sb-nz logo
Story image

Intel releases Spectre & Meltdown patches for some Skylake processors

12 Feb 2018

Intel has officially released patches to OEM customers and industry partners running Skylake-based platforms as efforts ramp up to properly patch the Spectre and Meltdown vulnerabilities

Meltdown (CVE-2017-5754), affects all Intel processors and can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS).

Spectre (CVE-2017-5753 and CVE-2017-5715) affects AMD, ARM and Intel processors. It can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.).

“The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve,” commented Intel CEO Brian Krzanich when the vulnerabilities were originally disclosed in January.

The patching process for the vulnerabilities has not been a smooth ride, particularly for Intel. Last month it released updates that were causing system reboots for systems running Intel Broadwell and Haswell CPUs. 

While Intel found out what was causing the issue, patch rollout for all affected processors is taking time.

According to Intel’s latest update, it released production microcode updates for ‘several Skylake-based platforms’ and plans to release updates for more platforms in the coming days.

Reports suggest that the Skylake platforms are those with mobile Skylake and desktop Skylake chips. Patches for other chips and processors are still in the pipeline.

“We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production,” says Intel executive VP of the Data Center Group, Navin Shenoy.

Shenoy is quick to point out that most updates will be available through OEM firmware updates and it is critical for everyone to keep their systems up to date.

Shenoy says research has shown that there is often a significant lag between the time users receive updates and when those updates are actually installed.

“This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different,” Shenoy says.

Intel states there is a lot of work still to be done and it is committed to addressing the issues.

Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
NZX CIO David Godfrey to resign by year's end
"David has been in the business for more than a decade, and has been a great contributor over that time - including through the challenges we faced this year due to COVID and the more recent cyber attacks where he has shown wonderful calmness and support of his teams.”More
Story image
Microsoft brings endpoint & Azure security under Microsoft Defender
Microsoft Defender brings Microsoft 365 Defender and Azure Defender under the same umbrella.More