Intel Patches Spectre and Meltdown Flaws with 8th-Gen Processors

If you run Windows 7 or Windows 8.1 you need to install this update – NOW

These changes are going to be implemented with Intel's next-generation Xeon and 8th Generation Core processors that are going to be shipped in the second half of this year.

All big companies including Microsoft, Apple and Google have been busy pushing out updates for its customers to mitigate the Meltdown and Spectre hardware vulnerabilities. However, they have now redesigned their processors to fix "Variants 2 and 3" of the Spectre vulnerabilities revealed previous year.

Technology behemoth Microsoft is aiming to nip the next Meltdown or Spectre vulnerability in the bud with a lucrative new bug bounty program.

Intel promised hardware protection in its chips in the aftermath of the Spectre and Meltdown discovery, and now it's detailing just what it has planned for its new CPUs. The partitioning will work by providing an extra barrier between applications and user privileges to prevent hackers using said privileges to gain access to sensitive data.

Krzanich added that Intel has now released microcode updates for all of its products launched in the past five years that require Spectre and Meltdown workarounds.

The exact details behind those "protective walls", as Krzanich describes them, is unclear at this stage. It was good news for fans of the older operating systems, but only those running compatible security software. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

The company has chose to offer significant monetary rewards for new flaws that are based on speculative execution or which can be used to bypass the mitigations put in place for Meltdown and Spectre.

Researchers will be awarded up to $25,000 for vulnerabilities in Windows 10 or Microsoft Edge. "In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues".

Philip Misner, a security group manager at Microsoft's Security Response Centre, described speculative execution bugs as "a new class of vulnerabilities" and said that research exploring new attack vectors is likely already underway.

Related:

Comments


Other news