As I’m no longer regularly working in the security industry, this page is no longer being maintained. It’s left up here for historical reasons only.
David Harley, 15th April 2020
This was originally a one-off blog article relating strictly to Meltdown/Spectre-related issues: now expanded and to be maintained (when time allows) here as a ‘live’ resource. While those vulnerability issues aren’t likely to go away immediately and apply across a wide range of platforms, I’ve also been adding chip/CPU/GPU info that are of interest but not directly related. However, I don’t promise any in-depth commentary: rather, links to articles and resources that might be useful. Where I can’t resist commenting at length, it will be in an article on this site, though it may be reproduced or just linked to on this page. NB: as I’m no longer working in the security industry, additions to this page will be the exception rather than the rule.
Index
- News and General Resources
- Webkit
- PoCs (Proofs of Concept)
- Skyfall/Solace
- Security Company Commentary
- ESET Resources
- G-Data Resources
- Checkpoint Resources
- Trend Micro Resources
- Affected Companies
- Apple
- Google/Android
- IBM
- Intel
- AMD
- Microsoft/Windows
- ICS/SCADA
News & General resources
[19th February 2019]
TechBeacon: Google: ‘Spectre can’t be fixed.’ Panic now?
“Software alone can’t save us from Spectre-class vulnerabilities in modern CPUs. That’s the scary conclusion from a bone-dry research paper penned by Google engineers.”
Commentary curated by Richi Jennings.
[11th December 2018]
The Register: In case you’re not already sick of Spectre… Boffins demo Speculator tool for sniffing out data-leaking CPU holes – “First proof-of-concept, SplitSpectre, requires fewer instructions in victim”
[18th November 2018]
The Register: Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips – “CPU slingers insist existing defenses will stop attacks – but eggheads disagree [….] “‘Speculative execution’ is often falsely used as an umbrella term…” they explain in a paper distributed through ArXiv on Tuesday.””
Danny Bradbury for Sophos: PortSmash attack steals secrets from Intel chips on the side – “The proof of concept code, called PortSmash, comes from researchers at Finland’s Tampere University of Technology and the Technical University of Havana, Cuba. It uses a category of exploit called a side channel attack, in which one program spies on another as it runs.”
[19th October 2018]
The Register: Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3’s security chip – “Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor”
[10th October 2018]
Thomas Claburn for The Register: Intel’s commitment to making its stuff secure is called into question – ‘In an email to The Register in response to our report about the problems posed by the Manufacturing Mode in Intel’s Management Engine (ME), which if left open leaves processors vulnerable to local attack, Kanthak called Intel’s statement “a blatant lie.”‘
[4th October 2018]
Thomas Claburn for The Register: Apple forgot to lock Intel Management Engine in laptops, so get patching
“In a blog post on Tuesday, researchers Maxim Goryachy and Mark Ermolov, involved in the discovery of an Intel ME firmware flaw last year, reveal that Chipzilla’s ME contains an undocumented Manufacturing Mode, among its other little known features like High Assurance Platform mode.”
[28th August 2018]
The Register: Linux 4.19 lets you declare your trust in AMD, IBM and Intel – “Wave the the CPU trust flag if you’re feeling safe enough….When random number generation is insufficiently random, encryption based on such numbers can be broken with less effort.”
[21st August 2018]
The Register: Fix for July’s Spectre-like bug is breaking some supers – “RDMA-Lustre combo swatted, HPC admins scramble”
[20th August 2018]
Foreshadow web page resource:
- USENIX paper
- Foreshadow NG technical report
[17th August 2018]
Dave Lee for the BBC: Foreshadow’ attack affects Intel chips – “Researchers have found another serious security flaw in computer chips designed by Intel…Nicknamed Foreshadow, this is the third significant flaw to affect the company’s chips this year.”
For more details, see the advisory on Intel’s web site. Also:
- Richard Chirgwin: Foreshadow and Intel SGX software attestation: ‘The whole trust model collapses’ – “El Reg talks to Dr Yuval Yarom about Intel’s memory leaking catastrophe” I wish I could do something about my own memory leaking…
- Security Week: Foreshadow: New Speculative Execution Flaws Found in Intel CPUs
- Intel Newsroom: Protecting Our Customers through the Lifecycle of Security Threats
The Register: Three more data-leaking security holes found in Intel chips as designers swap security for speed “Apps, kernels, virtual machines, SGX, SMM at risk from attack…The operating system and hypervisor-level flaws – CVE-2018-3620 and CVE-2018-3646 – were discovered by Intel’s engineers after they were tipped off about CVE-2018-3615, the SGX issue, by the university researchers.”
Thomas Claburn for The Register: The off-brand ‘military-grade’ x86 processors, in the library, with the root-granting ‘backdoor’ – “Dive into a weird and wonderful ‘feature’ of Via’s embedded hardware chips … A forgotten family of x86-compatible processors still used in specialist hardware, and touted for “military-grade security features,” has a backdoor that malware and rogue users can exploit to completely hijack system
[27th July 2018]
- A paper from the University of Graz offers a disquieting alternative view, suggesting that Spectre attacks aren’t necessarily dependent on code being executed locally. The paper NetSpectre: Read Arbitrary Memory over Network demonstrates “a generic remote Spectre variant 1 attack … the first access-driven remote Evict+Reload cache attack over network”.Admittedly, a side-channel attack that leaks 15 bits an hour doesn’t sound all that impressive, though the researchers also claimed that “Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system.” For the Register, Thomas Claburn points out that this might not be as bad as it sounds, in that “it could take days to find and gather privileged information such as an encryption key or authentication token.”According to Claburn, Intel are playing it cool: “”NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate…” Claburn interprets this as meaning that “Essentially, if you’ve updated your code and applications to mitigate previous Spectre exploits, you should be safe from NetSpectre.”
- Researchers in the US also have a new Spectre attack to pique our interest. Here’s the research in question: Spectre Returns! Speculation Attacks using the Return Stack Buffer from the University of California, Riverside. “In this paper, we introduce a new Spectre-class attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses.”Commentary from Bleeping Computer (Catalin Cimpanu): Researchers Detail New CPU Side-Channel Attack Named SpectreRSB.
- The Register cites an instance where the medicine could do with a spoonful of sugar: Spectre/Meltdown fixes in HPC: Want the bad news or the bad news? It’s slower, say boffins – “MIT Lincoln metalheads broke big iron so you don’t have to… oh, you still have to, don’t you?…network connections, disk accesses, and computational workloads can all be affected by the fixes, whether in the operating system or the microcode.”
- Also from Bleeping Computer: Academics Announce New Protections Against Spectre and Rowhammer Attacks – “Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer.”
- Maybe the sky is falling after all. In a paper dramatically entitled Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers, Eurecom researchers they present “a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. … the radio transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing on the CPU. The well-known electromagnetic (EM) leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna.”Commentary by Richard Chirgwin for The Register: Boffins: Mixed-signal silicon can SCREAM your secrets to all – “‘Screaming Channels’, a side-channel baked into off-the-shelf Wi-Fi, Bluetooth silicon.”
[15th July 2018]
John Leyden for The Register: Google’s ghost busters: We can scare off Spectre haunting Chrome tabs – “Site Isolation keeps pages fully separate on Windows, Mac, Linux, Chrome OS … Rather than solely defending against cross-site scripting attacks, the technology is now positioned as a necessary defence against infamous data-leaking Spectre CPU vulnerabilities, as a blog post by Google explained this week…”
[11th July 2018]
The Register: Another Spectre CPU vulnerability among Intel’s dirty dozen of security bug alerts today – “Chipzilla preps for quarterly public patch updates”
[29th June 2018]
Catalin Cimpanu for Bleeping Computer: Some Spectre In-Browser Mitigations Can Be Defeated “According to research published by Aleph Security … researchers were able to put together proof-of-concept code that retrieves sensitive data from a browser’s protected memory … their PoC bypassed Spectre mitigations and retrieved data from browsers such as Edge, Chrome, and Safari.” (But not Firefox, apparently.)
[27th June 2018]
Ars Technica: Hyperthreading under scrutiny with new TLBleed crypto key leak – “A new attack prompted OpenBSD’s developers to disable hyperthreading by default…developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors.
The Register: Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn’t worry about – “How to extract 256-bit keys with 99.8% success…Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications.”
Bleeping Computer: Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless – “Upcoming additions to the WebAssembly standard may render useless some of the mitigations put up at the browser level against Meltdown and Spectre attacks, according to John Bergbom, a security researcher at Forcepoint. WebAssembly (WA or Wasm) is a new technology that shipped last year and is currently supported within all major browsers, such as Chrome, Edge, Firefox, and Safari.”
[16th June 2018]
1.
Lawrence Abrams for Bleeping Computer: New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs – ‘According to Intel this new vulnerability affects all Intel Intel Core-based microprocessors and is a bug in the actual CPU, so it does not matter what operating system the user is running. It could be Windows, Linux, BSD, or any other operating running an an Intel Core-based CPU and using “Lazy FPU context switching”.’
2.
The Register: Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune – “Malware on Cores, Xeons may lift computations, mitigations in place or coming … In short, the security hole could be used to extract or guess at secret encryption keys within other programs, in certain circumstances, according to people familiar with the engineering mishap.”
3.
The Register: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix – “Good thing too because Intel’s planned chip changes may break Google’s Retpoline”
“In a paper distributed this week through the ArXiv preprint server, “SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation,” computer scientists from University of California, Riverside, College of William and Mary and Binghamton University describe a way to isolate the artifacts produced by speculative execution so that they can’t be used to glean privileged data.”
[6th June 2018]
Mark Pesce for The Register: ‘Moore’s Revenge’ is upon us and will make the world weird – “When everything’s smart, the potential for dumb mistakes becomes enormous”.
[1st June 2018]
The Register: Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode) – “Apps, 32 or 64-bit, will continue to run just fine as design biz looks to ditch baggage … Linux and Android, Windows, and other operating systems built for this latest Cortex-A family member are being positioned, or are already positioned, to work within this 64-bit-only zone.”
Also from The Register: Spectre-protectors: If there’s something strange in your CPU, who you gonna call? “Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more … Enhanced Spectre-protectors will soon come to the Chrome browser … and upgrades for Windows, Mac and Linux have started to flow.”
[May 30 2018]
Interesting paper: Post-Spectre Threat Model Re-Think
[26th May 2018]
- The Register: Epyc fail? We can defeat AMD’s virtual machine encryption, say boffins – Evil hypervisors can lift plaintext info out of ciphered memory, it is claimed
- For ESET, Aryeh Goretsky’s Meltdown and Spectre CPU Vulnerabilities: What You Need to Know has been updated.
- The Register: Within Arm’s reach: Chip brains that’ll make your ‘smart’ TV a bit smarter – “Get ready for a future where everything from phones to CCTV recognizes faces, things”
[12th May 2018]
- Sophos: Serious Security: The GLitch “row hammering” attack
- Pierluigi Paganini: May 2018 Android Security Bulletin includes additional Meltdown fix
- The Register: Red Hat smitten by secure enclaves ‘cos some sysadmins are evil – “Red Hat Summit Red Hat has revealed a plan to to work with CPU-makers so that its wares can take advantage of in-silicon security features such as secure enclaves.”
- The Register: Second wave of Spectre-like CPU security flaws won’t be fixed for a while – “Intel needs more time and it could be Q3 before all the patches for OSes and VMs land”
- The Register: Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed – “Grab those patches as Chipzilla updates manuals”
[5th May 2018]
The Register: Fresh fright of data-spilling Spectre CPU design flaws haunt Intel – “Chipzilla checking fresh set of CVEs in chip side-channel flaw”
And ESET’s resource article has been updated again: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know
[3rd May 2018]
Hilbert Hagedoorn for The Guru of 3-D: Eight new Spectre Variant Vulnerabilities for Intel Discovered – four of them critical
The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”
ESET: further updates to Meltdown and Spectre CPU Vulnerabilities: What You Need to Know
[27th April 2018]
Kaspersky Threat Post: MICROSOFT ISSUES MORE SPECTRE UPDATES FOR INTEL CPUS – “Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware (microcode) updates for Intel CPUs that include the Broadwell and Haswell chipsets.”
ZDnet: A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Commentary on Exploiting CVE-2018-1038 – Total Meltdown
[25th April 2018]
Kyle Orland for Ars Technica: The “unpatchable” exploit that makes every current Nintendo Switch hackable [Updated] “Newly published Tegra bootROM exploit could be a big headache for Nintendo and others.” Commentary from The Verge: Nintendo’s Switch can be hacked to run custom apps and games.
[23rd April 2018]
Security Explorations: THE ORIGIN AND IMPACT OF SECURITY VULNERABILITIES IN ST CHIPSETS SE-2011-01 [Security weaknesses in a digital satellite TV platform]
[17th April 2018]
- Ars Technica: Intel, Microsoft to use GPU to scan memory for malware – “Intel … is announcing some new initiatives that use features specific to the Intel hardware platform to boost security.”
- The Register: Intel’s security light bulb moment: Chips to recruit GPUs to scan memory for software nasties – Coprocessors drafted for threat detection duties
Help Net Security: Rambus launches fully programmable secure processing core – “At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU.”
The Register: Microsoft has designed an Arm Linux IoT cloud chip… – “Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.”
Paul Ducklin for Sophos: Could an Intel chip flaw put your whole computer at risk? – “Well, the spectre of CIH is back in the news following a recent security advisory, numbered INTEL-SA-00087, from chip maker Intel.”
[1st April 2018]
- Ars Technica: As predicted, more branch prediction processor attacks are discovered – “New attack focuses on a different part of the branch prediction system.”
- ZDnet: SonicWall seeing a Cambrian explosion of side-channel attacks “Attackers are testing the side-channel waters in the wake of Meltdown, and so far we have been lucky it is just proof of concepts.”
- Pierluigi Paganini: SgxPectre attack allows to reveal the content of the SGX enclave
- Catalin Cimpanu for Bleeping Computer: We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities “All evidence suggests most of these detections are security researchers playing with the PoC code, but experts won’t rule out that some samples are from malware authors looking for ways to weaponize the PoC code for malicious actions.”
- Fortinet says: “FortiGuard Labs has analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code. The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us.”
- AV-Test’s list of hashes – [Information from AV-Test regarding samples received from various sources (researchers, testers, security companies): the samples cover a range of platforms, not just Windows.]
- Kevin Beaumont’s AV vendor response spreadsheet
- The Register: Red Hat slams into reverse on CPU fix for Spectre design blunder – Microcode mitigations trigger system wobbles, penguinistas warn
- The Register: Biggest vuln bombshell in forever and storage industry still umms and errs over patches – Does it run in VMs, containers, systems running external code? Just. Patch. It
- Tom Allen for V3: Fake website jumps on Spectre/Meltdown patch hype – Smoke Loader malware is hiding in plain sight – May pass itself off as a patch for AMD systems, and as info from the German Federal Office for Information Security.
- Help Net Security: Meltdown and Spectre: To patch or to concentrate on attack detection?
- The Register – Vendors: Don’t sweat over Spectre, Meltdown SANitation
“Debate rages on software, HCI slowdown though” and those vendors include SAN providers Dell and Pure Storage, with commentary from Infinidat. - Edward Kovacs, for SecurityWeek: Device Manufacturers Working on BIOS Updates to Patch CPU Flaws. Includes links to responses from a range of manufacturers.
- Forbes: Here Are All The Available Fixes You Need For Those Huge Chip Hacks — UPDATED
- Gizmodo: Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]
- Mashable
- Sorin Mustaca has quite a few useful links: Sumup: CPU hardware vulnerable to side-channel attacks (Meltdown, Spectre and more)
- Endgame: Detecting Spectre And Meltdown Using Hardware Performance Counters
- ICS-CERT: Alert (ICS-ALERT-18-011-01) – Meltdown and Spectre Vulnerabilities
- Ars Technica: Researcher finds another security flaw in Intel management firmware
Active Management Technology defaults allow anyone to take control of many PCs. - Gizmodo: Intel Claims 90 Percent of Affected CPUs Have Live Patches Just as Rumors of New Attacks Arrive
- 22nd January 2018: Video Spectre and Meltdown attacks explained understandably – Anti-Malware/security product resources
- January 22nd 2018. Bruce Schneier in The Atlantic: The New Way Your Computer Can Be Attacked – Unprecedented computer-chip vulnerabilities exposed this month paint a grim picture of the future of cybersecurity.
- 29th January 2018, The Register: You can’t ignore Spectre. Look, it’s pressing its nose against your screen– Strap yourself in, this ride won’t be over for a long time yet
- 31st January 2018: Eduard Kovacs for Security Week: Malware Exploiting Spectre, Meltdown Flaws Emerges. He observes: “Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks.”
- 14th February 2018. Thomas Claburn for The Register: Hate to ruin your day, but… Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits – And upcoming hardware changes may not be enough to kill off these security bugs. He observes: “In a research paper – “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols” – out this month, bit boffins from Princeton University and chip designer Nvidia describe variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks.”
- 14th February 2018. HelpNet Security: Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs
- [16th February 2018] Help Net: 7 steps security leaders can take to deal with Spectre and Meltdown
Webkit
Webkit.org: What Spectre and Meltdown Mean For WebKit
PoCs (Proofs of Concept)
- Project Zero: CPUs: information leak using speculative execution
- Github
- React-etc: Exploiting Speculative Execution (Meltdown/Spectre) via JavaScript
Skyfall/Solace
- Rumoured additional attacks. Gizmodo: Intel Claims 90 Percent of Affected CPUs Have Live Patches Just as Rumors of New Attacks Arrive
- Skyfallattack.com: Skyfall and Solace
Security Company Commentary
ESET resources
Wait, don’t go! This resource is not run for or by ESET, and of course lots of other security companies are providing sound information on these issues. However, as I’m on several ESET mailing lists (I work with the company as a consultant) I see a wider range of material from there than I do from other companies. If time allows, I’ll try to include vendor info from other major companies too.
- Aryeh Goretsky for ESET: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know. This is updated as a comprehensive live resource, rather than as a one-off article – revision history shown at end of article. It includes a master list of vendors affected by the Meltdown and Spectre.
- Righard Zwienenberg: MADIoT – The nightmare after XMAS (and Meltdown, and Spectre)
- Customer advisory
- Meltdown & Spectre: How to protect yourself from these CPU security flaws -pointers to product-specific information
G-Data resources
Inside Meltdown and Spectre: Interview with Anders Fogh
Checkpoint resources
How The Spectre/Meltdown Vulnerabilities Work
Trend Micro Resources
Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”
Affected Companies
Apple
- Official commentary from Apple: About speculative execution vulnerabilities in ARM-based and Intel CPUs
- Graham Cluley: Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads
- 24th January 2018: The Register. It’s 2018 and your Macs, iPhones can be pwned by playing evil music (Actually mostly about macOS and iOS patches including Spectre and Meltdown fixes.)
- 31st January 2018: Lucian Constantin. Apple Finally Ships Meltdown Patch for Older MacOS Systems
Android
Chrome OS
- 21st March 2018, The Register: Creaking Chromebooks getting Meltdown protection soon – “Chrome OS 66 to protect older Intel units, still working on ARM”
IBM
Intel
[12th May 2018]
- The Register: Second wave of Spectre-like CPU security flaws won’t be fixed for a while – “Intel needs more time and it could be Q3 before all the patches for OSes and VMs land”
- The Register: Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed – “Grab those patches as Chipzilla updates manuals”
[21st April 2018] The Verge: Intel is offloading virus scanning to its GPUs to improve performance and battery life
[16th April 2018] Also only distantly related. Bleeping Computer: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware
[6th April 2018] Only distantly related, but… The Register: NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app – “No joke: another security SNAFU for Chipzilla, this time for a popular remote admin app” (applies to “Intel Remote Keyboard” for iOS and Android).
[4th April 2018] Simon Sharwood for The Register: Intel admits a load of its CPUs have Spectre v2 flaw that can’t be fixed – “And won’t fix Meltdown nor Spectre for 10 product families covering 230-plus CPUs”. For more specific information, see Intel’s document Microcode Revision Guidance, April 2 2018
[16th March 2018]
John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”
- [5th March 2018] Pierluigi Paganini: SgxPectre attack allows to reveal the content of the SGX enclave
- [1st March 2018]Spectre haunts Intel’s SGX defense: CPU flaws can be exploited to snoop on enclaves – “And no, you’re not supposed to be able to do that” Relates to Cornell University paper SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
- [23rd February 2018] The Register: Intel didn’t tell CERTS, govs, about Meltdown and Spectre because they couldn’t help fix it – Letters to Congress detail the plan to keep CPU flaws secret
- [22nd February 2018] Lucian Constantin for Security Boulevard: Spectre Patches Reach More CPUs as New Attack Variants Appear
“This means that Intel now has microcode patches available for its 6th, 7th and 8th generation of Intel Core processors, including the Intel Core X-series and the data center-specific Intel Xeon Scalable and Intel Xeon D CPUs.” - Help Net Security: Intel releases Spectre 2 microcode updates for Kaby Lake, Coffee Lake, Skylake
- Intel: Problem in patches for Spectre, Meltdown extends to newer chips
- Help Net Security: Meltdown and Spectre: To patch or to concentrate on attack detection?
- Engadget: Intel will patch all recent chips by the end of January – 90 percent of recent processors affected by Meltdown/Spectre will see fixes this week.
- The Register: Meltdown, Spectre bug patch slowdown gets real – and what you can do about it: Chip flaw fixes not so insignificant after all
- The Register: How are the shares, Bry? Intel chief cops to CPU fix slowdowns – Don’t worry, Chipzilla is ‘working tirelessly’ to resolve the issue
- Help Net Security: Troubles with Meltdown and Spectre security patches
- The Register: Intel, Microsoft confess: Meltdown, Spectre may slow your servers
“It’s getting hard to deny all the new and sluggish benchmarks - The Register: Boffins split on whether Spectre fix needs tweaked hardware “It’s not like a recall is possible, says chip security expert”
- 22nd January 2018, Intel: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners. Affected products: Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- 22nd January 2018: ‘WHAT THE F*CK IS GOING ON?’ Linus Torvalds explodes at Intel spinning Spectre fix as a security feature – Patches slammed as ‘complete and utter garbage’ as Chipzilla U-turns on microcode
- 21st January 2018: Further info on explosions from Torvalds. Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
- [16th February 2018]
- Expanding Intel’s Bug Bounty Program: New Side Channel Program
- Intel offers to pay for Spectre-like side channel vulnerabilities
- [17th February 2018] The Register: Hands up who HASN’T sued Intel over Spectre, Meltdown chip flaws – Chipzilla says class-action lawsuit tally stands at 32
[24th January 2018]
- Zelkjka Zorz for Help Net Security: Intel testing new Spectre fixes, tells everyone to hold off on deploying current firmware updates
“Shortly after Red Hat stopped providing microcode to address variant 2 (branch target injection) of the Spectre attack, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current firmware updates that fix the same vulnerability (CVE-2017-5715).”
- Intel’s own “News Byte”: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
“Based on this, we are updating our guidance for customers and partners:
- We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
- […]
- We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
“Intel told now they have identified the root cause of the reboot issue that affected Broadwell and Haswell CPUs and they are preparing a solution to address the issue and asks to hold off applying patches for Spectre and Meltdown.”
[26th January 2018]
The Register: Trebles all round! Intel celebrates record sales of insecure processors – Siri, what’s a monopoly?
[8th February 2018]
Simon Sharwood for The Register: Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery – For now, have some code that won’t crash Skylakes and stay close to your Telescreens.
He observes:
Sound advice, but a bit hard to swallow given that Shenoy’s “Security Issue Update” revealed that Intel is yet to develop properly working microcode updates for many of the CPUs imperilled by Spectre and Meltdown […] Chipzilla has managed to sort out sixth-generation Skylakes, as a February 7th Microcode Revision Guidance (PDF) document records.
AMD
- [14th April 2018] Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.
- [11th April 2018] Pierluigi Paganini: AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday.
- 21st March: AMD Initial AMD Technical Assessment of CTS Labs Research
- [16th March 2018] Not Meltdown/Spectre, but allegedly similar issues:
- Richi Jennings for Tech Beacon: AMD CPU PSP holes lead to APT SNAFU, say CTS n00b
- AMDFlaws own Legal Disclaimer
- Harsh words from Linus Torvalds quoted by ZDNet
- Motherboard.vice.com quoting Viceroy report — “We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries”
- Analysis from The Register’s Thomas Claiburn: OK, deep breath, relax… Let’s have a sober look at these ‘ere annoying AMD chip security flaws – Holes useful for malware on completely pwned PCs, servers
- [22nd February 2018] Shaun Nichols for The Register: Guess who else Spectre is haunting? Yes, it’s AMD. Four class-action CPU flaw lawsuits filed
“At least four separate lawsuits have now been filed against the California-based processor slinger, alleging violations ranging from securities fraud to breach of warranty, unfair competition, and negligence.” - Graham Cluley: Ouch! Microsoft’s Meltdown and Spectre security update bricks some AMD-powered PCs
- Malware Tips: Here’s how the new Meltdown patch for Windows is enforced for AMD systems
- Tom Allen for V3: Fake website jumps on Spectre/Meltdown patch hype – Smoke Loader malware is hiding in plain sight – May pass itself off as a patch for AMD systems, and as info from the German Federal Office for Information Security.
- Bleeping Computer: Microsoft Resumes Meltdown & Spectre Updates for AMD Devices
Microsoft/Windows
[14th April 2018] Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.
[11th April 2018] Pierluigi Paganini: AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday.
[3rd April 2018] And the sad story of Microsoft’s Windows 7 patch does not yet seem to be over. Shaun Nichols for The Register: Mad March Meltdown! Microsoft’s patch for a patch for a patch may need another patch – “If at first, er, second, ah, third, no, fourth, you fail, sadly, you’re probably Redmond”
[March 31st 2018]
- The Register: Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency fix – “If at first you don’t succeed, you’re Redmond”
[March 29th 2018]
- Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)
[March 28th 2018]
- The Register: Microsoft’s Windows 7 Meltdown fixes from January, February made PCs MORE INSECURE – “You’ll want to install the March update. Like right now – if you can avoid broken networking”
[March 23rd 2018]
Microsoft Technet: KVA Shadow: Mitigating Meltdown on Windows
[March 16th 2018]
Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”
[March 2nd 2018.]
- John Cable: Update on Spectre and Meltdown security updates for Windows devices. Commentary from The Register: Microsoft lobs Skylake Spectre microcode fixes out through its Windows – Just go install Intel’s patch while we hunt the next CPU-level security flaw in Intel’s silicon
- Microsoft: Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
- Graham Cluley: Until your anti-virus adds this Registry key, you aren’t getting any more Windows security updates
- Graham Cluley: Ouch! Microsoft’s Meltdown and Spectre security update bricks some AMD-powered PCs
- The Register: Intel, Microsoft confess: Meltdown, Spectre may slow your servers
It’s getting hard to deny all the new and sluggish benchmarks - Anti-Malware and the Microsoft Registry key issue
- Help Net Security: Troubles with Meltdown and Spectre security patches
- John Leyden for The Register: CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar – You’re fondling our kernel wrong, grumbles Microsoft
- Help Net Security: Spectre updates will slow down Windows servers and PCs running older versions of the OS “While Intel continues to play down the slowing effect the patches for Meltdown and Spectre can have on machines using their CPUs, Microsoft has finally shared some – though still not definite – indicators of the possible outcomes.”
- Bleeping Computer: Microsoft Resumes Meltdown & Spectre Updates for AMD Devices
ICS/SCADA
- Alert (ICS-ALERT-18-011-01A) Meltdown and Spectre Vulnerabilities (Update A)
- The Register: Now Meltdown patches are making industrial control systems lurch
Automation and SCADA-flingers admit fix has affected products - The Register: Industrial systems scrambling to catch up with Meltdown, Spectre – Some confessions, but ‘watch this space’ is the more common reaction – when there is one
- ICS-CERT: Alert (ICS-ALERT-18-011-01B) – Meltdown and Spectre Vulnerabilities (Update B)
David Harley