Spectre and Meltdown fixes for Intel chips doesn't address newly discovered Variant 4

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     Intel introduced virtual fences, a hardware-based safeguard, to protect it's future cpus against the Spectre and Meltdown flaws. However, they are specific to V2 and V3, and will not protect against the newly-discovered Variant 4 as well as other potential speculative execution side channel-related flaws in the future. Chip experts familiar with the situation stated that while it won't impact Variant 4, the added a functionality in its microcode, the Speculative Store Bypass Disable bit, will help to protect against Variant 4. The microcode will continue to be implemented on future hardware platforms. Intel acknowledged that its processors are vulnerable to Variant 4, which could give attackers unauthorized read access to memory. Similar to the Meltdown and Spectre vulnerabilities, Variant 4 is also a side channel analysis security flaw. Unlike the previous flaws however, Variant 4 uses a different process to extract information and is more of a cache exploit and that can be used in browser-based attacks.

     After the announcement of Spectre and Meltdown, Intel has designed a new set of CPU design features that work with the operating system to install virtual fences to protect the system from speculative execution attacks that could exploit a variant of the Spectre flaw. Intel has redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Partitioning are like additional protective walls between applications and user privilege levels to create another protective layer against hackers.




     Variant 4 may be much harder to fix architecturally than V1, V2, or V3a. You either have to turn memory disambiguation on or off, which will be a BIOS setting. It's important to note that browsers already have code to give some level of protection against this. Variant 4 is most similar to Spectre V1, GPZv1 exploits the processor's branch prediction. GPZv4 is taking advantage of a performance feature where the processor reorders loads and stores to gain performance.

     Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, said that unlike Intel's updates for other variants, the updates for Variant 4 will be optional and will be set to off by default. Intel already delivered beta microcode updates for Variant 4 to OEM system manufacturers and system software vendors, and expect it will be released into production BIOS and software updates over the coming weeks.