News Posts matching "Microcode"

Return to Keyword Browsing

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.

Intel 9000 Series CPU Lineup Confirmed in Official Microcode Revision Guidance + Clocks

Following all of the unofficial, tentative tidbits of information following Intel's on-again, off-again 9000 series CPU lineup (which still belongs to the 8th Generation), we now have official confirmation - as is usual, through Intel's documentation. In this instance, the "culprit" is Intel's Microcode Revision Guidance. The Coffee Lake S series featuring 6+2 configurations are now listed with Core i5-9600(K), Core i5-9500(T) and the Core i5-9400, while the Core i3-9100 and Core i3-9000 SKUs are listed with a 4+2 configuration.

Update: Intel's 8th Gen Specification Update now lists clocks and core count for the aforementioned CPUs. Overall, there's an increased 100 or 200 MHz Max Turbo frequency across the board within the same TDP package, and some instances of 100 MHz base frequency increases over Intel's 8000 series CPUs (can't just call them 8th gen anymore now can we?). The 9600K, for example, increases base clocks from the 8600K by 100 MHz (up to 3.7 GHz base), but pole-vaults its predecessor in maximum Turbo (up to 4.5 GHz).

Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures

Intel today released the latest round of CPU micro-code updates for its processors, which expand support for Intel processor microarchitectures ranging all the way back to 1st generation Core "Westmere," and "Lynnfield," and including "Sandy Bridge" and "Ivy Bridge" along the way, at various stages of roll-out (beta, pre-production, and production). This update probably features hardening against "Spectre" variant 4, and perhaps even RSRR (rogue system register read) variant 3A, chronicled in CVE-2018-3640.

Intel Stops Development, Deployment of Spectre Microcode Update for Several CPU Families

Intel on their latest Microcode Revision Guidance Guide has apparently stopped development of mitigations for some of its processor families that still haven't been updated to combat the threat of Spectre. The odyssey for the return to form of security on Intel products has been a steep, and a slow one, as the company has struggled to deploy mitigations for speculative code execution on its processor families that run it. Updates for some families of products, however - such as Penryn, Wolfdale, Bloomfield and Yorkfield, among others - are apparently not going to get an update at all.

Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel's CPUs to the exploits known as Spectre and Meltdown.

While that's good news, Intel's patching odyssey still isn't over, by any means. According to Intel's documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that's two other architectures that still remain vulnerable. Of course, this discussion of who's vulnerable and isn't really can't be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel's patch validation and distribution through manufacturers to end users' systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.

Intel Deploys Microcode Update for Spectre Flaw on Skylake

In another step of our Spectre/Meltdown odyssey, Intel has started deployment of a fixed update for its Skylake processors, which aims to neuter chances of a malicious attacker exploiting the (now) known vulnerabilities. This update, which comes after a botched first update attempt that was causing widespread system reboots and prompted Intel to change its update guidelines, is only for the Skylake platform; other Intel CPUs' updates remain in Beta state, and there's no word on when they might see a final deployment.

The new microcode is being distributed to industry partners, so that they can include it in a new range of firmware updates that will, hopefully, end the instability and vulnerabilities present in current mobile and desktop Skylake implementations. Users of other Intel architectures will still have to wait a while longer before updates for their systems are certified by Intel, distributed to industry partners, and then trickle to end users via firmware updates.

Critical Flaw in HyperThreading Discovered in "Skylake" and "Kaby Lake" CPUs

A critical flaw was discovered in the way Intel implemented its simultaneous multi-threading technology, HyperThreading, on "Skylake" and "Kaby Lake" processors. Being a micro-architecture specific flaw, this could affect all implementations, from low-power mobile chips, to mainstream desktop, high-end desktop, and perhaps even enterprise-segment Xeon processors. At this time, there are no security implications of this flaw.

Intel chronicled this flaw in its micro-architecture errata "SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095," and described it as follows: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active." As an implication, Intel goes on to note that Due to this erratum, the system may experience unpredictable system behavior."
Return to Keyword Browsing