‘Fundamental’ Security Flaw With Modern Intel Chips Forcing Windows, Mac, and Linux Updates [UPDATE]

This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech and gaming industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!

[UPDATE 01/04/18 at 10 AM, EST]

A multitude of affected parties, including the culprit, Intel themselves, have officially acknowledge what is now being called the “Meltdown” CPU security flaw.

Here’s the press releases thus far:

[ORIGINAL STORY]

We’ve learned (via TheRegister.co.uk) that a ‘fundamental’ design flaw has been discovered to affect most modern Intel processor chips with a potential memory leak/exploit, forcing operating system developers to scramble and plug the newly discovered hole.

The security bug is said to open the door to exploits or hackers to other security bugs, and at the very worst, gain access to the Windows and Linux kernel memory. This means unpatched, this security flaw could provide access to passwords, files cached from a hard disk, login keys, and more.

The bug is said to be affecting all Intel processors manufactured in the past decade, and allows normal user programs – from database applications to even JavaScript in your web browser, to sniff out the layout and even contents of protected kernel memory regions.

Linux programmers are already working to overhaul open-source Linux-based kernel memory systems, while Microsoft is expect to publicly introduce changes to their Windows operating system(s) with an upcoming fix on Patch Tuesday (the changes were seeded to beta testers running Windows Insider builds previously in November and December of 2017).

Competitor AMD was quick to point out that their own processors are not affected by this sort of exploit:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

The necessary fix will negatively affect performance on Intel-based products. Current benchmarks running the fix are estimating a 5% to 30% slowdown, depending on the involved task sequence and your processor model. Recent Intel chipsets have features to help mitigate a performance hit.

Apple’s walled garden macOS is also expected to be overhauled as well – initial judgement points to their Intel chipsets being unable to get patched with microcode. This means the fix needs to happen at the OS level, or you need a new processor altogether.

While details regarding the vulnerability are tightly under wraps due to embargo expected to be lifted early this month, we should know about it around Microsoft’s next Patch Tuesday. Patches for Linux are already available, however comments in the code regarding the issue are redacted.

We’ll update this article as more information is found.

Brandon Orselli

About

Big Papa Overlord at Niche Gamer. Italian. Dad. Outlaw fighting for a better game industry. I also write about music, food, & beer. Also an IT guy.

  • Morlab

    This is, no joke, one of the biggest issues to come about with computer hardware ever. Every system with an intel is just easily opened to anyone who knows the exploit prior to the kernal rewrites, and this has been a thing for over a decade. The predicted performance hits sources are citing currently on windows after the patch is pushed is going to be 15 to 30% CPU performance loss. Linux sounds like it’s benchmarking better on it’s workaround but nothing concrete yet.

    So everyone who refuses to get updates and has an intel is just going to have a computer wide open for attack, and anyone who actually gets the patch is going to have a worse performing system overall. Intel is going to burn hard for this.

  • Uncle Ocelot

    Sweet Jesus, what a colossal disaster.

  • Anon_Amous

    I guess there is such a thing that could get me to switch to AMD.

  • OldPalpy

    This is gonna make RROD and exploding Samsung phones look like a minor fuckup.

  • Anon630

    Well, good thing I didn’t spend my cash this holiday. Now it’s just a matter of what to do with the old parts since I doubt anyone’s gonna’ want them now.

  • sanic
  • Anon_Amous

    Gaming seems relatively unaffected (on Linux benchmarks)

    https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

    Still, this is a great reason for me to pick AMD next time. Maybe Intel can be shamed into providing better security. Probably not though.

  • Uncle Ocelot

    I’m feeling quite relieved that I was a poorfag and went with AMD cause it was cheaper.

  • Captain Vidya

    And 2018’s off to a fan-fucking-tastic start.

  • No_Good_Names_Ever

    First they get outskilled by AMD, then the thing they rushed out in retaliation steals the house fire title away from Nvidia, and now this; outsourcing to India was such a great idea.

  • iswear12

    >Recent Intel chipsets have features to help mitigate a performance hit.
    The same chipsets that all but force you to use Windows fucking 10
    FUCK INTEL AND FUCK MICROSOFT
    If I recall correctly Intel also gave a shit-ton of money to that scam artist Anita as well; that money could’ve gone to its customers as a partial refund for this absolute BULLSHIT
    Gonna strive to never buy an Intel product again. I wish there were more CPU manufacturers because AMD is kinda bad, even their Ryzen ones are disappointing (though a welcome upgrade from their absolute stagnation before). I’ll fucking use them if I have to even if they’re not much better than Intel in terms of ethics, I might as well because there’s very few fucking options
    Fucking hell this pisses me OFF

  • Kuraudo

    Can you elabirate? I have a current-gen, amd-powered rig running windows 10. Ryzen outperformed the intel chips when built it.

  • Kuraudo

    Wow, haha glad my gaming rigs made the jump to amd’s ryzen, but my work machines are all going to be painful to use after this haha.

  • Hubbles

    i really really hope this wont affect gaming performance too much (early benchmarks indicate it wont) but this is horrible.

    i cant even afford/dont want to buy a new cpu right now. ram prices are still through the roof and my 4690k has been doing a great job until now.

    i was hoping itd last at least another year…

  • iswear12

    I’d heard that the benchmarks for single thread performance (basically one of the more important benchmarks for pure vidya) that Ryzen was still worse than Intel at a higher price point iirc
    Was a while ago though, so maybe I’m wrong or misinformed or that’s changed since then
    If it has, I’d be pleasantly surprised but I still don’t think too highly of them, just more than Intel

  • vonSanneck

    btw, this is worse for data centers. Remember 2 things:
    – Intel marketers told server people that they are more reliable than AMD
    – Intel CEO sold all his company stocks prior to this coming out

    I expect their main market, the server space & high workload computing, to be livid at this announcement, due to their buying habits of going with 2 year old architectures for stability reasons.

  • vonSanneck

    look to a 2019 upgrade path and save accordingly. That’s what I’m doing (4790K user).

  • Migi

    So glad i went with AMD with my new Gaming PC!!!

  • Caffeine_Addicts_Anonymous

    Well, can’t exactly replace my laptop’s processor with a competitor’s easily. What a shame. The thing can barely handle the lower-requirement indies, like Transistor and Stardew Valley, so I’m somewhat dreading that expected performance hit. At least I didn’t store any passwords, personal shit, or potentially troublesome photos on there, I guess.

  • Just Screaming

    I am so fucked.

  • VersVlees

    Yeah I kinda miss Cyrix who back in the day also had X86 cpu’s next to AMD and Intel. Ok they weren’t the hottest stuff on the market but at least it was another competitor.

  • VersVlees

    Recently my mobo broke down and normally I just buy new generation mobo cpu and ram.(4670K here)

    However, due the ram prices, limited availability of the new generation intel CPU’s and mobo’s I too gonna wait for 2019.

    In the mean time I bought a cheap H81 mini ITX board to pass this year’s generation. I’m glad you can last longer with CPU’s now without running into a performance wall after so many generations.

  • Gigaknight

    Diversity Inside®.

    It’s why I’m not surprised. Just look at Google, and how they’ve been screwing up while putting Diversity℠ on a pedestal.

  • Eldhin Shichiou

    AMD FTW

  • Cerea

    PC gaming master race

  • chaoguy

    If the guy sold his stocks like the Equifax guy- I’m shocked no one has taken him to court over insider trading or whatever. Intel is big, but not as big as Equifax to just ignore the law.

  • chaoguy

    AMD isn’t free of sin either:
    https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/ “AMD Unlikely To Devote Resources To DX9 Titles That Don’t Work With Adrenalin, Says Tech Support”.
    Intel leaves your system unsafe, AMD won’t support old games, and NVidia sometimes sell cards with less RAM than advertized.
    All 3 of the major processor and graphic card companies are anti-consumer. Buy second hand if you can, disable updates, keep your gaming PC offline, or pick your least-worse poison.
    If nothing else, Intel is the greater of 3 evils.

    EDIT: Sorry to post this to other people as well, want to make sure everyone is informed rather than rushing blindly into something that doesn’t work the way they want either.

  • chaoguy
  • chaoguy
  • chaoguy
  • chaoguy

    Take your PC offline, or talk to more tech-savvy websites and see if a work-around is introduced that doesn’t bloat your system.

  • chaoguy
  • Bitterbear

    AssCreed relies on Denuvo on VMProtect. Someone should do some benchmarks on that game to see how it fares with a patched OS.

  • Bitterbear

    I guess there’s no need for Apple to throttle down performance on the next software upgrade.

  • Bitterbear

    AMD CPUs and nVidia GPUs for the win.

  • alterku

    Came here to see if AMD’s sins were exposed too. Both options are shit for different reasons now.

  • Eldhin Shichiou

    yeah, that’s serious bullshit too indeed

  • Migi

    Isn’t this more about their graphics cards? cause my graphics card isn’t AMD its a ASUS ROG strix 1080ti

  • JellyfishMonarch

    https://twitter.com/CatalystMaker/status/948224999726501890

    looks like they do plan to fix that problem

  • bimmyz

    i had a great run with my intel cpu, as long as the gaming performance doesn’t take a huge hit, im fine with it also, i think this might be manufactured crisis in order to sell new intel cpu’s, because even older cpu’s some i5’s still hold up pretty nicely nowadays.

  • Anon_Amous

    “pick your least-worse poison.”

    For sure, at the end of the day I would like to be able to run a rig though so I gotta drink one of these hemlocks.

  • grgspunk

    Nvidia GTX GPUs FTW.

  • Mechonis

    Huh. I see

    *switches PC build from Intel to AMD CPU*

    Good thing this happened before I started buying

  • Riosine

    Yay, Codes , can be sneak into Intel cpu execution tables to tell the power supply to melt everything else, from a malware, and eventually the Cpu will pick it and execute them, Best exploit ever

  • Cats736

    Glad I went with Ryzen.

  • malbhet

    So glad I bought the 1950x threadripper this past black friday, this news confirms I made the right choice.

  • Marc Duarte

    My old but dependable i3 will be six years old in March, so I won’t even bother with the patch. My next one will probably be an AMD though, because all I’m interested in playing are my Japanese games on Steam, and those don’t need the best hardware to run smooth, like those AAA Western titles,

  • 2501

    I have an i5 so….. fuck.

  • Exien

    This was said my someone who has no knowledge about these things.

  • Casey

    That’s for their video cards, not cpus.

  • AnarKreig

    Hahaha. Fuck, I was looking to construct a new PC around christmas, but decided to wait because ram sticks are far too expensive right now. I had pondered to get Ryzen, because you get more performance for your money, but decided not to because of the lower performance than intel CPU’s, but now with performance lost of 15-30% I’m gonna have to get it. This is the first time I’ll be using anything AMD in over a decade.

  • RichardGristle

    The fuck does this have to do with gaming? It affects phones and tablets too lmao

  • RichardGristle

    You AMD people have not read very well into this.

    Better keep up to date and make sure you’re patched, because some of this DOES affect AMD.

  • reblinds

    PC gamers btfo yet again, maybe don’t support an Israeli company next time.

  • sanic

    No we were both just smart and savvy enough to know about the dangers of intel.

  • blacksun

    Well shit, how “modern” are we talking? My computer has a i3-2120 cpu. Got it like around 6 years ago.

  • David Curry

    Should be noted (article should be updated) that AMD and ARM are also vulnerable.

  • alterku

    I’ll believe it when I see it. The last time I tried to update my graphics drivers they removed vital options from the client (setting primary display amongst others). Ever since I had to rollback I haven’t bothered again.

  • Morlab

    — To an entirely diffrent exploit. The Intel specific one is being referred to as “Meltdown” whereas the exploit you are talking about is “Spectre” and spectre is the even bigger issue being brought up now as it affects all CPUs currently in use because it’s an outright issue with current architecture.
    Spectre can’t be worked around on modern systems, and it can’t be detected. The hardware industry will need to go back and rebuild and research an entirely new architecture mindset going forward, and you probably won’t see anything new for nearly a decade.

    When the intel exploit got announced it was the worst, but now spectre being discussed right after it is absolutely the worst thing to happen to the industry as every last system using a CPU made from the mid 90’s going forward is now compromised and there’s no safety net or workaround for it.

  • chaoguy

    My bad, sorry.

  • chaoguy

    If the issue is online, take your gaming PC offline. It’s not even that daft. Just plug it in if you need to make an online purchase, never visit websites, and just use a cheap & nasty laptop for videos and browsing.

  • chaoguy

    Yeah, OneAngryGamer has a story on it. Just have I posted that link to like, everyone.

  • chaoguy

    Yeah, didn’t realize. CEO also said they were gonna do a fix, CC: One Angry Gamer.

  • chaoguy

    AMD is fixing this issue now (according to the CEO via One Angry Gamer), but AMD had other sins IIRC?

  • chaoguy

    Not even a bad idea TBH.
    Top it off with Linux Mint with Wine or Windows 7 and all the telemetry removed and you’re golden.

  • Migi

    No worries. Internet facts always change every second.

  • RichardGristle

    I bet you feel as retarded as you sound right about now.

  • reblinds

    Lol the 30% is trying to talk to me

  • alterku

    As it stands it’s still broken. I’ll maintain my position until/if they fix their mistake. As for other sins? The only other one I got caught on way back when was the multiple core meme; developers are too lazy to take advantage of them so AMD will always lag until they can fix their single/double thread output.

  • Nagato

    Except he cooperated with the NSA and such all along, so he has nothing to worry about at all; for all intents and purposes, the guy has legal immunity.

  • Kakaku

    Seems the patch has more of an effect on CPUs doing server work than anything else. Gaming is more or less the same.
    https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/#commentsOffset

  • Kakaku

    Still wouldn’t buy yet. AMD has a similar issue with Specter. Prices on all CPUs could potentially drop soon and be free of any issue.

  • Kakaku

    About 10 years, maybe 20 years. Depending on what you use your computer for you might have no performance issues, but considering the age of your computer you should still wait until older benchmarks are release just to make sure.

  • Kakaku

    I’d wait even longer. With the Specter and Meltdown mess right now I have a feel that CPU prices across the board should be going down.

  • RichardGristle

    I don’t know what retarded shit you’re spouting, but I hope your phone – oh I mean “gaming PC”, apparently, is updated!

    Or don’t, and get fucked :P

  • Anon_Amous

    Well I don’t actually care too much in the first place. 30% is a major hit but I’ve yet to get the Windows patch for this issue so I have no clue what the impact will be.

    What you’re talking about is exactly what I would do if I was more concerned about it.