Intel introduced hardware-based “safeguards” and ‘additional’ protections to its new chips to protect against the Spectre and Meltdown flaws that shocked the silicon industry when the vulnerabilities were made public earlier this year. However, those protections are specific to V2 and V3, and will not impact the newly-discovered Variant 4 as well as other potential speculative execution side channel-related flaws in the future – in other words, it just the beginning.
AMD responded in a community post what’s really behind the claims from CTS-Labs – AMD makes it very clear that the issues identified by CTS-Labs research have very less to do with Meltdown & Spectre security holes, but there also telling us that these are associated with the firmware that manages the AMD Secure Processor (PSP) – similar to Intel’s ME. The chipset used in some AM4 and TR4 motherboards as well as others are getting a firmware patches (BIOS updates) for this.
Microsoft, HP, Asus, ASRock & Co. rolling microcode updates out right now, ensure you checked if there is an BIOS update for you or not. Now, a bit late already Windows Build 1607 (Anniversary Update) and 1703 (Creators Update) getting Microcode Updates for all Skylake, Kaby Lake and Coffee Lake systems – the download of KB4091663 & KB4091664 is manual which means you won’t get the Update for your system over Windows Update.
All newer Intel microprocessors are provided with Software Guard Extensions (SGX) which allow software programs to run in their own little safe corner of the processor. These safe areas are created on demand and have their own memory, isolated from other system software like hypervisors and the operating system itself.
Intel has announced that it has released production microcode updates to OEM manufacturers for Kaby Lake, Coffee Lake, and Skylake platforms. And they have finally given us a schedule and availability table for the microcode revisions that can be found here. This update is already a bit late which means Intel is behind their own schedule but better late than nothing right?
Linus Torvalds released the final version of the first Linux kernel with Meltdown & Spectre fixes, the new version 4.15 comes with over 1000 changesets and this is mostly to address the current security issue. The new Kernel is now more compatible with VR and the free AMDgpu driver got implemented which means AMD Vega GPUs are better supported. You can get, as always, download the latest kernel on kernel.org.
Meltdown and Spectre patches will be handled in the future by the OS (not the CPU) as I reported earlier last week already but Microsoft now released another patch which solves boot issue – KB4078130 (24 Kilobytes “huge” update) got released two days ago – disables the mitigation against Spectre, Variant 2 on all supported versions of the company’s Windows operating system when installed.
I can’t believe it, even with the Meltdown and Spectre leaks intel is on a new selling record. The stock exploded right after the Intel announcement that there will be a Meltdown & Spectre secure CPU release this year – which btw isn’t enabled by default. According to CEO Brian Krzanich Intel is getting this year new CPUs with an integrated protection.