When the scope of the Meltdown and Spectre CPU flaws became clear, a bit of an argument began. Security researchers at CERT announced that they could only be fully mitigated with hardware replacements, while others disagreed.
One of those was Intel. On January 5th, the company said:
“Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits.”
Despite this, the company has decided to release redesigned hardware, as stated on January 26. According to Krzanich, Spectre variant 1 will continue to be addressed by software mitigations, while variants 2 and 3 will be addressed by redesigned, partitioned processors.
However, the updated silicon has advantages other than simply mitigating the problem. Though exploitation of all three variants can be somewhat prevented with software updates, fixes for Spectre, in particular, have a performance impact.
Meltdown and Spectre occur due to a feature called speculative execution. In essence, it uses an insecure method to increase processor performance. Software patches significantly hamper this ability, leading to performances losses.
In comparison, Intel’s hardware method mitigates the flaw while also retaining speculative execution’s benefits. It will be available with Intel’s next-generation Cascade Lake processors, as well as 8th-gen processors shipping later this year.
Even so, many consumers won’t be happy with the way Intel has handled this. The company is already facing 32 lawsuits, the bulk of them class action. Effectively, customers paid for a processor with greater performance than it now has. So far, it seems they won’t be getting a replacement and will have to deal with those slowdowns.
Meanwhile, Microsoft believes more bugs like Meltdown and Spectre could exist undiscovered. It’s offering up to $250,000 to any security researcher that can find them, and $25,000 for new ways to exploit the current ones.