Patch for Spectre, Meltdown causing problems in older chips


Intel said Thursday its patches for vulnerable processors are causing some computers using its older chips to reboot more often.

It’s the latest buggy update since the Spectre and Meltdown revelations, two flaws affecting computer processors, were revealed last week.

Intel (INTC) may need to issue another update to fix the problem, Navin Shenoy, manager of its data center group, said.

Virtually all computer and mobile chips were affected by the Spectre flaw, and software makers, device manufacturers, and chipmakers themselves are working to secure consumers.

But fixes are not happening smoothly. Microsoft’s fixes initially didn’t work with some third-party software, and the Wall Street Journal reported on Thursday Intel asked some of its cloud customers to hold off on installing patches.

Microsoft said this week security patches will slow down most computers, though it varies based on the age of a computer and its operating system. Intel CEO Brian Krzanich said at a conference on Monday that the effect on performance depends a great deal on the work the processors are being asked to do.

According to Jake Williams, founder of Rendition InfoSec, businesses will suffer the most as a result of these chip flaws. Williams says people will be dealing with these vulnerabilities for years to come.

“I expect that as a pen tester and hacker that we’ll still see and be able to exploit this a decade from now in a lot of environments,” he told CNN Tech.

Pen testers are paid to legally attack computer systems to look for flaws.

Part of the issue lies in technical debt accumulated by large organizations. Many firms have old, outdated machines and software that need to be fixed, but they often don’t get updated in a timely manner.

Related: The computer chip debacle: Businesses are scrambling

For recent chip flaws, once the patches are applied, developers have to rewrite code to support the patch.

In the most basic terms, Williams explained, vulnerable processors are like an old, broken bridge. Intel’s patch effectively builds a new bridge right next to the broken one, but developers still have to tell the cars to cross the new bridge instead of the old one.

Compounding future issues is that it’s also likely these two major processor flaws are not the only ones security researchers will discover.

The authors of a technical paper that identified the Spectre vulnerability, say more work will be required to examine the security of processors because the very design of computer building blocks may be insecure, and there are likely vulnerabilities they didn’t find.

As operating systems continue to become more locked down, researchers will spend time looking at the nuts and bolts of computers to find vulnerabilities, rather than holes in software like Windows or macOS.

Williams expects security experts to double down on this field of research. Despite these flaws existing for over two decades, researchers independently discovered them at the same time.

“Now that there’s all this blood in the water, I expect more researchers to look at these microprocessor vulnerabilities,” Williams said.

CNNMoney (New York) First published January 12, 2018: 3:20 PM ET

Source Link

Create a shortened URL

What's Your Reaction?

Cry Cry
0
Cry
Cute Cute
0
Cute
Damn Damn
0
Damn
Dislike Dislike
0
Dislike
Like Like
0
Like
Lol Lol
0
Lol
Love Love
0
Love
Win Win
0
Win
WTF WTF
0
WTF

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of

Patch for Spectre, Meltdown causing problems in older chips

log in

Become a part of our community!

reset password

Back to
log in

Hey there!

or

Forgot password?

Forgot your password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Close
of

Processing files…

Choose A Format
Gif
GIF format