Sunday, 28 January 2018

Microsoft works weekends to kill Intel's shoddy Spectre patch

Microsoft has implemented Intel's advice to reverse the Specter 2 variant microcode patches.

Redmond released Saturday a rare off-cycle review on the weekend, to make the process possible.

Intel's first patch was so bad, it made many computers less stable, sending Linus Torvalds into a justifiable merger last week.

Chipzilla then removed the patch, but it made its way into a Microsoft fix, which the company pulled on Saturday.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," writes Microsoft, adding, "We understand that Intel continues to investigate the potential impact of the current and current firmware version. encourages clients to review their recommendations to inform their decisions. "

This only applies to the Spectrum patch, Microsoft pointed out: "The application of this payload only specifically disables mitigation against CVE-2017-5715 - 'Branch Target Injection Vulnerability.'"

He noted that, as far as we know, nobody has changed the Specter 2 variant yet.
LinuxConf panel: embargo a "sh! T-show"

The manipulation of Specter and Meltdown was sharply criticized at LinuxConfAU last week in Sydney, Linux Foundation's technical advisory committee member Jonathan Corbet, complaining about the secrecy of events between the first private bug reports. January 2).

Instead of the disclosure processes used for most vulnerabilities, Corbet said, "This disclosure process was handled very differently," and no one explained why.

Corbet later added, "I would like the industry to stop all of this, so we can have the whole story and figure out how to do it better next time."

The developer Jess Frazelle said the disclosure could be improved by "not showing an absolute embargo", while Katie McLaughlin added that only the big cloud providers knew: "It seems like it's an exclusive club. do not know, and it's not really clear which lines should be informed. "

No comments:

Post a Comment

Note: only a member of this blog may post a comment.