Intel discloses new variant of Meltdown and Spectre exploits
Microsoft says it isn't aware of "any exploitable code patterns" of the vulnerability in its software or cloud service infrastructure.
Microsoft, Intel, and Google have jointly disclosed a new variant of the Meltdown and Spectre vulnerabilities that originally drew attention in January. So far, Intel says it hasn't yet seen any reports of the method being employed as part of "real-world exploits."
Dubbed "Variant 4," the new vulnerability uses speculative execution to expose data in a method similar to the original set of variants. The variant, Intel says, was demonstrated by researchers in a language-based runtime environment, which is commonly used in web browsers.
However, protections already deployed by browser makers for earlier variants also applicable to Variant 4. From Intel:
Still, Intel says it is working on a combination of microcode and software updates that will provide further mitigation for Variant 4. The microcode updates are already available as a beta for OEM manufacturers and software vendors, and Intel expects them to be released "over the coming weeks." In its tests, Intel says it saw a performance impact of between two and eight percent with the mitigation enabled. However, once available, the mitigation will be off by default with the option to enable it.
In its own security advisory (opens in new tab), Microsoft said: "At the time of publication, we are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate."
Though it initially hit some snags with its first round of patches for the original exploits, Intel in March said it had released microcode updates for all of its products released in the past five years. Going forward, Intel is redesigning its processors to guard against attacks like Meltdown and Spectre.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl.
We the masses only become aware when they're announced. At every point in time, your PC has security holes not yet published.