Microsoft and Google jointly reveal new processor-based PC vulnerability

The speculative execution bugs are back for round 2, with a new vulnerability called  “Speculative Store Bypass (variant 4).

Discovered 6 months ago in November 2017, Microsoft has already been working with Intel and PC vendors to provide fixes for the issue.

Microsoft says so far the issue is unexploited:

“We are continuing to work with affected chip manufacturers and have already released defense-in-depth mitigations to address speculative execution vulnerabilities across our products and services,” says a Microsoft spokesperson. “We’re not aware of any instance of this vulnerability class affecting Windows or our cloud service infrastructure. ”

The fix for the problem is in two parts – one software and the other firmware, and Intel has established that the firmware fix could have a 2-8% performance impact.

“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.

Intel is in the process of distributing patches to OEMs, but they will be off by default so as not to compromise the performance of systems.

Microsoft has already rolled out operating system level fixes and will continue to provide patches as needed:

“We are committed to providing further mitigations to our customers as soon as they are available, and our standard policy for issues of low risk is to provide remediation via our Update Tuesday schedule,” a spokesman said.

See Redhat explain the new vulnerability below:

YouTube player

Via the verge