Are 8 new ‘Spectre-class’ flaws in Intel CPUs about to be exposed?

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Zdnet

A report by German tech site heise.de says Intel’s CPUs are affected by eight new “Spectre-class” vulnerabilities, including one found by Google’s Project Zero, which identified the first set of CPU flaws known as Meltdown and Spectre.

The site reports that the bugs have been assigned CVE identifiers and that at least one of them will be revealed by Project Zero on May 7, a day ahead of Patch Tuesday, which Microsoft recently began using to distribute Intel’s hardware patches or microcode updates.

The site says it has concrete evidence that Intel processors are vulnerable to the new flaws and that the chipmaker has patches in the works. AMD CPUs may also be vulnerable and further research on that issue is underway.

Intel has issued a cryptic statement titled “addressing questions regarding additional security issues”.

“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers,” wrote Leslie Culbertson, Intel executive vice president.

“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date.”

According to Heise, four of the vulnerabilities are being treated as “high risk” and, as with the previously found Spectre flaws, they impact cloud providers due to an ability to attack a host system from a virtual machine, allowing an attacker to extract secrets and passwords from the host machine’s memory.

Spectre Variant 2, a branch target injection flaw, concerns cloud providers because of the risk of it being used to enable a hypervisor bypass. Fixing it required microcode updates from Intel and AMD.

Heise notes that while the original Spectre bugs are difficult to exploit, the new Spectre vulnerabilities are more easily used.

Reports of the new bugs come just a month after Intel completed delivery of microcode updates to address Spectre Variant 2 for all chip families released in the past decade.

As of March, Microsoft has assisted Intel to deploy these updates, which were originally being deployed by hardware manufacturers.

This story has been updated to make it clear that Intel has not confirmed that it is working on mitigations for any alleged vulnerabilities.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India