Quantcast

‘Fundamental’ Security Flaw With Modern Intel Chips Forcing Windows, Mac, and Linux Updates [UPDATE]

This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech and gaming industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!

[UPDATE 01/04/18 at 10 AM, EST]

A multitude of affected parties, including the culprit, Intel themselves, have officially acknowledge what is now being called the “Meltdown” CPU security flaw.

Here’s the press releases thus far:

[ORIGINAL STORY]

We’ve learned (via TheRegister.co.uk) that a ‘fundamental’ design flaw has been discovered to affect most modern Intel processor chips with a potential memory leak/exploit, forcing operating system developers to scramble and plug the newly discovered hole.

The security bug is said to open the door to exploits or hackers to other security bugs, and at the very worst, gain access to the Windows and Linux kernel memory. This means unpatched, this security flaw could provide access to passwords, files cached from a hard disk, login keys, and more.

The bug is said to be affecting all Intel processors manufactured in the past decade, and allows normal user programs – from database applications to even JavaScript in your web browser, to sniff out the layout and even contents of protected kernel memory regions.

Linux programmers are already working to overhaul open-source Linux-based kernel memory systems, while Microsoft is expect to publicly introduce changes to their Windows operating system(s) with an upcoming fix on Patch Tuesday (the changes were seeded to beta testers running Windows Insider builds previously in November and December of 2017).

Competitor AMD was quick to point out that their own processors are not affected by this sort of exploit:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

The necessary fix will negatively affect performance on Intel-based products. Current benchmarks running the fix are estimating a 5% to 30% slowdown, depending on the involved task sequence and your processor model. Recent Intel chipsets have features to help mitigate a performance hit.

Apple’s walled garden macOS is also expected to be overhauled as well – initial judgement points to their Intel chipsets being unable to get patched with microcode. This means the fix needs to happen at the OS level, or you need a new processor altogether.

While details regarding the vulnerability are tightly under wraps due to embargo expected to be lifted early this month, we should know about it around Microsoft’s next Patch Tuesday. Patches for Linux are already available, however comments in the code regarding the issue are redacted.

We’ll update this article as more information is found.


Brandon Orselli

About

Owner and Publisher at Niche Gamer and Nicchiban. Outlaw fighting for a better game industry. Pronouns: Patriarch, Guido, Olive.




Comment Policy: Read our comment policy and guidelines before commenting.
76 comments
  1. Morlab
    Morlab
    January 3, 2018 at 12:04 am

    This is, no joke, one of the biggest issues to come about with computer hardware ever. Every system with an intel is just easily opened to anyone who knows the exploit prior to the kernal rewrites, and this has been a thing for over a decade. The predicted performance hits sources are citing currently on windows after the patch is pushed is going to be 15 to 30% CPU performance loss. Linux sounds like it’s benchmarking better on it’s workaround but nothing concrete yet.

    So everyone who refuses to get updates and has an intel is just going to have a computer wide open for attack, and anyone who actually gets the patch is going to have a worse performing system overall. Intel is going to burn hard for this.

  2. Uncle Ocelot
    Uncle Ocelot
    January 3, 2018 at 12:05 am

    Sweet Jesus, what a colossal disaster.

  3. Anon_Amous
    Anon_Amous
    January 3, 2018 at 12:07 am

    I guess there is such a thing that could get me to switch to AMD.

  4. OldPalpy
    OldPalpy
    January 3, 2018 at 12:19 am

    This is gonna make RROD and exploding Samsung phones look like a minor fuckup.

  5. Anon630
    Anon630
    January 3, 2018 at 12:21 am

    Well, good thing I didn’t spend my cash this holiday. Now it’s just a matter of what to do with the old parts since I doubt anyone’s gonna’ want them now.

  6. Uncle Ocelot
    Uncle Ocelot
    January 3, 2018 at 1:01 am

    I’m feeling quite relieved that I was a poorfag and went with AMD cause it was cheaper.

  7. Captain Vidya
    Captain Vidya
    January 3, 2018 at 1:07 am

    And 2018’s off to a fan-fucking-tastic start.

  8. No_Good_Names_Ever
    No_Good_Names_Ever
    January 3, 2018 at 1:22 am

    First they get outskilled by AMD, then the thing they rushed out in retaliation steals the house fire title away from Nvidia, and now this; outsourcing to India was such a great idea.

  9. iswear12
    iswear12
    January 3, 2018 at 1:45 am

    >Recent Intel chipsets have features to help mitigate a performance hit.
    The same chipsets that all but force you to use Windows fucking 10
    FUCK INTEL AND FUCK MICROSOFT
    If I recall correctly Intel also gave a shit-ton of money to that scam artist Anita as well; that money could’ve gone to its customers as a partial refund for this absolute BULLSHIT
    Gonna strive to never buy an Intel product again. I wish there were more CPU manufacturers because AMD is kinda bad, even their Ryzen ones are disappointing (though a welcome upgrade from their absolute stagnation before). I’ll fucking use them if I have to even if they’re not much better than Intel in terms of ethics, I might as well because there’s very few fucking options
    Fucking hell this pisses me OFF

  10. Kuraudo
    Kuraudo
    January 3, 2018 at 2:22 am

    Can you elabirate? I have a current-gen, amd-powered rig running windows 10. Ryzen outperformed the intel chips when built it.

  11. Kuraudo
    Kuraudo
    January 3, 2018 at 2:24 am

    Wow, haha glad my gaming rigs made the jump to amd’s ryzen, but my work machines are all going to be painful to use after this haha.

  12. Hubbles
    Hubbles
    January 3, 2018 at 2:35 am

    i really really hope this wont affect gaming performance too much (early benchmarks indicate it wont) but this is horrible.

    i cant even afford/dont want to buy a new cpu right now. ram prices are still through the roof and my 4690k has been doing a great job until now.

    i was hoping itd last at least another year…

  13. iswear12
    iswear12
    January 3, 2018 at 3:11 am

    I’d heard that the benchmarks for single thread performance (basically one of the more important benchmarks for pure vidya) that Ryzen was still worse than Intel at a higher price point iirc
    Was a while ago though, so maybe I’m wrong or misinformed or that’s changed since then
    If it has, I’d be pleasantly surprised but I still don’t think too highly of them, just more than Intel

  14. vonSanneck
    vonSanneck
    January 3, 2018 at 3:57 am

    btw, this is worse for data centers. Remember 2 things:
    – Intel marketers told server people that they are more reliable than AMD
    – Intel CEO sold all his company stocks prior to this coming out

    I expect their main market, the server space & high workload computing, to be livid at this announcement, due to their buying habits of going with 2 year old architectures for stability reasons.

  15. vonSanneck
    vonSanneck
    January 3, 2018 at 3:59 am

    look to a 2019 upgrade path and save accordingly. That’s what I’m doing (4790K user).

  16. Migi
    Migi
    January 3, 2018 at 4:44 am

    So glad i went with AMD with my new Gaming PC!!!

  17. Caffeine_Addicts_Anonymous
    Caffeine_Addicts_Anonymous
    January 3, 2018 at 4:49 am

    Well, can’t exactly replace my laptop’s processor with a competitor’s easily. What a shame. The thing can barely handle the lower-requirement indies, like Transistor and Stardew Valley, so I’m somewhat dreading that expected performance hit. At least I didn’t store any passwords, personal shit, or potentially troublesome photos on there, I guess.

  18. Just Screaming
    Just Screaming
    January 3, 2018 at 4:52 am

    I am so fucked.

  19. VersVlees
    VersVlees
    January 3, 2018 at 5:38 am

    Yeah I kinda miss Cyrix who back in the day also had X86 cpu’s next to AMD and Intel. Ok they weren’t the hottest stuff on the market but at least it was another competitor.

  20. VersVlees
    VersVlees
    January 3, 2018 at 5:50 am

    Recently my mobo broke down and normally I just buy new generation mobo cpu and ram.(4670K here)

    However, due the ram prices, limited availability of the new generation intel CPU’s and mobo’s I too gonna wait for 2019.

    In the mean time I bought a cheap H81 mini ITX board to pass this year’s generation. I’m glad you can last longer with CPU’s now without running into a performance wall after so many generations.

  21. Gigaknight
    Gigaknight
    January 3, 2018 at 6:02 am

    Diversity Inside®.

    It’s why I’m not surprised. Just look at Google, and how they’ve been screwing up while putting Diversity℠ on a pedestal.

  22. Eldhin Shichiou
    Eldhin Shichiou
    January 3, 2018 at 8:56 am

    AMD FTW

  23. Cerea
    Cerea
    January 3, 2018 at 9:51 am

    PC gaming master race

  24. chaoguy
    chaoguy
    January 3, 2018 at 10:10 am

    If the guy sold his stocks like the Equifax guy- I’m shocked no one has taken him to court over insider trading or whatever. Intel is big, but not as big as Equifax to just ignore the law.

  25. chaoguy
    chaoguy
    January 3, 2018 at 10:13 am

    AMD isn’t free of sin either:
    https://www.oneangrygamer.net/2018/01/amd-unlikely-devote-resources-dx9-titles-dont-work-adrenalin-says-tech-support/48094/ “AMD Unlikely To Devote Resources To DX9 Titles That Don’t Work With Adrenalin, Says Tech Support”.
    Intel leaves your system unsafe, AMD won’t support old games, and NVidia sometimes sell cards with less RAM than advertized.
    All 3 of the major processor and graphic card companies are anti-consumer. Buy second hand if you can, disable updates, keep your gaming PC offline, or pick your least-worse poison.
    If nothing else, Intel is the greater of 3 evils.

    EDIT: Sorry to post this to other people as well, want to make sure everyone is informed rather than rushing blindly into something that doesn’t work the way they want either.

  26. chaoguy
    chaoguy
    January 3, 2018 at 10:17 am

    Take your PC offline, or talk to more tech-savvy websites and see if a work-around is introduced that doesn’t bloat your system.

  27. Bitterbear
    Bitterbear
    January 3, 2018 at 10:31 am

    AssCreed relies on Denuvo on VMProtect. Someone should do some benchmarks on that game to see how it fares with a patched OS.

  28. Bitterbear
    Bitterbear
    January 3, 2018 at 10:37 am

    I guess there’s no need for Apple to throttle down performance on the next software upgrade.

  29. Bitterbear
    Bitterbear
    January 3, 2018 at 10:38 am

    AMD CPUs and nVidia GPUs for the win.

  30. alterku
    alterku
    January 3, 2018 at 10:51 am

    Came here to see if AMD’s sins were exposed too. Both options are shit for different reasons now.

  31. Eldhin Shichiou
    Eldhin Shichiou
    January 3, 2018 at 11:05 am

    yeah, that’s serious bullshit too indeed

  32. Migi
    Migi
    January 3, 2018 at 11:09 am

    Isn’t this more about their graphics cards? cause my graphics card isn’t AMD its a ASUS ROG strix 1080ti

  33. bimmyz
    bimmyz
    January 3, 2018 at 11:58 am

    i had a great run with my intel cpu, as long as the gaming performance doesn’t take a huge hit, im fine with it also, i think this might be manufactured crisis in order to sell new intel cpu’s, because even older cpu’s some i5’s still hold up pretty nicely nowadays.

  34. Anon_Amous
    Anon_Amous
    January 3, 2018 at 12:08 pm

    “pick your least-worse poison.”

    For sure, at the end of the day I would like to be able to run a rig though so I gotta drink one of these hemlocks.

  35. grgspunk
    grgspunk
    January 3, 2018 at 12:41 pm

    Nvidia GTX GPUs FTW.

  36. Mechonis
    Mechonis
    January 3, 2018 at 1:01 pm

    Huh. I see

    *switches PC build from Intel to AMD CPU*

    Good thing this happened before I started buying

  37. Riosine
    Riosine
    January 3, 2018 at 1:01 pm

    Yay, Codes , can be sneak into Intel cpu execution tables to tell the power supply to melt everything else, from a malware, and eventually the Cpu will pick it and execute them, Best exploit ever

  38. Cats736
    Cats736
    January 3, 2018 at 1:19 pm

    Glad I went with Ryzen.

  39. malbhet
    malbhet
    January 3, 2018 at 1:35 pm

    So glad I bought the 1950x threadripper this past black friday, this news confirms I made the right choice.

  40. Marc Duarte
    Marc Duarte
    January 3, 2018 at 3:10 pm

    My old but dependable i3 will be six years old in March, so I won’t even bother with the patch. My next one will probably be an AMD though, because all I’m interested in playing are my Japanese games on Steam, and those don’t need the best hardware to run smooth, like those AAA Western titles,

  41. 2501
    2501
    January 3, 2018 at 3:55 pm

    I have an i5 so….. fuck.

  42. Exien
    Exien
    January 3, 2018 at 5:39 pm

    This was said my someone who has no knowledge about these things.

  43. Casey
    Casey
    January 3, 2018 at 5:54 pm

    That’s for their video cards, not cpus.

  44. AnarKreig
    AnarKreig
    January 3, 2018 at 5:57 pm

    Hahaha. Fuck, I was looking to construct a new PC around christmas, but decided to wait because ram sticks are far too expensive right now. I had pondered to get Ryzen, because you get more performance for your money, but decided not to because of the lower performance than intel CPU’s, but now with performance lost of 15-30% I’m gonna have to get it. This is the first time I’ll be using anything AMD in over a decade.

  45. RichardGristle
    RichardGristle
    January 3, 2018 at 8:35 pm

    The fuck does this have to do with gaming? It affects phones and tablets too lmao

  46. RichardGristle
    RichardGristle
    January 3, 2018 at 8:51 pm

    You AMD people have not read very well into this.

    Better keep up to date and make sure you’re patched, because some of this DOES affect AMD.

  47. reblinds
    reblinds
    January 3, 2018 at 10:18 pm

    PC gamers btfo yet again, maybe don’t support an Israeli company next time.

  48. sanic
    sanic
    January 3, 2018 at 10:26 pm

    No we were both just smart and savvy enough to know about the dangers of intel.

  49. blacksun
    blacksun
    January 3, 2018 at 11:57 pm

    Well shit, how “modern” are we talking? My computer has a i3-2120 cpu. Got it like around 6 years ago.

  50. David Curry
    David Curry
    January 4, 2018 at 9:20 am

    Should be noted (article should be updated) that AMD and ARM are also vulnerable.

  51. alterku
    alterku
    January 4, 2018 at 10:48 am

    I’ll believe it when I see it. The last time I tried to update my graphics drivers they removed vital options from the client (setting primary display amongst others). Ever since I had to rollback I haven’t bothered again.

  52. Morlab
    Morlab
    January 4, 2018 at 3:39 pm

    — To an entirely diffrent exploit. The Intel specific one is being referred to as “Meltdown” whereas the exploit you are talking about is “Spectre” and spectre is the even bigger issue being brought up now as it affects all CPUs currently in use because it’s an outright issue with current architecture.
    Spectre can’t be worked around on modern systems, and it can’t be detected. The hardware industry will need to go back and rebuild and research an entirely new architecture mindset going forward, and you probably won’t see anything new for nearly a decade.

    When the intel exploit got announced it was the worst, but now spectre being discussed right after it is absolutely the worst thing to happen to the industry as every last system using a CPU made from the mid 90’s going forward is now compromised and there’s no safety net or workaround for it.

  53. chaoguy
    chaoguy
    January 4, 2018 at 4:12 pm

    My bad, sorry.

  54. chaoguy
    chaoguy
    January 4, 2018 at 4:13 pm

    If the issue is online, take your gaming PC offline. It’s not even that daft. Just plug it in if you need to make an online purchase, never visit websites, and just use a cheap & nasty laptop for videos and browsing.

  55. chaoguy
    chaoguy
    January 4, 2018 at 4:13 pm

    Yeah, OneAngryGamer has a story on it. Just have I posted that link to like, everyone.

  56. chaoguy
    chaoguy
    January 4, 2018 at 4:14 pm

    Yeah, didn’t realize. CEO also said they were gonna do a fix, CC: One Angry Gamer.

  57. chaoguy
    chaoguy
    January 4, 2018 at 4:14 pm

    AMD is fixing this issue now (according to the CEO via One Angry Gamer), but AMD had other sins IIRC?

  58. chaoguy
    chaoguy
    January 4, 2018 at 4:15 pm

    Not even a bad idea TBH.
    Top it off with Linux Mint with Wine or Windows 7 and all the telemetry removed and you’re golden.

  59. Migi
    Migi
    January 4, 2018 at 4:16 pm

    No worries. Internet facts always change every second.

  60. RichardGristle
    RichardGristle
    January 4, 2018 at 10:50 pm

    I bet you feel as retarded as you sound right about now.

  61. reblinds
    reblinds
    January 4, 2018 at 11:44 pm

    Lol the 30% is trying to talk to me

  62. alterku
    alterku
    January 5, 2018 at 11:03 am

    As it stands it’s still broken. I’ll maintain my position until/if they fix their mistake. As for other sins? The only other one I got caught on way back when was the multiple core meme; developers are too lazy to take advantage of them so AMD will always lag until they can fix their single/double thread output.

  63. Nagato
    Nagato
    January 5, 2018 at 1:10 pm

    Except he cooperated with the NSA and such all along, so he has nothing to worry about at all; for all intents and purposes, the guy has legal immunity.

  64. Kakaku
    Kakaku
    January 5, 2018 at 10:51 pm

    Still wouldn’t buy yet. AMD has a similar issue with Specter. Prices on all CPUs could potentially drop soon and be free of any issue.

  65. Kakaku
    Kakaku
    January 5, 2018 at 11:09 pm

    About 10 years, maybe 20 years. Depending on what you use your computer for you might have no performance issues, but considering the age of your computer you should still wait until older benchmarks are release just to make sure.

  66. Kakaku
    Kakaku
    January 5, 2018 at 11:10 pm

    I’d wait even longer. With the Specter and Meltdown mess right now I have a feel that CPU prices across the board should be going down.

  67. RichardGristle
    RichardGristle
    January 8, 2018 at 12:17 am

    I don’t know what retarded shit you’re spouting, but I hope your phone – oh I mean “gaming PC”, apparently, is updated!

    Or don’t, and get fucked :P

  68. Anon_Amous
    Anon_Amous
    January 8, 2018 at 4:55 pm

    Well I don’t actually care too much in the first place. 30% is a major hit but I’ve yet to get the Windows patch for this issue so I have no clue what the impact will be.

    What you’re talking about is exactly what I would do if I was more concerned about it.