![]() ![]() It seems computers running Windows 10, Windows 8.1 and Windows 7 were all affected, with some of the machines dating back 10 years. The issue was brought to Microsoft's attention on its customer support blog, with users saying their devices stopped loading the Start menu or taskbar after installing updates pushed to their devices on the 3 and 9 January. Shortly after publishing a fix in January, Microsoft removed the update after a number of AMD-powered PCs failed to boot following the installation of the security patch. In the race to patch the vulnerabilities when they became known at the start of 2018, vendors issued updates that created many issues for users. Some of these have been more successful than others and Intel took a number of attempts to issue ones that didn't cause major problems such as causing computers to repeatedly reboot or run extremely slowly.Ĭonsequently, if you're running a computer or servers bought more recently than 1995 and haven't installed the patches issued by the chip manufacturers, your system(s) are almost certainly affected. Doing so leaks data that should stay private.Ī Spectre attack needs more knowledge of the victim program's inner workings, and doesn't permit access to other programs' data, but will also work on just about any computer processor out there.Īlthough Intel was the first to be identified and the first to acknowledge the problem both in private and in public ARM and AMD CPUs are also affected.Īll three have issued patches for their components (more information on that below), typically consisting of microcode mitigations. A chip performing speculative execution would start carrying out Y before the user chooses to perform X, to get a headstart on computation. Spectre, on the other hand, gets its name from a procedure known as "speculative execution" that is supposed to help computers carry out actions in a non-linear fashion, improving the speed of execution.įor instance, if the program a user is running follows an 'if X, then Y' rule, then if a user chooses to perform X, the chip must then work on carrying out Y. In side-stepping these defences, Meltdown permits attackers or malware to access and pry on data they shouldn't be able to. Meltdown is so-called as it has the ability to "melt" the restrictions usually set in place at a chip's hardware level that should, in theory at least, protect sectors of the memory. Both include malicious code gaining access to data that is normally protected by the kernel. Spectre and Meltdown are the names given to the diverse variants of this same vulnerability. By exploiting the kernel in different ways, Meltdown and Spectre have the potential to allow intruders to get access to data previously thought completely protected. The kernel on a computer chip moves data around a chip's various sections of memory in response to what command a user is carrying out. This flaw basically enables normal user programs, such as database applications and JavaScript in web browsers, to identify some of the layout or contents of protected kernel memory areas of the vulnerable chips. ![]() Spectre vulnerabilities cannot be mitigated by software alone.Intel faces 32 lawsuits over the Meltdown and Spectre flaws.Meltdown and Spectre: Samsung Galaxy S7 vulnerable to Meltdown hack.Linus Torvalds blasts Intel's Meltdown/Spectre patch as "pure garbage".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |