On May 3, Intel executive vice president and general manager of product assurance and security Leslie Culbertson issued a statement on potential new security issues: “Protecting our customers’ data and ensuring the security of our products are critical priorities for us,” Culbertson wrote. “We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. “We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.” While most of the issues are reportedly at the same risk level as Spectre, which can admittedly get pretty high, there’s one interesting nugget: a flaw that would easily let a malicious hacker exploit code in a virtual machine and attack the host system, whether it be a single PC or, say, a major corporation’s server, and get into more virtual machines that way. “Although attacks on other VMs or the host system were already possible in principle with Spectre, the real-world implementation required so much prior knowledge that it was extremely difficult,” said the English-language version of the C’T story. “However, the aforementioned Spectre-NG vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level.” C’T refers to the eight vulnerabilities as Spectre-NG (Next Generation), but that seems to be a name made up on the magazine’s part. The magazine suggests each vulnerability could get its own name, and there will likely be eight different patches – one for each issue. The report states the first wave of patches could go live in May (Microsoft’s next Patch Tuesday for Windows 10 is on Tuesday, May 8), while the rest are being prepped for August. The report suggests some ARM chips may be vulnerable to the Spectre-NG flaws, and that AMD is researching if this affects its processors as well. Meltdown affected a few ARM and AMD chips. But Spectre affects almost every CPU in the last two decades, and if these new reports are correct, we won’t be shaking similar vulnerabilities anytime soon until there’s a wholesale redesign of the processors. “It seems that for each fixed issue, two others crop up,” the C’T article said. “During the past twenty years, safety considerations have only played second fiddle to performance in processor development.” Image credit: BeeBright/Shutterstock
Windows 10 Security and Networking
Previous TipNext Tip
Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar