ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review
Addlink S90 Lite 2TB NVMe SSD review
Researchers reveal Variant 4 of Spectre vulnerability
As discussed a few weeks ago, a new Spectre vulnerability has been shared and made public today. Earlier on it was reported that there are eight new vulnerabilities, grouped and named as Spectre-ng, of which four are critical. Today the Store Bypass (SSB) vulnerability has been published and effects Intel, AMD and ARM.
Researchers from Microsoft and Googles Project Zero now published information about one of the vulnerabilities, the so-called fourth variant Spectre vulnerability, which can cause security issues. A new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639. Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.
In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of speculative Store Bypass (SSB). However, Microsoft Edge, Chrome and other major browsers have taken steps to increase the difficulty of successfully creating a side channel. So with your latest Chrome, you should be fine and thus safe.
There are now four (published) variants of the Spectre vulnerability that can be used to read memory in processors that is not intended for that application, and thus can be abused.
- Variant 1: Bounds Check Bypass - CVE-2017-5753 (Spectre 1)
- Variant 2: Branch Target Injection - CVE-2017-5715 (Spectre 2)
- Variant 3: Rogue Data Cache Load - CVE-2017-5754 (Meltdown)
- Variant 3a: Rogue System Register Read - CVE-2018-3640
- Variant 4: Speculative Store Bypass - CVE-2018-3639 (Spectre 4)
Microsoft has released an advisory on the vulnerability and mitigation plans. Microsoft is completing final testing and validation of specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Intel made microcode available to their partners, however, see a large performance impact of 2 to 8 percent. Because of this impact, Intel has decided to leave the option off by default, so that users of critical systems themselves must switch on the patch in the bios. AMD writes that it will roll out microcode and patches, but it has not indicated what impact this performance will have. Similar to Intel, it will leave the patches turned off by default, because the risk of abuse would be very small.
Arm announced that their Cortex A57, A72, A73 and A75 cpu cores are affected. A firmware mitigates the problem with a performance impact of 1 to 2% with most workloads. In July new versions of the A72, A73 and A75 cores will be released that are resistant to variant 2, and Cortex-A75 is also made resistant to v3, also known as Meltdown.
As always, please check where you are updates and patches wise with the handy InSpectre application, download here.
More info : Microsoft , Arm, AMD , Intel
Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked - 05/03/2018 07:28 AM
Microsoft has a security issue that affects both Windows 7 and Windows 10 operating systems. The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by...
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack - 03/28/2018 01:58 PM
A new Vulnerability has been discovered on Intel processors by researchers. The security attack uses the speculative execution features of modern processors to leak sensitive information and underm...
Initial AMD Technical Assessment of CTS Labs Research - 03/21/2018 08:05 AM
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with...
Security researchers bypass lockscreen and install malware through Cortana - 03/07/2018 09:11 AM
Researchers shared the word that they will demonstrate how they are able to bypass the password-protected Windows 10 lock screen and then install malware from a website, through Microsoft’s ...
Microsoft Researches Holographic Near-Eye Displays - 05/22/2017 08:55 AM
Microsoft shows a thing or two how digital holography can be used to build novel near-eye displays for virtual and mixed (or augmented) reality. using the form factor of sunglasses by using a powerf...
Kool64
Senior Member
Posts: 1479
Joined: 2006-10-21
Senior Member
Posts: 1479
Joined: 2006-10-21
#5549114 Posted on: 05/22/2018 03:57 PM
Next thing you know these researchers will tell us that licking the heat spreader causes a vulnerability.
Next thing you know these researchers will tell us that licking the heat spreader causes a vulnerability.
mbk1969
Senior Member
Posts: 13670
Joined: 2013-01-17
Senior Member
Posts: 13670
Joined: 2013-01-17
#5549118 Posted on: 05/22/2018 04:09 PM
I am curious whether researchers publish tools (which they develop) in binary and/or source form.
I am curious whether researchers publish tools (which they develop) in binary and/or source form.
Dragondale13
Senior Member
Posts: 1512
Joined: 2012-10-04
Senior Member
Posts: 1512
Joined: 2012-10-04
#5549121 Posted on: 05/22/2018 04:20 PM
Denial
Senior Member
Posts: 14035
Joined: 2004-05-16
Senior Member
Posts: 14035
Joined: 2004-05-16
#5549122 Posted on: 05/22/2018 04:21 PM
I'd argue that users having no way of getting their CPU's patched is a bigger reason for those users to know about the issue than keep it secret. Even if they silently patch, the changes are going to show up in the kernel source for open systems and hackers will put two and two together. Either that or it will just leak through the netsec community regardless - tens of thousands of people work on securing these kernels - you're not going to keep that secret. This has been happening for years.
Responsible disclosure is something we covered in our ethics class at RIT - there is a lot of good reasons for disclosing vulnerabilities to the public and a lot of really intelligent people sat down and thought about the pros and cons and built a framework for properly disclosing. I think the 90 day deadline Project Zero gives companies is about as good as it gets and their guidelines are generally agreed upon as best practice in the industry. After that it's up to public scrutiny to keep these companies on their toes and allowing the public to make informed decisions about their security (replacing their processor if it cannot be patched).
These companies really need to stop giving examples of how to take advantage of exploits. They do realize that some of us have no way of getting our CPUs patched, right? For the most part, Spectre and Meltdown were a non-threat. They've been a "problem" for over a decade, and only up until recently were they actually an issue since they were brought to everyone's attention. Stuff like this needs to be patched silently, for the benefit of everyone.
I'd argue that users having no way of getting their CPU's patched is a bigger reason for those users to know about the issue than keep it secret. Even if they silently patch, the changes are going to show up in the kernel source for open systems and hackers will put two and two together. Either that or it will just leak through the netsec community regardless - tens of thousands of people work on securing these kernels - you're not going to keep that secret. This has been happening for years.
Responsible disclosure is something we covered in our ethics class at RIT - there is a lot of good reasons for disclosing vulnerabilities to the public and a lot of really intelligent people sat down and thought about the pros and cons and built a framework for properly disclosing. I think the 90 day deadline Project Zero gives companies is about as good as it gets and their guidelines are generally agreed upon as best practice in the industry. After that it's up to public scrutiny to keep these companies on their toes and allowing the public to make informed decisions about their security (replacing their processor if it cannot be patched).
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 7235
Joined: 2012-11-10
These companies really need to stop giving examples of how to take advantage of exploits. They do realize that some of us have no way of getting our CPUs patched, right? For the most part, Spectre and Meltdown were a non-threat. They've been a "problem" for over a decade, and only up until recently were they actually an issue since they were brought to everyone's attention. Stuff like this needs to be patched silently, for the benefit of everyone.