Microsoft issues Windows update to disable Intel's rubbishy Spectre variant 2 mitigation


Microsoft issues Windows update to disable Intel's rubbishy Spectre variant 2 mitigation

There is now no evidence to suggest that the Chinese government took advantage of the exploits but the lack of information provided to the USA government left them with little time to prepare fixes for many government computers. In fact, some U.S. agencies were "clued in" by public reports, not any kind of pre-disclosure notification process.

A spokeswoman for Alibaba's cloud unit declined to tell the newspaper when Intel notified them of the flaws, while stating that any suggestion that the company shared information with the Chinese government was "speculative and baseless".

ZDNet reports that Intel CEO Brian Krzanich said last week that the manufacturer would "restore confidence in data security with customer-first urgency, transparent, and timely communication".

But just a day after downplaying the performance impact of its firmware changes, Intel acknowledged the reboot problem, saying then that it had received reports from only "a few customers". The 2008 Atom, based on the Bonnell microarchitecture, might not be, since it decodes and mostly executes native x86 instructions, but that's a bit of an outlier.

In an interview with The Wall Street Journal, security researcher Jake Williams called it a "near certainty" that the Chinese government knew of the flaws before they were made public. AMD has also experienced its own issues, with Microsoft earlier having to withdraw the AMD patches from Windows Update after they bricked machines.

What's worse than the chip flaws that leak sensitive information?

Intel has been making headlines as a chipset flaw named as Meltdown and Spectre have been creating major security issues on all computer platforms including Windows, Linux, and macOS. Neither did Rackspace or DigitalOcean. Has anybody talked to them and told them they are f*cking insane?

An official at the US Department of Homeland Security, which runs US CERT, said it only learned of the processor vulnerabilities from early news reports.

As per the report, initial disclosures about the vulnerabilities were made to select large customers that included USA companies such as Microsoft and Amazon, but also foreign companies such as ARM Holdings in the United Kingdom, along with Lenovo and Alibaba in China.

A comparison between Meltdown and Spectre.

Thus far, there is no evidence the information Intel was sharing was misused, but this still seems to have been an odd decision of Intel's on who to notify and when.



© 2015 Leader Call. All Rights reserved.