Microsoft, Intel, and Google have jointly disclosed a new variant of the Meltdown and Spectre vulnerabilities that originally drew attention in January. So far, Intel says it hasn't yet seen any reports of the method being employed as part of "real-world exploits."
Dubbed "Variant 4," the new vulnerability uses speculative execution to expose data in a method similar to the original set of variants. The variant, Intel says, was demonstrated by researchers in a language-based runtime environment, which is commonly used in web browsers.
However, protections already deployed by browser makers for earlier variants also applicable to Variant 4. From Intel:
Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today.
Still, Intel says it is working on a combination of microcode and software updates that will provide further mitigation for Variant 4. The microcode updates are already available as a beta for OEM manufacturers and software vendors, and Intel expects them to be released "over the coming weeks." In its tests, Intel says it saw a performance impact of between two and eight percent with the mitigation enabled. However, once available, the mitigation will be off by default with the option to enable it.
In its own security advisory, Microsoft said: "At the time of publication, we are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate."
Though it initially hit some snags with its first round of patches for the original exploits, Intel in March said it had released microcode updates for all of its products released in the past five years. Going forward, Intel is redesigning its processors to guard against attacks like Meltdown and Spectre.
We may earn a commission for purchases using our links. Learn more.
Expect new content for Age of Empires 2 and 3 Definitive Editions soon
Microsoft and its studio partners aren't letting Age of Empires fade away. New content for Age of Empires 2 and 3 DE is planned, some sooner than later.
Age of Empires 4 devs talk about their vision of a true Age 2 successor
We now have a whole lot more information about Age of Empires 4, and we sat down with three developers to further discuss some of the details about the next big RTS game.
Review: HP ENVY 14 brings premium features to a fantastic creator's laptop
For creative professionals who want a Windows 10 PC, you have the choice of 13-inch Ultrabooks with no NVIDIA GPU or honking big 15-inch laptops that are not so fun to use on planes or to carry. The new HP ENVY 14 looks to solve that, and it does so with outstanding results. This $1,260 laptop should be on your short list.
Expand your Xbox storage with one of these spectacular SSDs
Chances are you're going to run out of space on your Xbox One. These five leading SSDs pull the best out of your Xbox One.