Eight more Spectre-like security flaws found in Intel CPUs.

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     Intel may have as many as eight new Spectre-like vulnerabilities in its chips, according to a new report. The report comes months after the Spectre and Meltdown flaws in early 2018. New security flaws in Intel CPUs have been reported to the manufacturer by many different teams of researchers. The reports held back on the exact details about the vulnerabilities but stated that they are caused by the same design problem.

     Each of the eight vulnerabilities has its Common Vulnerabilities and Exposures ( CVE ) number, along with corresponding patches. Four of these flaws are high risk, and the remaining are rated as medium. One of the flaws exposes a significantly higher threat potential than that of Spectre, as it essentially simplifies attacks across system boundaries. One of the flaws can easily be exploited for attacks across system boundaries. An attacker could launch malicious code in a virtual machine and attack the host system. It could also attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought after targets on cloud systems and are acutely endangered by this security flaw. Intel's Software Guard Extensions, which are designed to protect sensitive data on cloud servers, are also not safe.




     Google Project Zero has discovered one of the flaws. Google's security team was also responsible for the January disclosure of Spectre and Meltdown, which account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users protected data. Spectre and Meltdown affecte processors from Intel, ARM and AMD. These new vulnerabilities show initial evidence that they might affect some ARM CPUs, and researchers are investigating to see if AMD is also susceptible. In order to protect against Spectre and Meltdown in the future, Intel has said it designed a new set of CPU design features that work with the operating system to install what is called virtual fences, that protect the system from speculative execution attacks that could exploit a variant of the Spectre flaw. Another side of the Spectre and Meltdown story is the buggy patching efforts in the industry in the wake of the vulnerability disclosure. Intel released patches for the Spectre and Meltdown vulnerabilities in January, but later yanked its patches for the Variant 2 flaw, both for client compute and data center chips, after acknowledging that they caused "higher than expected reboots and other unpredictable system behavior." IT security professionals, are stressing that chip manufacturers need to take responsibility for thinking through security in a more holistic way at the chip level. Companies have not thought through chip security when it comes to using timing to reveal cached content.