Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft, Google reveal fourth variant of Meltdown and Spectre exploit, Intel promises new security patches

2 min. read

Published onMay 22, 2018

published onMay 22, 2018

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

It looks that the Meltdown and Spectre security flaws could continue to haunt Intel and other chip makers for quite a long time. Yesterday, Microsoft, Google and Intel jointly revealed a fourth variant of the Meltdown and Spectre vulnerabilities, whichaccording to Intelaffect “many modern microprocessor architectures, including but not limited to Intel’s.”

This new variant of the Spectre and Meltdown security flaws is called “Speculative Store Bypass,” and it could allow attackers to gather sensitive data on your PC. Here is how intel described the vulnerability:

Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment.  While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

According to the chip maker, previous security updates for the most popular web browsers already offer some protection against this new Variant 4. However, Intel still plans to offer additional mitigation through a combination of microcode and software updates, and the bad news is that the firmware updates will negatively impact performance. Intel has already made beta microcode updates available for its various industry partners, and it expects them to roll out over the coming weeks. However, the mitigation will be turned off by default and it will be up to PC manufacturers to enable it or not.

“Research into side-channel security methods will continue and likewise, we will continue to collaborate with industry partners to provide customers the protections they need,” Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel Corporation. It’s important for Intel to get prepared for future Meltdown and Spectre variants that have yet to be discovered, but the company is also announced earlier this year that its upcoming Xeon and 8th gen Core chips will havebuilt-in protections against Meltdown and Spectre.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina