By Steven Walton on
Today we’re taking a look at the impact addressing the Spectre ‘Variant 4’ CPU flaw has on Intel’s 8th-gen Core CPUs (Coffee Lake). Back when the Meltdown and Spectre vulnerabilities were made public in early 2018 we knew this was going to be an ongoing process.
The initial patches didn’t take care of everything. They addressed Variant 1 better known as Meltdown and then two Spectre flaws known as Variant 2 and 3. Recently though Intel and Microsoft rolled out updates to address Variant 4, a related “speculative execution” attack dubbed “Speculative Store Bypass.”
Speculative Store Bypass affects not just Intel but also AMD and ARM. That said, AMD and ARM processors can be fixed via a simple software update, so if you keep your operating system and web browser up to date you’ll be protected against Variant 4 automatically.
If you’ve got an Intel processor, fully mitigating the issue requires not just software but also firmware updates, in other words a BIOS update. Intel started shipping microcode patches for Variant 4 to its hardware partners in beta form a few months ago and only now we’re starting to see manufacturers pushing them out. In fact, to my knowledge Asus is the only board maker to do so thus far.
However while the latest round of BIOS updates from Asus does include the updated microcode for Variant 4, it’s not enabled in Windows by default. Right now it has to be manually enabled by adding a few registry keys. It’s likely at some point this will be done automatically.
I suspect Microsoft is worried about a repeat of the disaster they encountered when addressing the first wave of vulnerabilities, so this time they’ve taken a more cautious approach.
Powered by WPeMatico