Articles about meltdown

Thumbs up for Spectre-Meltdown protection

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

A group of computer science researchers has proposed a way to overcome the security risk posed by speculative execution, the data processing technique behind the Spectre and Meltdown vulnerabilities. In a paper distributed this week through the ArXiv preprint server, "SafeSpec: Banishing the Spectre of a Meltdown with Leakage- …
Thomas Claburn, 16 Jun 2018
Spectre logo jazzed up

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …
Shaun Nichols, 3 May 2018
Nuclear radioactivity symbol

Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that …
Spinal tap 11 volume knob

Xen turns it up to 4.11 and shrinks itself to contain containers

The Xen Project last week sent the first release candidate of Xen 4.11 down the slipway, ahead of a few weeks’ testing and a planned release on June 1st, 2018. To help you understand what will land on that day, The Register asked Lars Kurth, chair of the Xen Project Advisory Board for his views on what’s important and new in …
Simon Sharwood, 24 Apr 2018
Flyswat

Oracle whips out the swatter, squishes 254 security bugs in its gear

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …
Shaun Nichols, 19 Apr 2018
Facebook CEO Mark Zuckerberg

Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug. The Cryptographers' Panel, an annual tradition at the event, this year included Ronald Rivest of MIT and Adi Shamir of the …
Shaun Nichols, 17 Apr 2018
Intel NUC5i5RYK

NUC, NUC! Who's there? Intel, warning you to kill a buggy keyboard app

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel Remote Keyboard …
Spectre logo jazzed up

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production …
A surprised cat

Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency fix

Microsoft today issued an emergency security update to correct a security update it issued earlier this month to correct a security update it issued in January and February. In January and February, Redmond emitted fixes for Windows 7 and Server 2008 R2 machines to counter the Meltdown chip-level vulnerability in modern Intel …
Shaun Nichols, 29 Mar 2018

Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX

Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …
Simon Sharwood, 28 Mar 2018
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Microsoft's Windows 7 Meltdown fixes from January, February made PCs MORE INSECURE

Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's …
Shaun Nichols, 28 Mar 2018
inception_screengrab_648

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

Around 2003, a computer security portent that had been cheerlessly simmering away for years suddenly came to the boil. This was an era stricken by malware attacks on a scale few had prepared for, running software beset with flaws some vendors seemed disinclined to acknowledge let alone fix. Vulnerabilities, including high- …
John E Dunn, 26 Mar 2018
Shutterstock tools

Creaking Chromebooks getting Meltdown protection soon

Older Chromebook owners should keep an eye open for Chrome OS updates, because Google has announced they'll get Meltdown protection soon. The fix for the now-notorious speculative execution side-channel attack will arrive in Chrome OS 66. This went to the beta channel for Android last Friday (March 16). Older Chromebooks …
spectre

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about. Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again. In …
John Leyden, 15 Mar 2018
Meltdown

Microsoft starts buying speculative execution exploits

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws. Noting that the Project Zero discoveries “represented a major advancement in the research in this field”, Redmond said the bounties will be available until 31 December 2018 …
Spectre graphic

Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get …
Shaun Nichols, 1 Mar 2018
Homer Simpson

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

Vid The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel's SGX secure environments, researchers claim. SGX – short for Software Guard eXtensions – is a mechanism that normal applications can use to ring-fence sections of memory that not even the operating system nor a hypervisor can …
Three candles - suggesting performance graph

Intel gives Broadwells and Haswells their Meltdown medicine

Intel slipped out a new Microcode Update Guidance on Monday, revealing that lots of Haswell and Broadwell Xeons can now receive inoculations against the Meltdown and Spectre CPU design flaws. The new document (PDF) says Broadwell processors with CPUIDs 50662, 50663, 50664, 40671, 406F1, 306D4 and 40671 are ready for their …
Simon Sharwood, 28 Feb 2018

Create a news alert about meltdown, or find more stories about meltdown.

Biting the hand that feeds IT © 1998–2018