More CPU flaws announced by Google and Microsoft

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     Microsoft and Google jointly disclosed a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass-variant 4, the vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says "these mitigations are also applicable to variant 4 and available for consumers to use today."

     Unlike Meltdown, this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won't see negative performance impacts. If enabled, there is a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems. As a result, end users will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.




     Microsoft started offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws in March, and the company says it discovered this new bug back in November. Microsoft is working with Intel and AMD to determine performance impacts on systems. Intel is already preparing its own CPU changes for the future. Intel is redesigning its processors to protect against attacks like Spectre or this new variant 4, and the company's next-generation Xeon processors, Cascade Lake, will include new built-in hardware protections, alongside 8th generation Intel Core processors that ship in the second half of 2018.