'Fundamental' Security Flaw With Modern Intel Chips Forcing Windows, Mac, and Linux Updates [UPDATE]

This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech and gaming industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!

[UPDATE 01/04/18 at 10 AM, EST]

A multitude of affected parties, including the culprit, Intel themselves, have officially acknowledge what is now being called the “Meltdown” CPU security flaw.

Here’s the press releases thus far:

[ORIGINAL STORY]

We’ve learned (via TheRegister.co.uk) that a ‘fundamental’ design flaw has been discovered to affect most modern Intel processor chips with a potential memory leak/exploit, forcing operating system developers to scramble and plug the newly discovered hole.

The security bug is said to open the door to exploits or hackers to other security bugs, and at the very worst, gain access to the Windows and Linux kernel memory. This means unpatched, this security flaw could provide access to passwords, files cached from a hard disk, login keys, and more.

The bug is said to be affecting all Intel processors manufactured in the past decade, and allows normal user programs – from database applications to even JavaScript in your web browser, to sniff out the layout and even contents of protected kernel memory regions.

Linux programmers are already working to overhaul open-source Linux-based kernel memory systems, while Microsoft is expect to publicly introduce changes to their Windows operating system(s) with an upcoming fix on Patch Tuesday (the changes were seeded to beta testers running Windows Insider builds previously in November and December of 2017).

Competitor AMD was quick to point out that their own processors are not affected by this sort of exploit:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

The necessary fix will negatively affect performance on Intel-based products. Current benchmarks running the fix are estimating a 5% to 30% slowdown, depending on the involved task sequence and your processor model. Recent Intel chipsets have features to help mitigate a performance hit.

Apple’s walled garden macOS is also expected to be overhauled as well – initial judgement points to their Intel chipsets being unable to get patched with microcode. This means the fix needs to happen at the OS level, or you need a new processor altogether.

While details regarding the vulnerability are tightly under wraps due to embargo expected to be lifted early this month, we should know about it around Microsoft’s next Patch Tuesday. Patches for Linux are already available, however comments in the code regarding the issue are redacted.

We’ll update this article as more information is found.

intel

Owner and Publisher at Niche Gamer and Nicchiban. Outlaw fighting for a better game industry. Pronouns: Patriarch, Guido, Olive.

76 comments

Morlab
January 3, 2018 at 12:04 am

This is, no joke, one of the biggest issues to come about with computer hardware ever. Every system with an intel is just easily opened to anyone who knows the exploit prior to the kernal rewrites, and this has been a thing for over a decade. The predicted performance hits sources are citing currently on windows after the patch is pushed is going to be 15 to 30% CPU performance loss. Linux sounds like it’s benchmarking better on it’s workaround but nothing concrete yet.

So everyone who refuses to get updates and has an intel is just going to have a computer wide open for attack, and anyone who actually gets the patch is going to have a worse performing system overall. Intel is going to burn hard for this.
Uncle Ocelot
January 3, 2018 at 12:05 am

Sweet Jesus, what a colossal disaster.
Anon_Amous
January 3, 2018 at 12:07 am

I guess there is such a thing that could get me to switch to AMD.
OldPalpy
January 3, 2018 at 12:19 am

This is gonna make RROD and exploding Samsung phones look like a minor fuckup.
Anon630
January 3, 2018 at 12:21 am

Well, good thing I didn’t spend my cash this holiday. Now it’s just a matter of what to do with the old parts since I doubt anyone’s gonna’ want them now.
sanic
January 3, 2018 at 12:54 am

AMD heavy computers win again https://uploads.disquscdn.com/images/664176b16a439021f1fd9165363bdca227c4a680bcace5fe557f9120771f563b.jpg
Anon_Amous
January 3, 2018 at 12:59 am

Gaming seems relatively unaffected (on Linux benchmarks)

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

Still, this is a great reason for me to pick AMD next time. Maybe Intel can be shamed into providing better security. Probably not though.
Uncle Ocelot
January 3, 2018 at 1:01 am

I’m feeling quite relieved that I was a poorfag and went with AMD cause it was cheaper.
Captain Vidya
January 3, 2018 at 1:07 am

And 2018’s off to a fan-fucking-tastic start.
No_Good_Names_Ever
January 3, 2018 at 1:22 am

First they get outskilled by AMD, then the thing they rushed out in retaliation steals the house fire title away from Nvidia, and now this; outsourcing to India was such a great idea.
iswear12
January 3, 2018 at 1:45 am

>Recent Intel chipsets have features to help mitigate a performance hit.
The same chipsets that all but force you to use Windows fucking 10
FUCK INTEL AND FUCK MICROSOFT
If I recall correctly Intel also gave a shit-ton of money to that scam artist Anita as well; that money could’ve gone to its customers as a partial refund for this absolute BULLSHIT
Gonna strive to never buy an Intel product again. I wish there were more CPU manufacturers because AMD is kinda bad, even their Ryzen ones are disappointing (though a welcome upgrade from their absolute stagnation before). I’ll fucking use them if I have to even if they’re not much better than Intel in terms of ethics, I might as well because there’s very few fucking options
Fucking hell this pisses me OFF
Kuraudo
January 3, 2018 at 2:22 am

Can you elabirate? I have a current-gen, amd-powered rig running windows 10. Ryzen outperformed the intel chips when built it.
Kuraudo
January 3, 2018 at 2:24 am

Wow, haha glad my gaming rigs made the jump to amd’s ryzen, but my work machines are all going to be painful to use after this haha.
Hubbles
January 3, 2018 at 2:35 am

i really really hope this wont affect gaming performance too much (early benchmarks indicate it wont) but this is horrible.

i cant even afford/dont want to buy a new cpu right now. ram prices are still through the roof and my 4690k has been doing a great job until now.

i was hoping itd last at least another year…
iswear12
January 3, 2018 at 3:11 am

I’d heard that the benchmarks for single thread performance (basically one of the more important benchmarks for pure vidya) that Ryzen was still worse than Intel at a higher price point iirc
Was a while ago though, so maybe I’m wrong or misinformed or that’s changed since then
If it has, I’d be pleasantly surprised but I still don’t think too highly of them, just more than Intel
vonSanneck
January 3, 2018 at 3:57 am

btw, this is worse for data centers. Remember 2 things:
– Intel marketers told server people that they are more reliable than AMD
– Intel CEO sold all his company stocks prior to this coming out

I expect their main market, the server space & high workload computing, to be livid at this announcement, due to their buying habits of going with 2 year old architectures for stability reasons.
vonSanneck
January 3, 2018 at 3:59 am

look to a 2019 upgrade path and save accordingly. That’s what I’m doing (4790K user).
Migi
January 3, 2018 at 4:44 am

So glad i went with AMD with my new Gaming PC!!!
Caffeine_Addicts_Anonymous
January 3, 2018 at 4:49 am

Well, can’t exactly replace my laptop’s processor with a competitor’s easily. What a shame. The thing can barely handle the lower-requirement indies, like Transistor and Stardew Valley, so I’m somewhat dreading that expected performance hit. At least I didn’t store any passwords, personal shit, or potentially troublesome photos on there, I guess.
Just Screaming
January 3, 2018 at 4:52 am

I am so fucked.
VersVlees
January 3, 2018 at 5:38 am

Yeah I kinda miss Cyrix who back in the day also had X86 cpu’s next to AMD and Intel. Ok they weren’t the hottest stuff on the market but at least it was another competitor.
VersVlees
January 3, 2018 at 5:50 am

Recently my mobo broke down and normally I just buy new generation mobo cpu and ram.(4670K here)

However, due the ram prices, limited availability of the new generation intel CPU’s and mobo’s I too gonna wait for 2019.

In the mean time I bought a cheap H81 mini ITX board to pass this year’s generation. I’m glad you can last longer with CPU’s now without running into a performance wall after so many generations.
Gigaknight
January 3, 2018 at 6:02 am

Diversity Inside®.

It’s why I’m not surprised. Just look at Google, and how they’ve been screwing up while putting Diversity℠ on a pedestal.
Eldhin Shichiou
January 3, 2018 at 8:56 am

AMD FTW
Cerea
January 3, 2018 at 9:51 am

PC gaming master race
chaoguy
January 3, 2018 at 10:10 am

If the guy sold his stocks like the Equifax guy- I’m shocked no one has taken him to court over insider trading or whatever. Intel is big, but not as big as Equifax to just ignore the law.
chaoguy
January 3, 2018 at 10:13 am

AMD isn’t free of sin either:
https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/ “AMD Unlikely To Devote Resources To DX9 Titles That Don’t Work With Adrenalin, Says Tech Support”.
Intel leaves your system unsafe, AMD won’t support old games, and NVidia sometimes sell cards with less RAM than advertized.
All 3 of the major processor and graphic card companies are anti-consumer. Buy second hand if you can, disable updates, keep your gaming PC offline, or pick your least-worse poison.
If nothing else, Intel is the greater of 3 evils.

EDIT: Sorry to post this to other people as well, want to make sure everyone is informed rather than rushing blindly into something that doesn’t work the way they want either.
chaoguy
January 3, 2018 at 10:14 am

Some older games might have issues: https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/
chaoguy
January 3, 2018 at 10:14 am

Hold fire just for now: https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/
chaoguy
January 3, 2018 at 10:16 am

Never fanboy for people who want to sell you stuff: https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/
chaoguy
January 3, 2018 at 10:17 am

Take your PC offline, or talk to more tech-savvy websites and see if a work-around is introduced that doesn’t bloat your system.
chaoguy
January 3, 2018 at 10:17 am

Might want to downgrade to Crimson Drivers if you play older vidya: https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/
Bitterbear
January 3, 2018 at 10:31 am

AssCreed relies on Denuvo on VMProtect. Someone should do some benchmarks on that game to see how it fares with a patched OS.
Bitterbear
January 3, 2018 at 10:37 am

I guess there’s no need for Apple to throttle down performance on the next software upgrade.
Bitterbear
January 3, 2018 at 10:38 am

AMD CPUs and nVidia GPUs for the win.
alterku
January 3, 2018 at 10:51 am

Came here to see if AMD’s sins were exposed too. Both options are shit for different reasons now.
Eldhin Shichiou
January 3, 2018 at 11:05 am

yeah, that’s serious bullshit too indeed
Migi
January 3, 2018 at 11:09 am

Isn’t this more about their graphics cards? cause my graphics card isn’t AMD its a ASUS ROG strix 1080ti
JellyfishMonarch
January 3, 2018 at 11:50 am

https://twitter.com/CatalystMaker/status/948224999726501890

looks like they do plan to fix that problem
bimmyz
January 3, 2018 at 11:58 am

i had a great run with my intel cpu, as long as the gaming performance doesn’t take a huge hit, im fine with it also, i think this might be manufactured crisis in order to sell new intel cpu’s, because even older cpu’s some i5’s still hold up pretty nicely nowadays.
Anon_Amous
January 3, 2018 at 12:08 pm

“pick your least-worse poison.”

For sure, at the end of the day I would like to be able to run a rig though so I gotta drink one of these hemlocks.
grgspunk
January 3, 2018 at 12:41 pm

Nvidia GTX GPUs FTW.
Mechonis
January 3, 2018 at 1:01 pm

Huh. I see

*switches PC build from Intel to AMD CPU*

Good thing this happened before I started buying
Riosine
January 3, 2018 at 1:01 pm

Yay, Codes , can be sneak into Intel cpu execution tables to tell the power supply to melt everything else, from a malware, and eventually the Cpu will pick it and execute them, Best exploit ever
Cats736
January 3, 2018 at 1:19 pm

Glad I went with Ryzen.
malbhet
January 3, 2018 at 1:35 pm

So glad I bought the 1950x threadripper this past black friday, this news confirms I made the right choice.
Marc Duarte
January 3, 2018 at 3:10 pm

My old but dependable i3 will be six years old in March, so I won’t even bother with the patch. My next one will probably be an AMD though, because all I’m interested in playing are my Japanese games on Steam, and those don’t need the best hardware to run smooth, like those AAA Western titles,
2501
January 3, 2018 at 3:55 pm

I have an i5 so….. fuck.
Exien
January 3, 2018 at 5:39 pm

This was said my someone who has no knowledge about these things.
Casey
January 3, 2018 at 5:54 pm

That’s for their video cards, not cpus.
AnarKreig
January 3, 2018 at 5:57 pm

Hahaha. Fuck, I was looking to construct a new PC around christmas, but decided to wait because ram sticks are far too expensive right now. I had pondered to get Ryzen, because you get more performance for your money, but decided not to because of the lower performance than intel CPU’s, but now with performance lost of 15-30% I’m gonna have to get it. This is the first time I’ll be using anything AMD in over a decade.
RichardGristle
January 3, 2018 at 8:35 pm

The fuck does this have to do with gaming? It affects phones and tablets too lmao
RichardGristle
January 3, 2018 at 8:51 pm

You AMD people have not read very well into this.

Better keep up to date and make sure you’re patched, because some of this DOES affect AMD.
reblinds
January 3, 2018 at 10:18 pm

PC gamers btfo yet again, maybe don’t support an Israeli company next time.
sanic
January 3, 2018 at 10:26 pm

No we were both just smart and savvy enough to know about the dangers of intel.
blacksun
January 3, 2018 at 11:57 pm

Well shit, how “modern” are we talking? My computer has a i3-2120 cpu. Got it like around 6 years ago.
David Curry
January 4, 2018 at 9:20 am

Should be noted (article should be updated) that AMD and ARM are also vulnerable.
alterku
January 4, 2018 at 10:48 am

I’ll believe it when I see it. The last time I tried to update my graphics drivers they removed vital options from the client (setting primary display amongst others). Ever since I had to rollback I haven’t bothered again.
Morlab
January 4, 2018 at 3:39 pm

— To an entirely diffrent exploit. The Intel specific one is being referred to as “Meltdown” whereas the exploit you are talking about is “Spectre” and spectre is the even bigger issue being brought up now as it affects all CPUs currently in use because it’s an outright issue with current architecture.
Spectre can’t be worked around on modern systems, and it can’t be detected. The hardware industry will need to go back and rebuild and research an entirely new architecture mindset going forward, and you probably won’t see anything new for nearly a decade.

When the intel exploit got announced it was the worst, but now spectre being discussed right after it is absolutely the worst thing to happen to the industry as every last system using a CPU made from the mid 90’s going forward is now compromised and there’s no safety net or workaround for it.
chaoguy
January 4, 2018 at 4:12 pm

My bad, sorry.
chaoguy
January 4, 2018 at 4:13 pm

If the issue is online, take your gaming PC offline. It’s not even that daft. Just plug it in if you need to make an online purchase, never visit websites, and just use a cheap & nasty laptop for videos and browsing.
chaoguy
January 4, 2018 at 4:13 pm

Yeah, OneAngryGamer has a story on it. Just have I posted that link to like, everyone.
chaoguy
January 4, 2018 at 4:14 pm

Yeah, didn’t realize. CEO also said they were gonna do a fix, CC: One Angry Gamer.
chaoguy
January 4, 2018 at 4:14 pm

AMD is fixing this issue now (according to the CEO via One Angry Gamer), but AMD had other sins IIRC?
chaoguy
January 4, 2018 at 4:15 pm

Not even a bad idea TBH.
Top it off with Linux Mint with Wine or Windows 7 and all the telemetry removed and you’re golden.
Migi
January 4, 2018 at 4:16 pm

No worries. Internet facts always change every second.
RichardGristle
January 4, 2018 at 10:50 pm

I bet you feel as retarded as you sound right about now.
reblinds
January 4, 2018 at 11:44 pm

Lol the 30% is trying to talk to me
alterku
January 5, 2018 at 11:03 am

As it stands it’s still broken. I’ll maintain my position until/if they fix their mistake. As for other sins? The only other one I got caught on way back when was the multiple core meme; developers are too lazy to take advantage of them so AMD will always lag until they can fix their single/double thread output.
Nagato
January 5, 2018 at 1:10 pm

Except he cooperated with the NSA and such all along, so he has nothing to worry about at all; for all intents and purposes, the guy has legal immunity.
Kakaku
January 5, 2018 at 10:44 pm

Seems the patch has more of an effect on CPUs doing server work than anything else. Gaming is more or less the same.
https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/#commentsOffset
Kakaku
January 5, 2018 at 10:51 pm

Still wouldn’t buy yet. AMD has a similar issue with Specter. Prices on all CPUs could potentially drop soon and be free of any issue.
Kakaku
January 5, 2018 at 11:09 pm

About 10 years, maybe 20 years. Depending on what you use your computer for you might have no performance issues, but considering the age of your computer you should still wait until older benchmarks are release just to make sure.
Kakaku
January 5, 2018 at 11:10 pm

I’d wait even longer. With the Specter and Meltdown mess right now I have a feel that CPU prices across the board should be going down.
RichardGristle
January 8, 2018 at 12:17 am

I don’t know what retarded shit you’re spouting, but I hope your phone – oh I mean “gaming PC”, apparently, is updated!

Or don’t, and get fucked :P
Anon_Amous
January 8, 2018 at 4:55 pm

Well I don’t actually care too much in the first place. 30% is a major hit but I’ve yet to get the Windows patch for this issue so I have no clue what the impact will be.

What you’re talking about is exactly what I would do if I was more concerned about it.

About Brandon Orselli

76 comments

Morlab

Uncle Ocelot

Anon_Amous

OldPalpy

Anon630

sanic

Anon_Amous

Uncle Ocelot

Captain Vidya

No_Good_Names_Ever

iswear12

Kuraudo

Kuraudo

Hubbles

iswear12

vonSanneck

vonSanneck

Migi

Caffeine_Addicts_Anonymous

Just Screaming

VersVlees

VersVlees

Gigaknight

Eldhin Shichiou

Cerea

chaoguy

chaoguy

chaoguy

chaoguy

chaoguy

chaoguy

chaoguy

Bitterbear

Bitterbear

Bitterbear

alterku

Eldhin Shichiou

Migi

JellyfishMonarch

bimmyz

Anon_Amous

grgspunk

Mechonis

Riosine

Cats736

malbhet

Marc Duarte

2501

Exien

Casey

AnarKreig

RichardGristle

RichardGristle

reblinds

sanic

blacksun

David Curry

alterku

Morlab

chaoguy

chaoguy

chaoguy

chaoguy

chaoguy

chaoguy

Migi

RichardGristle

reblinds

alterku

Nagato

Kakaku

Kakaku

Kakaku

Kakaku

RichardGristle

Anon_Amous