Another Spectre CPU vulnerability among Intel’s dirty dozen of security bug alerts today

Exclusive Intel will today emit a dozen security alerts for its products and code – including details of another vulnerability within the family of Spectre CPU flaws.

This bundle is the start of the processor giant’s efforts to move to a quarterly cadence of updates, we understand. Rather than drop surprise alerts onto its security advisory page at irregular intervals, Intel hopes to gradually adopt a routine similar to Microsoft’s monthly Patch Tuesday, albeit once every three months.

Urgent security updates will be pushed out in between these quarterly batches. Some fixes may be emitted outside of this quarterly cadence if they are due to be released on a specific date in a coordinated disclosure with other organizations, and that date falls outside Intel’s schedule.

Motherboard manufacturers, computer makers, operating system developers, and other Intel partners, will privately get a long heads up before these quarterly updates are made public. For instance, today’s patches were shared with manufacturers in March, allowing them to prepare to roll out fixes to customers.

From what we understand, Intel hopes to give folks – from IT administrators to ordinary netizens – time and notice to plan for installing security updates at regular-ish intervals, rather than relying on them to look out for sporadic patches.

Speculative execution continues to haunt

The new Spectre-class side-channel vulnerability to be disclosed today in Intel’s processors can be exploited through bounds-check bypass store attacks.

This means malicious code already running on an Intel-powered computer can leverage speculative execution to potentially alter function pointers and return addresses in other threads to hijack applications. At that point, the malware can extract secrets from the system, and cause other merry mischief.

The good news is that software mitigations available today for Spectre variant 1 will thwart bounds-check bypass store attacks. Thus, web browsers and other applications employing anti-Spectre mechanisms should be safe.

For programmers and compiler writers, this means slipping LFENCE instructions into code, before it reads from memory, to act as a barrier, or clipping array bounds using a bitmask, as described here, in section four.

The other good news is that there is little or no malware known to be circulating in the wild exploiting Spectre vulnerabilities to steal information: it is far easier for miscreants to persuade people to download and install software nasties disguised as legit applications, trick them with phishing emails, or attack holes in email clients and PDF readers, to commandeer their PCs.

Instead, Spectre, for now, remains a fascinating insight into the world of CPU design, where engineers across the industry trade off a little security for a little more performance.

Streamlining

“As we continue working with industry researchers, partners and academia to protect customers against evolving security threats, we are streamlining security updates and guidance for our industry partners and customers when possible,” a spokesperson for Intel told The Register on Tuesday.

“With this in mind, today we are providing mitigation details for a number of potential issues, including a new sub-variant of [Spectre] variant 1 called Bounds Check Bypass Store, for which mitigations or developer guidance have been released.

“More information can be found on our product security page. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel.”

More than half of today’s Chipzilla advisories were the result of research carried out by its own staff, whose minds have been doubly focused on the security of their products following the Meltdown and Spectre disclosures earlier this year. The alerts will cover things from firmware to Intel’s flavor of Python. ®

Sponsored: Minds Mastering Machines – Call for papers now open

READ MORE HERE