Articles about meltdown


Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about. Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again. In …
John Leyden, 15 Mar 2018

Microsoft starts buying speculative execution exploits

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws. Noting that the Project Zero discoveries “represented a major advancement in the research in this field”, Redmond said the bounties will be available until 31 December 2018 …
Spectre graphic

Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get …
Shaun Nichols, 1 Mar 2018
Homer Simpson

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

Vid The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel's SGX secure environments, researchers claim. SGX – short for Software Guard eXtensions – is a mechanism that normal applications can use to ring-fence sections of memory that not even the operating system nor a hypervisor can …
Three candles - suggesting performance graph

Intel gives Broadwells and Haswells their Meltdown medicine

Intel slipped out a new Microcode Update Guidance on Monday, revealing that lots of Haswell and Broadwell Xeons can now receive inoculations against the Meltdown and Spectre CPU design flaws. The new document (PDF) says Broadwell processors with CPUIDs 50662, 50663, 50664, 40671, 406F1, 306D4 and 40671 are ready for their …
Simon Sharwood, 28 Feb 2018
Evil Uncle Sam

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the dangerous chip design flaws. Republican members of the House Energy and Commerce Committee sent letters to the seven in January, to seek …
Simon Sharwood, 23 Feb 2018
Meltdown bug

OpenBSD releases Meltdown patch

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel. A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post …
AMD underwater

Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities. At least four separate lawsuits have now been filed against the California-based processor slinger, alleging …
Shaun Nichols, 21 Feb 2018
Asleep on the sofa image via Shutterstock

Why is the networking business dozing through Meltdown/Spectre?

In the seven weeks since The Register broke the news of the Meltdown/Spectre speculative execution vulnerabilities, nearly every corner of the industry has scrambled to patch, re-patch, and work out how to Spectre-proof the world. Except for Ethernet switch vendors, who with a very few exceptions haven't even troubled to make …

Hands up who HASN'T sued Intel over Spectre, Meltdown chip flaws

Intel says it is facing 32 separate class-action lawsuits following the revelations it shipped millions of processors with security design flaws dubbed Meltdown and Spectre. The figure was slipped into its annual 10-K financial filing, submitted earlier this week to the US Securities and Exchange Commission (SEC). Speaking to …
Shaun Nichols, 17 Feb 2018
Spraying bugs with insecticide

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …
Thomas Claburn, 14 Feb 2018

Meltdown-and-Spectre-detector comes to Windows Analytics

Microsoft's added a Meltdown-and-Spectre detector to Windows Analytics, the company's telemetry analysis tool for sysadmins. The new version of the tool arrived on Tuesday, when Redmond revealed new features to check antivirus status, operating system update level, and firmware status. Sysadmins weary from gazing at users' …
Cloud moving at a snail's pace

Meltdown's Linux patches alone add big load to CPUs, and that's just one of four fixes

Netflix engineer, dTrace guru and famed shouter at hard disk drives Brendan Gregg has cooked up a "microbenchmark" to assess the Linux kernel page table isolation (KPTI) patch for the Meltdown CPU design flaw and come up with predictions of significant-but-manageable performance degradation. Gregg explained on Friday that his …
Simon Sharwood, 12 Feb 2018
Man closes his eyes and crosses fingers

If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

IBM has warned that bugs in its Notes auto-updater mean the service can be tricked into running malicious code. In its advisory, IBM says the Notes Smart Updater service, which sees upgrades of Notes sent to users' desktops, “can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp …
VMware nutella

VMware sticks finger in Meltdown/Spectre dike for virtual appliances

VMware has advised on how to mitigate the Meltdown and Spectre chip design flaws in several of its products. The workarounds cover vCloud Usage Meter, Identity Manager (vIDM), vCenter Server, vSphere Data Protection, vSphere Integrated Containers and vRealize Automation (vRA). And they're important because VMware now ships …

Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery

Intel's offered the world some helpful advice about how to handle the Meltdown and Spectre chip design flaws it foisted on the world. "I can't emphasize enough how critical it is for everyone to always keep their systems up-to-date," wrote Navin Shenoy, executive veep and general manager of Intel's data centre group, bemoaning …
Image composite Titima Ongkantong, Stephen Marques, Shutterstock

Intel alerted Chinese cloud giants 'before US govt' about CPU bugs

Intel warned Chinese firms about its infamous Meltdown and Spectre processor vulnerabilities before informing the US government, it has emerged. Select big customers – including Lenovo and Alibaba – learned of the design blunders some time before Uncle Sam and smaller cloud computing suppliers, The Wall Street Journal reports …
John Leyden, 29 Jan 2018

You can't ignore Spectre. Look, it's pressing its nose against your screen

The Spectre processor design vulnerability is here to stay. Even if you choose to ignore it, the problem still exists. This is potentially a very bad thing for public cloud vendors. It may end up being great for chip manufacturers. It's fantastic for VMware. Existing patches can fix Meltdown, but only seem to be able to …
Trevor Pott, 29 Jan 2018

Create a news alert about meltdown, or find more stories about meltdown.

Biting the hand that feeds IT © 1998–2018