If you thought that Intel was putting the flaws of Specter and Meltdown behind that, well, nothing is so simple. According to a report by the German magazine C & # 39; T, Intel plans to address eight new vulnerabilities arising from the same design problem in its CPUs that led to Specter and Meltdown, and has reserved a number of common vulnerability and exposure (CVE) numbers . for them.
On May 3, Intel executive vice president and general manager of product safety and security Leslie Culbertson issued a statement on possible new security issues:
"Protect our customer's data and Ensuring the safety of our products is a critical priority for us, "Culbertson wrote. "We work closely with clients, partners, other chip manufacturers and researchers routinely to understand and mitigate any identified problems, and part of this process involves reserving blocks of CVE numbers."
"We strongly believe in the value of coordinated disclosure and we will share additional details about any possible problems as we complete the mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date. "
While most problems are reportedly at the same risk level as Specter, which can certainly be quite high, there is an interesting nugget : a flaw that would easily allow a malicious hacker to exploit the code in a virtual machine and attack the host system, be it a single PC or, for example, the server of a large corporation, and enter more virtual machines in that way.
Although attacks on other virtual machines or the host system were already possible in principle with Specter, implementation in the real world required so much prior knowledge that it was extremely difficult, "said the English version of the story C & # 39; T. "However, the aforementioned Specter-NG vulnerability can be exploited quite easily for attacks across system boundaries, raising the potential of threat to a new level. "
C & # 39; T refers to the eight vulnerabilities as Specter-NG (Next Generation), but that seems to be a name invented by the magazine." The magazine suggests that each vulnerability could have its own name, and there probably will be eight different patches, one for each problem.
The report indicates that the first wave of patches could go live in May (next Microsoft patch for Windows 10) is on Tuesday, May 8), while the rest will be Prepares for August
The report suggests that some ARM chips may be vulnerable to Specter-NG defects, and that AMD is investigating whether this also affects their processors.Meltdown affected some ARM and AMD chips.
Specter affects almost all CPUs in the last two decades, and if these new reports are correct, we will not shake similar short-term vulnerabilities until there is a complete redesign of the processors.
"It seems that for c a fixed problem, two more arise, "said the article by C & # 39; T. "During the last twenty years, security considerations have only played a secondary role to the performance in the development of processors."
Image credit: BeeBright / Shutterstock
Windows 10 Network and Security