Remember the Meltdown and Spectre fixes that Intel is baking into its processors to make them bulletproof to these vulnerabilities at a silicon level, and which are expected to be incorporated into new CPUs that ship later this year Well, its allegedly the case that those countermeasures wont defend these chips against a new freshly-discovered Spectre flaw.Earlier this week came the official revelation that there is a fresh strain of Spectre Variant 4, known as Speculative Store Bypass which leverages similar vulnerabilities to the existing variants, although Intel noted it uses a different method to crack into the sensitive data held in your computers memory.And, according to sources who spoke to Threatpost, the aforementioned safeguards which Intel is implementing may protect against Spectre Variants 2 and 3, but not this fourth incarnation.There may also be further spins along these sort of speculative execution side channel vulnerabilities in the future, the sources further noted (which is precisely why Microsoft, for one, recently kicked off a major bug bounty program with big rewards for those who flag up these issues).At any rate, Intel isnt leaving processors undefended against Variant 4, of course, even if it does turn out to be the case that the new integrated silicon-level countermeasures arent able to protect against V4.How to protect against Spectre and MeltdownMedium riskAs the chip manufacturer said earlier this week, the new bug is medium risk, and it has already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.The issue with this fix is, unlike baked-in protection, theres a performance price to pay, just like previous Meltdown and Spectre patches.
Intel estimates that to be a slowdown of around 2% to 8% based on SYSmark and other benchmarks, but of course mileage will doubtless vary from system to system.As has been the case in the past, as well, you may see more of a detrimental effect if youre running an older version of Windows (i.e.
pre-Windows 10).Interestingly, Intel will be delivering this Variant 4 fix as an optional measure, and it will actually be set to off by default.
That means users will need to enable protection if they so wish, or carry on regardless and avoid any performance hit, with the potential risk of being exploited down the line.