March 28, 2018 at 20:19“Without Meltdown and Specter”: Intel redesigns its processors
Intel announced last week that it is continuing to work on protection from Meltdown and Specter. In addition to the released software “patches” for existing processors, the company intends to rework subsequent models at the “silicon level”.
Details below. / photo Intel Free Press CC
Intel CEO Brian Krzanich in the middle of the month presented a report on the work done by the company since the discovery of vulnerabilities. According to him, microcode updates for all products released over the past 5 years have already been released.
We are talking about the platforms Kaby Lake, Coffee Lake and Skylake, representing the 6th, 7th and 8th generations of Intel processors, as well as the "family" Core X. The update also affected the recently announced Intel Xeon and Intel Xeon D, intended for use in the data center .
Intel previously released software patches (in early January) after information about Specter and Meltdown received wide publicity in the press. However, updates on many computers resulted incrashes, reboots, and BSODs. But later, the IT giant released new updates with which there were no problems.
In addition to software updates, the company decided to process the chips at the "silicon" level. For this, Intel even created a special IPAS group (Intel Product Assurance and Security) led by Leslie S. Culbertson, one of Intel's long-standing top managers. The group's goal is not only the development of hardware patches from Specter and Meltdown, but also the search for solutions to prevent possible threats in the future.
Hardware enhancements will begin with the new Intel Xeon Scalable (codenamed Cascade Lake), as well as the 8th generation Intel Core processors, which will hit the market in the second half of 2018. CEO Brian Krzhanich assures that "work in this direction is a long-term process that the company takes seriously."
The vulnerability problem affected AMD products only partially - Meltdown “bypassed” AMD. The company released a software patch from Spectre Variant 1 in the form of updates for your operating system and firmware modification to counteract Spectre Variant 2. However, according to the assurances of the company, AMD updates were not critical.
Despite this, it was decided to take a number of additional measures. AMD CEO Lisa Su has confirmed that the new Zen 2 architecture will include a “silicon-level” fix. The release of Zen 2 with a 7 nm manufacturing process is expected in 2019.
/ photo Fritzchens Fritz CC
Microsoft recently launched a new bug-bounty program aimed at detecting vulnerabilities like Specter and Meltdown in Windows and Azure products. The reward for the bug depends on the level of danger found - there are only four of them.
The first level (from 5 to 25 thousand dollars) corresponds to finding already known vulnerabilities (such as CVE-2017-5753) in Windows 10 or Microsoft Edge, and the fourth (from 100 to 250 thousand dollars) corresponds to the discovery of previously unknown attack vectors. Microsoft suggested searching for vulnerabilities until December 31, 2018.
Intel is also not far behind and in March expanded its bug-bounty program. For finding threats such as Specter and Meltdown, the corporation will pay from 20 to 250 thousand dollars, depending on the rating.CVSS (Common Vulnerability Scoring System) vulnerability identified. As with Microsoft, the program is active until December 31, 2018.
Details below. / photo Intel Free Press CC
Software Patches for Current Products
Intel CEO Brian Krzanich in the middle of the month presented a report on the work done by the company since the discovery of vulnerabilities. According to him, microcode updates for all products released over the past 5 years have already been released.
We are talking about the platforms Kaby Lake, Coffee Lake and Skylake, representing the 6th, 7th and 8th generations of Intel processors, as well as the "family" Core X. The update also affected the recently announced Intel Xeon and Intel Xeon D, intended for use in the data center .
Intel previously released software patches (in early January) after information about Specter and Meltdown received wide publicity in the press. However, updates on many computers resulted incrashes, reboots, and BSODs. But later, the IT giant released new updates with which there were no problems.
Recycling future processor models
In addition to software updates, the company decided to process the chips at the "silicon" level. For this, Intel even created a special IPAS group (Intel Product Assurance and Security) led by Leslie S. Culbertson, one of Intel's long-standing top managers. The group's goal is not only the development of hardware patches from Specter and Meltdown, but also the search for solutions to prevent possible threats in the future.
Hardware enhancements will begin with the new Intel Xeon Scalable (codenamed Cascade Lake), as well as the 8th generation Intel Core processors, which will hit the market in the second half of 2018. CEO Brian Krzhanich assures that "work in this direction is a long-term process that the company takes seriously."
What does AMD do
The vulnerability problem affected AMD products only partially - Meltdown “bypassed” AMD. The company released a software patch from Spectre Variant 1 in the form of updates for your operating system and firmware modification to counteract Spectre Variant 2. However, according to the assurances of the company, AMD updates were not critical.
Despite this, it was decided to take a number of additional measures. AMD CEO Lisa Su has confirmed that the new Zen 2 architecture will include a “silicon-level” fix. The release of Zen 2 with a 7 nm manufacturing process is expected in 2019.
/ photo Fritzchens Fritz CC
How else are they fighting Specter and Meltdown
Microsoft recently launched a new bug-bounty program aimed at detecting vulnerabilities like Specter and Meltdown in Windows and Azure products. The reward for the bug depends on the level of danger found - there are only four of them.
The first level (from 5 to 25 thousand dollars) corresponds to finding already known vulnerabilities (such as CVE-2017-5753) in Windows 10 or Microsoft Edge, and the fourth (from 100 to 250 thousand dollars) corresponds to the discovery of previously unknown attack vectors. Microsoft suggested searching for vulnerabilities until December 31, 2018.
Intel is also not far behind and in March expanded its bug-bounty program. For finding threats such as Specter and Meltdown, the corporation will pay from 20 to 250 thousand dollars, depending on the rating.CVSS (Common Vulnerability Scoring System) vulnerability identified. As with Microsoft, the program is active until December 31, 2018.
Other content from 1cloud's corporate blog:
- Meltdown and Specter: New Year's processor vulnerability
- Think of the cloud as a cloud: what is common between a virtual environment and hardware
- Virtual tables and windows: how to “teleport” a workplace
- 4 key cloud security trends
- Securing your Linux system: 10 tips
- A bit about security in the cloud: what does a provider do