Intel has now released Spectre-mitigating microcode updates for all chips released in the past five years and is promising new chips with built-in defenses against the attacks later this year.
Intel has spent the first quarter of 2018 on the back-foot in its attempts to patch its CPUs vulnerable to three variants of side-channel attacks known as “Meltdown and Spectre”. They were discovered by Google in mid-2017 and revealed to the public in January.
The attacks give intruders a way to exploit a performance-enhancing CPU feature called speculative execution to view sensitive information stored on chips, such as passwords. Meltdown only affected Intel CPUs while Spectre affected Intel, AMD and Arm chips.
While the flaws are difficult to exploit, they’ve proven extremely difficult to fix, with patches coming from Intel, AMD, Linux, Microsoft, Apple, Google, and hardware makers, such as Dell, Lenovo, Apple, and HP.
The Spectre attack known as Variant 2 was particularly problematic for Intel to fix due to performance overheads it caused and stability issues that prompted Intel to call on OEMs to stop releasing its microcode updates on January 22. Intel had hoped to patch all CPUs released in the past five years by the end of January, but it’s only managed to achieve that this week.
Intel CEO Brian Krzanich announced today that the forthcoming 2018 Intel Xeon and 8th generation Core chips under the Cascade Lake codename will feature new hardware mitigations that address the Spectre Variants 2 attack and the Meltdown attack known as Variant 3. The chips are due out in the second half of the year.
Krzanich said the hardware mitigations include a partitioning feature to protect against Variant 2 Spectre and and Meltdown. Meanwhile Spectre Variant 1, a browser-based attack, will continue to be mitigated with further software updates, such as kernel fixes from Microsoft and Linux.
"Think of this partitioning as additional “protective walls” between applications and user privilege levels to create an obstacle for bad actors,” said Krzanich.
“As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance,” he added.
Intel has released a YouTube video to explain what CPU speculative execution and how its partitioning address Spectre Variant 2.
As of last week, Intel had re-released microcode to OEMs and other vendors for nearly all chip families back to 2011’s Sandy Bridge Core i processors.
Microsoft this week also released a huge bundle of firmware updates containing Intel’s fixed microcode from late February. Dell, HP, Lenovo and other hardware makers meanwhile have been making gradual progress releasing BIOS updates with the new microcode to end-users.
Krzanich said Intel had released new microcode updates for all of Intel chips launched in the past five years.