CATEGORIES
home News

Intel CPUs Reportedly Vulnerable To New Spectre-Style Critical Security Chip Flaws

by Brandon HillSaturday, May 05, 2018, 12:33 PM EDT
Just when news of Spectre and Meltdown has seemingly died down, we're now hearing of a fresh round of exploits that might affect Intel processors. A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short.

Each of the eight vulnerabilities have been assigned their own Common Vulnerability Enumerator (CVE) designation, and each will need to be patched separately according to German publication c't. Intel, which has been notified of Spectre-NG, acknowledges that four of the new exploits are considered "high risk", while the other four are "medium risk".

meltdown spectre

At least one of the vulnerabilities is reportedly even more damaging than the original Spectre exploit. "An attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster," writes c't. "It could attack the VMs of other customers running on the same server."

Google's Project Zero team, which was instrumental in helping to uncover the original Spectre exploit, is responsible for discovering one of the new Spectre-NG variants. Project Zero adheres to a strict 90-day blackout period before publicly disclosing exploits -- which Microsoft knows all too well -- which means that this vulnerability will be disclosed on May 7th

We should note that Microsoft's Patch Tuesday is coming up on May 8th, so it's quite possible that new mitigations for old and new versions of Spectre exploits will be presented with updates to operating systems like Windows 10. Microsoft has taken it upon itself to encourage researchers to discover such Spectre-esque vulnerabilities with a bug bounty program that offers up to a $250,000 reward.

For its part, Intel says that it is working diligently to protect its customers from future attacks. “Protecting our customers’ data and ensuring the security of our products are critical priorities for us," said an Intel spokesperson in a statement to Threatpost. “We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

Intel reportedly plans a "first wave" of patches for Spectre-NG this month, with a "second wave" planned for August.

Tags:  Intel, spectre, (NASDAQ:INTC), Project Zero, spectre-ng, spectre next generation
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment