1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Intel confirms new Spectre 1.1, 1.2 vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 11 Jul 2018.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    1,522
    Likes Received:
    27
    Read more
     
  2. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,468
    Likes Received:
    167
    Time to air-gap everything. This internet thing is maybe more trouble than it's worth ;)
     
  3. adidan

    adidan Avatar is nearly back in season.

    Joined:
    25 Mar 2009
    Posts:
    12,258
    Likes Received:
    885
  4. loftie

    loftie Well-Known Member

    Joined:
    14 Feb 2009
    Posts:
    2,756
    Likes Received:
    97
    Quick, look over there!
    I wonder which modern OSs aren't affected? Also if most are would a microcode update not be a better idea than requiring most OSs to be updated - unless the patches for different OSs are basically the same? :confused:
     
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    9,912
    Likes Received:
    908
    Microcode updates require OEMs to care enough to release updates BIOS/UEFI with the updated microcode. You just need to look at the original round of spectre updates to see how relying on OEM updates pans out.

    Updating at the microcode level is preferable, updating at the OS level is less grief in the long run and covers those OEMs who can't [or won't] provide an updated BIOS/UEFI.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,032
    Likes Received:
    1,061
    Not necessarily: you can also load the microcode at boot time as a patch, which I'll grant you requires the operating system makers to test and release said microcode update themselves - but there are fewer operating system makers than OEMs.
     
  7. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,679
    Likes Received:
    164
    For one vulnerability? Maybe.

    But SPECTRE isn't just "a" vulnerability, it's a whole new class of vulnerabilities, so expect to see a lot more where this came from! You wouldn't expect a CPU to detect and avoid all possible buffer underrun vulnerabilities, you rely on the OS and software to be written to mitigate that avenue of vulnerability. You would not demand that CPUs eliminate buffers, as it would result in unaceptable performance regression. Likewise, you would not demand speculative execution be eliminated, but instead write software to avoid that vulnerability being used in practice.
     
Tags: Add Tags

Share This Page