Yesterday we reported that the flaw appeared to be in the Intel x86 hardware, and a microcode update can't address it. It allows normal user programs to snuffle the contents of protected kernel memory. The fix is to separate the kernel's memory entirely from user processes using what's called Kernel Page Table Isolation, or KPTI. But this will slow things down a lot.
Chipzilla has been in touch denying everything. It says that it has been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
A Chipzilla spokesperson said that reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems -- are susceptible to these exploits.
"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the spokesChipzilla said.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
The comments did not mention anything about possible patches causing slow downs so we will have to see what benchmarks are published when the Windows patch comes out.