Published in PC Hardware

Microsoft and Google find new CPU bug

by on22 May 2018


Fix will slow you down even more

Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year.

Dubbed the Speculative Store Bypass (variant 4), the latest vulnerability is similar to Spectre and exploits the speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year. Unlike Meltdown - and more like Spectre - this new vulnerability harms firmware updates for CPUs and could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks.

The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won't see negative performance impacts.

Intel's security chief Leslie Culbertson warns that the patches will result in a performance impact of approximately two to eight percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems.

Users, and particularly system administrators, will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and  this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.

Last modified on 22 May 2018
Rate this item
(0 votes)

Read more about: