Spectre and Meltdown are vulnerabilities in modern chip design that could allow attackers to bypass system protections on almost every recent PC, server and smartphone-allowing hackers to read sensitive information, such as passwords, from memory.
The confusion around Meltdown and Spectre flaws appears to be getting even more confusing for the end user. Intel responded that the issue affected all processors, including those made by other manufacturers. Those informed included Lenovo, Microsoft, Amazon and Arm.
The commitment has been a welcome word from the company leadership, but what IT managers need in the meantime is something that will help them plan for these changes as Intel works on bringing them about, as PC World pointed out. The journal stated that the Alibaba Group was among the first firms to be notified about the flaws. Has anybody talked to them and told them they are f*cking insane? A Lenovo spokeswoman told the newspaper that a nondisclosure agreement protected Intel’s information from being made public.
Intel CEO Brian Krzanich said that they have committed to keeping their customers and owners appraised of their progress and, through their actions. “Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed”, Navin Shenoy added. The company has reported its fourth-quarter earnings estimates last week, after which the stock climbed about 10% despite the news regarding Meltdown and Spectre flaws continuing to trickle in.
Mind you, disabling Intel’s fix means that you’d be vulnerable to attacks targeting the Spectre variant 2 hardware issue. Their short term goal is to deliver high-quality mitigations to secure their customers’ infrastructure on these exploits.
Smaller cloud service providers were left playing “catch up”.
Microsoft issued a warning of its own. I understand you are disinclined to believe, 1/2.
In a statement, an Intel spokesperson said the company “followed best practices of responsible and coordinated disclosure”.
US CERT acts as a security clearing house.
Intel learned about Spectre and Meltdown in June 2017, when a member of Google’s Project Zero security team identified the flaws. That included the Spectre flaw as well as a similar flaw called Meltdown. Visit Microsoft’s support page for more information regarding this process.