A new security flaw within Intel CPU’s, some as old as 10 years old, has been found. The flaw affects all operating systems, including Linux, MacOS, and Windows. A fix for the flaw has been in the works for Windows since November. Current updates look to impose a 5-30% performance hit on the processors. AMD processors do not have this flaw. Incidentally, AMD stocks are rising while Intel is dropping.
As for the details of the flaw? I’ll let the experts explain it, as they can do a much better job.
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Update: Intel has put out a press release, mentioning that it may not be limited to just Intel CPU’s and may include AMD and ARM CPU’s as well. Still no confirmation on the impact with the other vendors or how vulnerable they are, but according to Intel it may be an issue.
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
Update 2: There seems to be some confusion between multiple processor flaws that have recently been released. This site has a lot more information on both of them.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Update 3: AMD has released a statement showing that their CPU’s are not vulnerable to the Intel CPU flaw.
To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.
Update 4: Microsoft has released an out-of-band patch for Windows 10 in KB4056892. Should come through in automatic updates.
Release Date: January 03, 2018
The January security release consists of security updates for the following software:
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows