Microsoft, Google reveal fourth variant of Meltdown and Spectre exploit, Intel promises new security patches

News

Reading time icon 2 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

It looks that the Meltdown and Spectre security flaws could continue to haunt Intel and other chip makers for quite a long time. Yesterday, Microsoft, Google and Intel jointly revealed a fourth variant of the Meltdown and Spectre vulnerabilities, which according to Intel affect “many modern microprocessor architectures, including but not limited to Intel’s.”

This new variant of the Spectre and Meltdown security flaws is called “Speculative Store Bypass,” and it could allow attackers to gather sensitive data on your PC. Here is how intel described the vulnerability:

Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment.  While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

According to the chip maker, previous security updates for the most popular web browsers already offer some protection against this new Variant 4. However, Intel still plans to offer additional mitigation through a combination of microcode and software updates, and the bad news is that the firmware updates will negatively impact performance. Intel has already made beta microcode updates available for its various industry partners, and it expects them to roll out over the coming weeks. However, the mitigation will be turned off by default and it will be up to PC manufacturers to enable it or not.

“Research into side-channel security methods will continue and likewise, we will continue to collaborate with industry partners to provide customers the protections they need,” Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel Corporation. It’s important for Intel to get prepared for future Meltdown and Spectre variants that have yet to be discovered, but the company is also announced earlier this year that its upcoming Xeon and 8th gen Core chips will have built-in protections against Meltdown and Spectre.

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.