of the Specter NG patches is already a specific date as it was Google's Project Zero that has found one of the vulnerabilities, on May 7 - the day before the Windows Patchday - the 90-day warning period expires. So it's likely that when the first patch would be released for Microsoft Windows. Microsoft is preparing CPU patches: they appear to be in the form of optional Windows updates, and not so much microcode updated (firmware). The PC motherboard and server manufacturers probably need too long for BIOS updates. 

Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes.

 



Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical




Rate this story
Rating:

« Review: Fractal Design Celsius S24 · Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical · Review: AMD Ryzen 7 2700 processor (65W) »

7 pages 1 2 3 4 > »


fantaskarsef
Senior Member



Posts: 11027
Joined: 2014-07-21

#5543408 Posted on: 05/03/2018 10:01 AM
Patches scheduled for May and August... I believe it when I see it.
Last time Intel gave patch dates after the big exploit they took three months longer than expected, and then you didn't get them for all the CPUs they originally claimed they'd patch. Way to go m$, quite a track record in 2017/18 so far.

HardwareCaps
Senior Member



Posts: 452
Joined: 2018-05-03

#5543411 Posted on: 05/03/2018 10:09 AM
My god,hopefully will not hurt performance... if so that's a big blow indeed.

Angantyr
Senior Member



Posts: 662
Joined: 2013-11-23

#5543413 Posted on: 05/03/2018 10:13 AM
Somewhere, an Intel engineer is pulling his hair off in frustration.

Robbo9999
Senior Member



Posts: 1348
Joined: 2012-10-07

#5543415 Posted on: 05/03/2018 10:19 AM
My guess is that Intel are just gonna have to neuter the branch prediction capabilities of their CPUs even more to fix this, so this is kinda worrying from a performance perspective! I've seen a 10-15% drop in CPU load required in Battlefield 1 since updating to the latest 1803 version of Windows 10, which also coincides with my Spectre protection disappearing (as Microsoft haven't released KB microcode patches yet for 1803) - so this either proves that 1803 version of Windows is a lot more CPU efficient when it comes to gaming or that Spectre protection microcodes can have a 10-15% performance cost to CPU load, in Battlefield 1 at least. The thought of an even more performance impactful microcode being released to kerb these new Spectre threats is less than ideal!

Yogi
Senior Member



Posts: 228
Joined: 2015-06-25

#5543416 Posted on: 05/03/2018 10:19 AM
Somewhere, an Intel engineer is pulling his hair off in frustration.


I feel sorry for those guys. This seems to fall under the old adage "Make something idiot-proof and the world just invents a better idiot", except replace idiot's with very clever hackers.

cryohellinc
Senior Member



Posts: 2759
Joined: 2014-10-20

#5543417 Posted on: 05/03/2018 10:20 AM
Ouch.

RealNC
Senior Member



Posts: 3114
Joined: 2011-11-24

#5543423 Posted on: 05/03/2018 10:29 AM
Speculative execution. The gift that keeps on giving.

You know, I always thought computer security was really hard. I now changed my mind. It's impossible.

fantaskarsef
Senior Member



Posts: 11027
Joined: 2014-07-21

#5543427 Posted on: 05/03/2018 10:33 AM
Well it is possible, just not with the design choices around. If speculative execution wouldn't be around, we'd have decreased performance, but not patches needed (in this very single matter though).
The easiest fix for something like this is not to create any exploitable mechanism. I hope that at least in the future this won't happen again... can't wait to see if Intel's next architecture gets equally exploitable features for another 5% performance increase... :D

BigMaMaInHouse
Senior Member



Posts: 137
Joined: 2016-10-11

#5543433 Posted on: 05/03/2018 10:58 AM
How do you think this will effect on EPYC sales?
As I see it those new vulnerabilities month after month brings huge trouble to company's + after patches they loose performance.

prazola
Senior Member



Posts: 171
Joined: 2015-06-01

#5543435 Posted on: 05/03/2018 11:02 AM
My god,hopefully will not hurt performance... if so that's a big blow indeed.

It will hurt performance for sure.

alanm
Senior Member



Posts: 8979
Joined: 2004-05-10

#5543436 Posted on: 05/03/2018 11:04 AM

You know, I always thought computer security was really hard. I now changed my mind. It's impossible.
Whenever I see PC security breaches, I'm reminded of Denuvos anti-piracy measures for PC games. Theres only a brief period where the measures can work. Where theres a will, theres a way for hackers to defeat just about anything.

Here I was foolishly thinking my next CPU Zen 2 will be totally secure from these issues, and it probably will.... until the next big exploit or breach is found.

TheDeeGee
Senior Member



Posts: 6240
Joined: 2010-08-28

#5543440 Posted on: 05/03/2018 11:16 AM
After patching i can expect performance similar to a Pentium 3? :p

Joking aside, this sucks!

-Tj-
Senior Member



Posts: 16438
Joined: 2012-05-18

#5543441 Posted on: 05/03/2018 11:20 AM
You reap what you sow, or something like that. XD

Kaarme
Senior Member



Posts: 1692
Joined: 2013-03-10

#5543442 Posted on: 05/03/2018 11:20 AM
I feel sorry for those guys. This seems to fall under the old adage "Make something idiot-proof and the world just invents a better idiot", except replace idiot's with very clever hackers.

I hope they got paid well in the past when they didn't need to do much for 10 years. Now they are paying back the karma. In the end it was the businessmen who told the engineers not to do much at all, but I bet now those same businessmen are then telling the engineers to perform miracles overnight.

How do you think this will effect on EPYC sales?
As I see it those new vulnerabilities month after month brings huge trouble to company's + after patches they loose performance.

Didn't Intel report record earnings? Security is overrated. Nobody seems to care in practice.

hexaae
Member



Posts: 28
Joined: 2013-06-07

#5543444 Posted on: 05/03/2018 11:21 AM
What's the problem? Switch to AMD.
NSA is a Intel partner ;)

7 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2019