Jueves, 18 Enero, 2018

AMD confirms rollout of Spectre patches, says older chips affected more

Security patches for Meltdown and Spectre are slowing older systems down Microsoft: PCs with Haswell CPUs and older may notice performance impact from Spectre patch
Eleena Tovar | 12 Enero, 2018, 17:49

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data.

On Monday, Krzanich said there's no evidence that Meltdown or Spectre have ever been used to steal customer data in real life and that Intel plans to keep it that way.

Why do Spectre (and Meltdown) vulnerabilities concern security professionals?

Due to the deep nature of the flaws, tech giants' updates haven't always gone as planned. Discussing more timely matters, AMD says it has been working closely with OS providers to patch GPZ Variant 1 (Spectre) and OS and motherboard makers to patch GPZ Variant 2 (Spectre).

GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors. The end result looks pretty cool as you're able to change perspectives as desired and freeze a scene so you can rotate the view for a better angle. The flaws ensnared many chip companies, including SoftBank Group Corp.'s ARM Holdings, Advanced Micro Devices Inc. and Nvidia Corp. Although some vendors have downplayed the potential risk from these flaws, they are of concern because of the inherent complexity to resolve the deficiencies and the significant number of devices that have the flaw.

It is unclear which financial institutions were targeted by the hackers. The updates are separate from patches produced by operating system companies such as Microsoft Corp.

And in terms of transparency with the fixes for these (and other) bugs, Krzanich said: "As we roll out software and firmware patches, we are learning a great deal".

Microsoft's own support forums have seen a flood of PC owners with AMD processors complaining that their PCs won't boot after Spectre/Meltdown security patches were downloaded and installed.

The WSJ quoted one unnamed Intel partner, who, like Theo de Raadt, the head of the OpenBSD project, expressed disquiet that the company was only informing some customers about the problems with the patches.

What systems require patching for vulnerabilities? "It doesn't surprise me a lot that there would be some hiccups", he said.

AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week.

"They are not affected by these security issues". Intel is also the worldwide partner for the upcoming Olympic winter games and will have its technology deployed to cover most of the events.