- Joined
- May 6, 2012
- Messages
- 184 (0.04/day)
- Location
- Estonia
System Name | Steamy |
---|---|
Processor | Ryzen 7 2700X |
Motherboard | Asrock AB350M-Pro4 |
Cooling | Wraith Prism |
Memory | 2x8GB HX429C15PB3AK2/16 |
Video Card(s) | R9 290X WC |
Storage | 960Evo 500GB nvme |
Case | Fractal Design Define Mini C |
Power Supply | Seasonic SS-660XP2 |
Software | Windows 10 Pro |
Benchmark Scores | http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n |
https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html
At least one looks really bad, showstopper for cloud services once exploited. The CVE's will be published on 5th May by current information.
Eight new security flaws
Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.
So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.
Intel is already working on its own patches for Spectre-NG and developing others in cooperation with the operating system manufacturers. According to our information, Intel is planning two waves of patches. The first is scheduled to start in May; a second is currently planned for August.
One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.
At least one looks really bad, showstopper for cloud services once exploited. The CVE's will be published on 5th May by current information.