HomeWinBuzzer NewsMicrosoft and Intel Disclose Spectre-like CPU Flaw That May Result in Further...

Microsoft and Intel Disclose Spectre-like CPU Flaw That May Result in Further Performance Loss

A Spectre-like variant known as Speculative Store Bypass is largely mitigated by browser updates, but could still present a risk to users. Consumers can choose to enable a firmware update but will take a performance hit of 2-8%.

-

When were disclosed, it became clear that this wouldn't be the end of it. As well as the significant updates and patches, there was the likelihood of variants that hadn't been discovered.

An announcement by , , and starts to show the scope of the problem. Speculative Store Bypass (Variant 4) is a similar flaw that takes advantage of shortcuts in modern CPUs. This means that existing mitigations in Chrome, Firefox and Edge will work, but like Spectre it will require firmware updates.

According to Intel, those updates could affect performance by up to 8%. Thankfully, the variant doesn't seem to be as severe as others, so the chipmaker is giving users an option. The protection will be off by default, and you can choose between security and performance.

More Flaws to Come?

This raises a number of questions. It's not clear if regular consumers have the knowledge to decide if the mitigation is neccessary. If they do need to enable it, is it unfair that they're getting worse performance than they paid for?

Intel doesn't seem to think so, and there's allegedly seven more flaws in the wild. For its part, Microsoft is helping to push the updates out to OEMs and Windows users. It says it discovered the flaw as early as November 2017, but was working with others to coordinate disclosure.

“On May 21st, a new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639,” said a spokesperson. “At the time of publication, we are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.”

If it does find vulnerable code patterns, Microsoft is committed to addressing it to a security update. It's working with Intel and AMD to assess the performance impact of the mitigation.

SourceIntel
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News