Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review

New Downloads
Intel ARC graphics Driver Download Version: 31.0.101.4148
GeForce 531.29 WHQL driver download
CrystalDiskInfo 9.0.0 Beta3 Download
AMD Ryzen Master Utility Download 2.10.2.2367
AMD Radeon Software Adrenalin 23.3.1 WHQL download
Display Driver Uninstaller Download version 18.0.6.1
CPU-Z download v2.05
AMD Chipset Drivers Download 5.02.19.2221
GeForce 531.18 WHQL driver download
ReShade download v5.7.0


New Forum Topics
DPReview Camera Website, to Close Its Doors After 25 Years Raja Koduri, Chief Architect of Intel's GPU Division, Leaves Intel Strange DX11 performance issue [Win11 22H2] [Ampere] Negative LOD Bias and DLSS 3080 Ti owners advised to avoid Diablo 4 if their card has AOZ5312UQI buck controller. Review: MSI Clutch GM51 Wireless Mouse GPU Crashing Vulkan Beta Driver 531.46 AMD Software: Adrenalin Edition 23.3.2 WHQL - Driver Download and Discussion NVIDIA GeForce 531.29 WHQL driver Download & Discussion




Guru3D.com » News » Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

by Hilbert Hagedoorn on: 05/03/2018 10:55 AM | source: | 92 comment(s)
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.

German c't / Heise reports and breaks the news today, as the new vulnerabilities have not been made public just yet. There would be 'no doubt' that these are real vulnerabilities. While technical details are missing, the attack scenarios resemble close to what the Spectre vulnerabilities are. 

Currently, most at risk are shared hosting providers, once you have access to your rented server-container, you could exploit the processor to retrieve secure data. All eight vulnerabilities share the same design problem that the "Meltdown and Spectre" vulnerabilities detailed as well - they are, so to speak, Spectre Next Generation ergo Spectre NG. c't mentions they have concrete information about Intel's processors and their patch plans. However, there are some indications that other processors are affected as well, at least some ARM CPUs are also vulnerable to some extent. Further research into whether and to what extent the AMD processor architecture is vulnerable at (if at all), is not yet known.

Intel is reportedly actively and nervously working on Spectre NG patches behind the scenes; other patches are developed in collaboration with the operating system manufacturers (Microsoft / Linux etc). When exactly the first Spectre NG patches and firmware updates will become available is not yet clear. According to information, Intel is planning at least two patch waves: a first one should start in May; a second is currently scheduled for August. For at least one of the Specter NG patches is already a specific date as it was Google's Project Zero that has found one of the vulnerabilities, on May 7 - the day before the Windows Patchday - the 90-day warning period expires. So it's likely that when the first patch would be released for Microsoft Windows. Microsoft is preparing CPU patches: they appear to be in the form of optional Windows updates, and not so much microcode updated (firmware). The PC motherboard and server manufacturers probably need too long for BIOS updates. 

Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes.

 



Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical




« Review: Fractal Design Celsius S24 · Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical · Review: AMD Ryzen 7 2700 processor (65W) »

19 pages 1 2 3 4 > »


fantaskarsef
Senior Member



Posts: 14282
Joined: 2014-07-21

#5543408 Posted on: 05/03/2018 11:01 AM
Patches scheduled for May and August... I believe it when I see it.
Last time Intel gave patch dates after the big exploit they took three months longer than expected, and then you didn't get them for all the CPUs they originally claimed they'd patch. Way to go m$, quite a track record in 2017/18 so far.

HardwareCaps
Senior Member



Posts: 452
Joined: 2018-05-03

#5543411 Posted on: 05/03/2018 11:09 AM
My god,hopefully will not hurt performance... if so that's a big blow indeed.

Angantyr
Senior Member



Posts: 899
Joined: 2013-11-23

#5543413 Posted on: 05/03/2018 11:13 AM
Somewhere, an Intel engineer is pulling his hair off in frustration.

Robbo9999
Senior Member



Posts: 1713
Joined: 2012-10-07

#5543415 Posted on: 05/03/2018 11:19 AM
My guess is that Intel are just gonna have to neuter the branch prediction capabilities of their CPUs even more to fix this, so this is kinda worrying from a performance perspective! I've seen a 10-15% drop in CPU load required in Battlefield 1 since updating to the latest 1803 version of Windows 10, which also coincides with my Spectre protection disappearing (as Microsoft haven't released KB microcode patches yet for 1803) - so this either proves that 1803 version of Windows is a lot more CPU efficient when it comes to gaming or that Spectre protection microcodes can have a 10-15% performance cost to CPU load, in Battlefield 1 at least. The thought of an even more performance impactful microcode being released to kerb these new Spectre threats is less than ideal!

Yogi
Senior Member



Posts: 324
Joined: 2015-06-25

#5543416 Posted on: 05/03/2018 11:19 AM
Somewhere, an Intel engineer is pulling his hair off in frustration.


I feel sorry for those guys. This seems to fall under the old adage "Make something idiot-proof and the world just invents a better idiot", except replace idiot's with very clever hackers.

19 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023