Processor Exploit found

~mr mixx~

The Candyman
Messages
11,355
Location
USA
Hi guys, I was just on the internet and I just found out about a Processor Exploit that was just discovered. Here is the info links:

https://www.windowscentral.com/microsoft-pushing-out-emergency-fix-newly-disclosed-processor-exploit

https://betanews.com/2018/01/04/windows-10-processor-bug-patch/

https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/

https://www.ghacks.net/2018/01/04/microsoft-releases-out-of-band-security-updates/

Also I think the update For Windows 7 it is KB4056897
You can manually download and install it from the Microsoft Update Catalog.
 

root

Site Team
Staff member
Messages
8,181
Location
UK
It affects Intel CPUs enough that the CEO (who knew about it months ago.) arranged to sell all the stock that he could before the announcement was made.

all in all it's a bit of a non-story from a security point of view, exploit did exist, no known "wild code" exists to make use of it, and there is a patch out...

the interesting things are the stock dumping, (which could be insider trading) and there is noise about how it affects performance, especially in cloud environments. in that regard there are people wondering if customers will be given extra CPU time to make up for the performance drop. but I suspect not. customers are buying CPU time per second at frequency, not FLOPS.
the fix appears to affect where programs can write, effectively doubling calls internally which causes the drop in speed...

this may mean that we shift away from looking at CPUs in terms of how fast the clocks are running, and instead start asking service providers selling CPU to sell calculations.
 
Last edited:

cb600fshornet

Fully Optimized
Messages
2,187
Location
England, Birmingham
I believe there are a set of vulnerabilities referred to collectively as Spectre and Meltdown. It extends across Intel, AMD, ARM chips amongst various others.

I believe a couple of papers have been written that detail how to theoretically exploit this, and I also believe it's possible to exploit using Javascript also, hence why Firefox, Chrome, Edge and IE have recently had updates. Chrome requires you enable "site isolation" which will increase memory usage of chrome, but ensure each site utilises a different process, thus mitigating the risks of data being shared inadvertently with a malicious website.
 
Top