Spectre, Meldown & IME - a black eye for Intel & others
In recent weeks - three key vulnerabilities have been exposed with Intel, Apple and even some ARM CPUs.
The first two Meltdown and Spectre are specifically focused on "speculative execution" capabilities that help modern CPUs gain performance and how they deal with memory page tables at the kernel and process level.
In both cases the potential exposure is that via your browser information can be leaked about IDs, Passwords or other info.
In addition Intel CPUs specifically have had an exposure to the Intel Management Engine (IME) which is often used by IT Pros for managing large numbers of devices.
As of today, many major hardware, OS and even Intel themselves have produced patches to attempt to mitigate the exposure. But overall this is a pretty good black eye for Intel.
With IME for example some of these exposures where known for years - but Intel never did anything to correct it - until the noise got loud enough.
One of the impacts of applying Meltdown and Spectre firmware & OS patches in the impact on performance. And depending on the age of your device and therefore CPU - it could be substantial. It also seems to impact Disk IO - which is often critical to overall performance. Some early tests have shown IO performance to be reduced by as much as 30%.
Some AMD processors do not seem to be impacted as much since they utilize a different branch predictor model. But AMD is still readying firmware changes to address the speculative execution issue.
This is not the first time Intel has had a problem with CPUs. Way back in Oct of 1994 - when the Pentium processor was new - a mathematician discovered what would be called the FDIV (floating point division) error. Back then I worked on Wall St as an IT guy building trade floors. Since the error could very specifically and negatively impact trading data - we had all the CPUs replaced in some 2,500 PCs.
More recently Intel Haswell based CPUs had a problem with Transactional Synchronization Extensions (TSX) that require to disable the feature via a firmware update.
With all the above said - for the vast majority of users they would have never known about the exposure or the mitigation impact if it was made public in the media. The same can be said of OS vulnerabilities. Often when some major virus gets exposed - MS and others have announced that if you are current with your patching or at their latest OS - the exposure was already addressed.
Typically it is older unpatched OS and devices that take the brunt of these attacks as well as poor judgement on the part of users who open odd attachments or visit some sketchy web sites.
Bottom line is this - Spectre and Meltdown are real and hardware and OS vendors and working to deploy patches to mitigate the risk. IME has already been patched by Intel. Will you notice a real drop off in performance - most likely not. So far only 1 gaming company - Epic has called out specific issues.
The first two Meltdown and Spectre are specifically focused on "speculative execution" capabilities that help modern CPUs gain performance and how they deal with memory page tables at the kernel and process level.
In both cases the potential exposure is that via your browser information can be leaked about IDs, Passwords or other info.
In addition Intel CPUs specifically have had an exposure to the Intel Management Engine (IME) which is often used by IT Pros for managing large numbers of devices.
As of today, many major hardware, OS and even Intel themselves have produced patches to attempt to mitigate the exposure. But overall this is a pretty good black eye for Intel.
With IME for example some of these exposures where known for years - but Intel never did anything to correct it - until the noise got loud enough.
One of the impacts of applying Meltdown and Spectre firmware & OS patches in the impact on performance. And depending on the age of your device and therefore CPU - it could be substantial. It also seems to impact Disk IO - which is often critical to overall performance. Some early tests have shown IO performance to be reduced by as much as 30%.
Some AMD processors do not seem to be impacted as much since they utilize a different branch predictor model. But AMD is still readying firmware changes to address the speculative execution issue.
This is not the first time Intel has had a problem with CPUs. Way back in Oct of 1994 - when the Pentium processor was new - a mathematician discovered what would be called the FDIV (floating point division) error. Back then I worked on Wall St as an IT guy building trade floors. Since the error could very specifically and negatively impact trading data - we had all the CPUs replaced in some 2,500 PCs.
More recently Intel Haswell based CPUs had a problem with Transactional Synchronization Extensions (TSX) that require to disable the feature via a firmware update.
With all the above said - for the vast majority of users they would have never known about the exposure or the mitigation impact if it was made public in the media. The same can be said of OS vulnerabilities. Often when some major virus gets exposed - MS and others have announced that if you are current with your patching or at their latest OS - the exposure was already addressed.
Typically it is older unpatched OS and devices that take the brunt of these attacks as well as poor judgement on the part of users who open odd attachments or visit some sketchy web sites.
Bottom line is this - Spectre and Meltdown are real and hardware and OS vendors and working to deploy patches to mitigate the risk. IME has already been patched by Intel. Will you notice a real drop off in performance - most likely not. So far only 1 gaming company - Epic has called out specific issues.
Comments
Post a Comment