Simon Waldherr/Flickr (CC-BY-SA)
A patch is being developed—but it may slow your computer down.
Google and Microsoft researchers have discovered a new computer processing unit vulnerability that’s a variant of the Meltdown and Spectre bugs uncovered earlier this year. Fortunately, the issue known as Speculative Store Bypass will soon be patched via a firmware update. Unfortunately, that patch will likely slow your machine down.
In January, security researchers unveiled a pair of security flaws that affected nearly every modern processor, from smartphones to desktop computers. Dubbed Meltdown and Spectre, the critical security vulnerabilities could render memory on your computer readable by outside parties, leaving sensitive information such as passwords, security keys, and files open to hackers. The problem affected virtually all x86 Intel CPUs shipped over the past 23 years, as well as CPUs from Arm and other chipmakers.
The latest CPU vulnerability functions similarly to Spectre, the Verge reported. Microsoft discovered Speculative Store Bypass back in November and has been working with Intel and Advanced Micro Devices since then to determine its impact on PCs, as well as a fix. Luckily, most modern browsers—including Edge, Safari, and Chrome—were patched for Meltdown earlier this year, and they are already protected against this new threat.
For firmware, however, the update isn’t so peachy. Intel has shipped beta microcode updates for Speculative Store Bypass to manufacturers, which should ship over the next few weeks.
Protection against the CPU vulnerability will be switched off as a default—users will need to actively enable it—but doing so could slow computers down anywhere from 2 to 8 percent, according to the Verge. Thus, users will need to choose between extra security for their machine or continued performance levels.
Thankfully, this variant of Spectre and Meltdown doesn’t seem to be as insidious as the originals. As for the future, Intel is working to redesign its processors—including its chips shipping later this year—to protect against all these bugs.
H/T the Verge