Google and Microsoft discover new Spectre variant
But patching Speculative Store Bypass flaw could hit performance by up to 8%, warns Intel
A new Spectre and Meltdown variant has been discovered by Google and Microsoft researchers.
The newly-revealed flaw, called Variant 4, or Speculative Store Bypass, affects processors from Intel, ARM and AMD, meaning hundreds of millions of devices are potentially impacted, though no exploits have been seen in the wild.
Intel said that like Spectre, the variant relies on speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An advisory by US-CERT said that the vulnerability could allow an attacker to access and read older CPU memory either in the CPU stack or other memory locations.
"An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries," Microsoft Security Center's Security Advisory read.
While Intel said some of the Variant 4 exploits were mitigated by previous patches, it has also delivered a microcode update to address the new variant in beta form to OEMs and software vendors, expecting it to be released into production BIOS and software updates over the coming weeks.
However, the patch will be turned off by default, with Intel warning of a 2% to 8% performance hit for those that do enable it.
"We expect most industry software partners will likewise use the default-off option," said Leslie Culbertson, Intel's executive vice president and general manager of product assurance and security.
ARM noted in a blog post that "this method is dependent on malware running locally which means it's imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads".
How inkjet can transform your business
Get more out of your business by investing in the right printing technologyDownload now
Journey to a modern workplace with Office 365: which tools and when?
A guide to how Office 365 builds a modern workplaceDownload now
Modernise and transform your sales organisation
Learn how a modernised sales process can drive your businessDownload now
Your guide to managing cloud transformation risk
Realise the benefits. Mitigate the risksDownload now