Critical Flaw Identified in Intel Processors


In the wake of the discovery, Google's Project Zero and others have published a detailed report on the case. This has resulted in platform-holders scrambling to issue patches. Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect.

Service providers such as Amazon are working to patch the servers used in their data centers, and some users may experirence down time as they do this. Unfortunately, that capability is vulnerable to malicious actors who could access critical information stored in memory, including encryption keys and passwords.

"What actually happens with these flaws is different and what you do about them is different", said Paul Kocher, a researcher who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.

The statement goes on to say that Intel is "working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively".

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.

The findings were that processor microarchitectures from Intel, AMD and ARM were all vulnerable to a lesser or greater extent. Windows 7 and Windows 8, on the other hand, will not receive the automatic update; instead, they will be updated next Tuesday, the report added.

"Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system".

On the consumer and enterprise side, Intel says that it has "already issued updates for the majority of processor products introduced within the past five years".

The U.S. Computer Emergency Readiness Team explained that these flaws allow an attacker to access sensitive information.

Chipmaker Advanced Micro Devices on Wednesday pushed back on a statement from Intel about a recently documented security flaw, saying its chips are mainly not affected. It said that it had already protected nearly all instances of AWS and that customers must update their own software running atop the service as well.