Posted on 05/04/2018 10:48:57 AM PDT by ShadowAce
A report by German tech site heise.de says Intel's CPUs are affected by eight new "Spectre-class" vulnerabilities, including one found by Google's Project Zero, which identified the first set of CPU flaws known as Meltdown and Spectre.
The site reports that the bugs have been assigned CVE identifiers and that at least one of them will be revealed by Project Zero on May 7, a day ahead of Patch Tuesday, which Microsoft recently begun using to distribute Intel's hardware patches or microcode updates.
The site says it has concrete evidence that Intel processors are vulnerable to the new flaws and that the chipmaker has patches in the works. AMD CPUs may also be vulnerable and further research on that issue is under way.
Intel has issued a cryptic statement titled "addressing questions regarding additional security issues".
"Protecting our customers' data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers," wrote Leslie Culbertson, Intel executive vice president.
"We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date."
According to Heise, four of the vulnerabilities are being treated as "high risk" and, as with the previously found Spectre flaws, they impact cloud providers due to an ability to attack a host system from a virtual machine, allowing an attacker to extract secrets and passwords from the host machine's memory.
Spectre Variant 2, a branch target injection flaw, concerns cloud providers because of the risk of it being used to enable a hypervisor bypass. Fixing it required microcode updates from Intel and AMD.
Heise notes that while the original Spectre bugs are difficult to exploit, the new Spectre vulnerabilities are more easily used.
Reports of the new bugs come just a month after Intel completed delivery of microcode updates to address Spectre Variant 2 for all chip families released in the past decade.
As of March, Microsoft has assisted Intel to deploy these updates, which were originally being deployed by hardware manufacturers.
Spectre? Has James Bond been notified?
SPROCKETS - “Touch my monkey”
Evil exists - on every human platform - with people ready and willing to exploit weakness. Strange world.
It’s not a flaw, it’s a feature!...............
The RosaKlebbium processor.
> Its not a flaw, its a feature!..............
Yep. That is how the Deep State keeps track of us all. Trump is exposing them.
That’s a Blofeld Group product isn’t it?
They make the hardware, Facebook the software.
I think ‘Q’ posted something to that affect just recently.
IBM screwed the entire world by displacing the 68000 and enshrining that Intel crap.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.