Silent Windows update patched side channel that leaked data from Intel CPUs
Enlarge / An uncovered Intel Core i5-3210M (BGA) inside of a laptop. (credit: Kif3)
Microsoft last month pushed a silent update that mitigated a serious vulnerability in all CPUs Intel has introduced since 2012, researchers who discovered the flaw said Tuesday.
The vulnerability-discovered and privately reported to Intel 12 months ago-resided in every CPU Intel has introduced since at least its Ivy Bridge line of processors and possibly earlier, a researcher from security firm Bitdefender told Ars. By abusing a performance capability known as speculative execution, attackers could open a side channel that leaks encryption keys, passwords, private conversations, and other secrets that are normally off limits.
The attack demonstrated in a research paper published by Bitdefender is similar to those disclosed in January 2018 under the names Spectre and Meltdown. Patches Microsoft released around the same time largely blunted those attacks. Microsoft's advisory described the flaw occurring "when certain central processing units (CPU) speculatively access memory," without mentioning Intel or any other chip maker. Bitdefender researchers, meanwhile, said they tested two AMD chips and found no evidence either was affected.
Read 17 remaining paragraphs | Comments