New Developments in Intel Spectre Meltdown Vulnerability

Do you remember Meltdown and Spectre, the Intel processor vulnerabilities we mentioned a few weeks ago? Well, Intel has recently rolled out a patch for the bugs – but be careful, it doesn’t come without issues.

To recap, the Meltdown and Spectre bugs are design flaws that result in a weakened separation in the secure kernel memory of most Intel processors. This causes secure data to become available to anyone who can exploit the vulnerability. This flaw was discovered recently, and is causing havoc in the IT industry due to the sheer number of potentially affected devices. Although it’s mostly Intel processors that are affected, it can be a potential threat to AMD systems as well, although the biggest hit for AMD has been the rollout of “fixes.” (more on that in a bit.) The overall impact of this flaw potentially opens users up to serious data vulnerabilities. These design flaws affect not only desktop and laptop computers, but also smartphones, tablets, and any other devices that use one of the affected processors.

Unfortunately, the patch itself is causing some major issues. Microsoft has found that the patch is causing particularly severe issues with some computers containing AMD processors. The patching of this vulnerability is widely known to cause a slowdown of the affected computers. It is even causing some AMD computers to lock up completely. According to The Verge, tests have shown a slowdown of up to 25 percent on some systems. Along with deteriorating performance, some computers with the patch are rebooting randomly, causing frustration for users. Microsoft has even had to roll back their patch due to the issues it has caused in some environments.

There are different variants of the Spectre and Meltdown bugs. So far, Intel has been able to create a patch that prevents the reboot issue for HP and Dell computers. However, Spectre Variant 2 and other variations of the exploits are still up in the air. Meanwhile, Google has rolled out an update called Retpoline that has successfully combatted the Spectre Variant 2 in the some Intel processors, but not all. So far, no one has found an overall fix.

Microsoft, Dell, and HP are currently advising against deploying most of the recently rolled out updates until they are sure they will fix all variations of the bugs while incurring the least possible side effects.

Although this has caused a huge stir in the IT industry, no exploits of these vulnerabilities have been found “in the wild” so far, so the race is on to develop a workable fix before hackers learn to fully exploit these vulnerabilities.  We will continue to keep you updated on the latest news regarding the Spectre and Meltdown vulnerabilities, as well as the recommended fixes as they are released.