1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Intel confirms new Spectre 1.1, 1.2 vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 11 Jul 2018.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,484
    Likes Received:
    176
    Time to air-gap everything. This internet thing is maybe more trouble than it's worth ;)
     
  3. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    17,761
    Likes Received:
    3,843
  4. loftie

    loftie Modder

    Joined:
    14 Feb 2009
    Posts:
    3,105
    Likes Received:
    235
    Quick, look over there!
    I wonder which modern OSs aren't affected? Also if most are would a microcode update not be a better idea than requiring most OSs to be updated - unless the patches for different OSs are basically the same? :confused:
     
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    14,335
    Likes Received:
    2,442
    Microcode updates require OEMs to care enough to release updates BIOS/UEFI with the updated microcode. You just need to look at the original round of spectre updates to see how relying on OEM updates pans out.

    Updating at the microcode level is preferable, updating at the OS level is less grief in the long run and covers those OEMs who can't [or won't] provide an updated BIOS/UEFI.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    15,573
    Likes Received:
    4,470
    Not necessarily: you can also load the microcode at boot time as a patch, which I'll grant you requires the operating system makers to test and release said microcode update themselves - but there are fewer operating system makers than OEMs.
     
  7. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    For one vulnerability? Maybe.

    But SPECTRE isn't just "a" vulnerability, it's a whole new class of vulnerabilities, so expect to see a lot more where this came from! You wouldn't expect a CPU to detect and avoid all possible buffer underrun vulnerabilities, you rely on the OS and software to be written to mitigate that avenue of vulnerability. You would not demand that CPUs eliminate buffers, as it would result in unaceptable performance regression. Likewise, you would not demand speculative execution be eliminated, but instead write software to avoid that vulnerability being used in practice.
     
Tags: Add Tags

Share This Page