• ‘Fundamental’ Security Flaw With Modern Intel Chips Forcing Windows, Mac, and Linux Updates [UPDATE]

    by | @brandonorselli on January 2, 2018 at 11:50 PM, EDT

    This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech and gaming industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!

    [UPDATE 01/04/18 at 10 AM, EST]

    A multitude of affected parties, including the culprit, Intel themselves, have officially acknowledge what is now being called the “Meltdown” CPU security flaw.

    Here’s the press releases thus far:

    [ORIGINAL STORY]

    We’ve learned (via TheRegister.co.uk) that a ‘fundamental’ design flaw has been discovered to affect most modern Intel processor chips with a potential memory leak/exploit, forcing operating system developers to scramble and plug the newly discovered hole.

    The security bug is said to open the door to exploits or hackers to other security bugs, and at the very worst, gain access to the Windows and Linux kernel memory. This means unpatched, this security flaw could provide access to passwords, files cached from a hard disk, login keys, and more.

    The bug is said to be affecting all Intel processors manufactured in the past decade, and allows normal user programs – from database applications to even JavaScript in your web browser, to sniff out the layout and even contents of protected kernel memory regions.

    Linux programmers are already working to overhaul open-source Linux-based kernel memory systems, while Microsoft is expect to publicly introduce changes to their Windows operating system(s) with an upcoming fix on Patch Tuesday (the changes were seeded to beta testers running Windows Insider builds previously in November and December of 2017).

    Competitor AMD was quick to point out that their own processors are not affected by this sort of exploit:

    AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

    The necessary fix will negatively affect performance on Intel-based products. Current benchmarks running the fix are estimating a 5% to 30% slowdown, depending on the involved task sequence and your processor model. Recent Intel chipsets have features to help mitigate a performance hit.

    Apple’s walled garden macOS is also expected to be overhauled as well – initial judgement points to their Intel chipsets being unable to get patched with microcode. This means the fix needs to happen at the OS level, or you need a new processor altogether.

    While details regarding the vulnerability are tightly under wraps due to embargo expected to be lifted early this month, we should know about it around Microsoft’s next Patch Tuesday. Patches for Linux are already available, however comments in the code regarding the issue are redacted.

    We’ll update this article as more information is found.

    Brandon Orselli

    About

    Big Papa Overlord at Niche Gamer. Italian. Dad. Outlaw fighting for a better game industry. I also write about music, food, & beer. Also an IT guy.