Intel Finds New Spectre Derivative

Posted on May 22, 2018 by Paul Thurrott in Hardware, Microsoft, Windows 10 with 8 Comments

Intel Finds New Spectre Derivative

Intel found a new derivative of the Spectre security flaw in its chipset. And while this one isn’t as serious from a security perspective, its fix could further impact PC performance.

“We have not seen any reports of this method being used in real-world exploits,” Intel’s Leslie Culbertson explains. “Moreover, there are multiple ways for consumers and IT professionals to safeguard their systems against potential exploits, including browser-based mitigations that have already been deployed and are available for use today.”

Spectre Variant 4, as this new derivative is called, uses a common feature in modern processors called speculative execution to “potentially expose certain kinds of data through a side channel,” Intel says, noting that the most common avenue for a successful exploit—which has not happened—is in web browsers. AMD and ARM-based chipsets are also impacted.

There is good news. Back in January, PC makers began deploying firmware updates to their customers that included a mitigation for Spectre Variant 1, and that mitigation is effective against this new derivative as well.

The bad news, while very much expected, is that Variant 4 will still require its own fix to be completely contained. This fix will require a combination of firmware and software updates, Intel says. As such, it will be delivered, on PCs, via Microsoft’s Windows Update and through the software that PC makers supply for driver updates.

For this reason, the new Spectre variant was jointly disclosed by Microsoft and Google, and platform makers like AMD, ARM, and Red Hat have also issued announcements as well.

In the PC space, Microsoft has a dual responsibility: It will deliver software updates to all PCs via Windows through Windows Update. And its Surface PCs will require new firmware updates to address the derivative.

“These vulnerabilities affect many modern devices including Surface devices,” Microsoft’s Brandon Records says. “In addition to the operating system updates, Surface will be making available firmware updates to address these new vulnerabilities.”

Naturally, one wonders about the potential performance impact of further fixes. Intel says that it will let customers determine whether to enable the new mitigation in their own PCs since the security threat is low. It expects most PC makers to leave it disabled by default as well.

“In this configuration, we have observed no performance impact,” Intel notes. “If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on benchmark scores.”


Tagged with ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (9)

9 responses to “Intel Finds New Spectre Derivative”

  1. Demileto

    They should call this new flaw "Skyfall".

  2. Nicholas Kathrein

    Even though Paul poopoo AMD saying they aren't really affected as much as Intel it is sure seeming like they were correct. Intel has had these coming out regularly where AMD has only had the original issue which was 1/2 as bad Intel's and the other issue where you needed have the computer in your hands which at that point all bets are off. AMD did release fixes for that.

  3. Oasis

    When are we going to get new CPUs that are not compromised by these defects???

  4. Martin Pelletier

    Not a good year for CPU makers.

  5. John Scott

    My understanding is that Intel fix for this in firmware will be set to disabled by default for OEM releases. I suspect because its either not so important or that it would degrade performance too much? Whatever the case I think this has been way over done in causing panic when these flaws will exist for the life of the hardware and have been there for years. Personally I am not worried about this in the least. Much more active threats to be concerned about.

Leave a Reply