Microsoft and Google have joined hands to discover a new CPU security vulnerability that is very much similar to Meltdown and Spectre flaws. Named as Speculative Store Bypass (variant 4) is dangerous to systems as the vulnerability is capable of exploiting speculative execution that modern CPU have these days. Most of the browsers including Edge, Safari as well as Chrome that were vulnerable to meltdown and on the same issue Intel says, “these mitigations are also applicable to variant 4 and available for consumers to use today.”
This new vulnerability will also have the firmware update for CPU that are known to affect the system performance. Meanwhile, Intel has already provided microcode updates in beta form for Speculative Store Bypass. More updates will be made available from the company in the upcoming weeks. The company will work on the firmware updates in order to help people not to see the negative performance impacts.
“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” quoted Intel’s security chief, Leslie Culbertson.
On the same issues, Microsoft spokesperson quoted, “We are continuing to work with affected chip manufacturers and have already released defense-in-depth mitigations to address speculative execution vulnerabilities across our products and services, we’re not aware of any instance of this vulnerability class affecting Windows or our cloud service infrastructure. We are committed to providing further mitigations to our customers as soon as they are available, and our standard policy for issues of low risk is to provide remediation via our Update Tuesday schedule.”
Last year Microsoft started offering $250,000 for bug fixing much similar to specter CPU flaws as well as meltdowns. And, the company also said it discovered a similar bug in last November only. Additionally, it also introduced the variant to the industry partners. For this new vulnerability, Microsoft is working with Intel to come up with a secured solution.
Talking about Intel, it is already working for its series of CPU change for the future. Intel is set to redesign its processors to get protection from such vulnerabilities. Company’s next-generation Xeon processors (Cascade Lake) will have built-in hardware protection, including 8th generation Intel Core processors.