New Intel processors to have hardware-based protections against Meltdown, Spectre 2
Intel has officially pushed out microcode updates with Spectre and Meltdown mitigations for all of the processors it launched in the past five years.
In addition to this, the company’s CEO announced new, redesigned processor lines that will start shipping later this year and will include hardware-based protection for Meltdown (exploiting CVE-2017-5754, a rogue cata cache load flaw) and variant 2 of Spectre (exploiting CVE-2017-5715, a branch target injection vulnerability).
New silicon, new hardware protections
“While [Spectre] Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two,” Intel CEO Brian Krzanich announced.
“We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 [Spectre] and 3 [Meltdown]. Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors. These changes will begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel Core processors expected to ship in the second half of 2018. ”
He did not offer more details about these protections, but the video included in the announcement says that the Spectre variant 2 fixes will make it so that attackers can’t influence the path the speculative execution process and use misdirections to gain access to sensitive data. The solution, Intel says, “retains the many benefits of speculative execution, while addressing the threat of variant 2.”
Organizations and users who don’t want to spend money on new processors will have to make do with the firmware updates for the old ones – and suffer some performance impacts.
Microcode updates
“We have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google,” Krzanich noted.
It is on industry partners like Microsoft to implement them via firmware and software updates.
Krzanich, of course, advised everyone to implement the updates as they are made available.