New Intel Spectre Vulnerabilities Published By Former Intel Security Head

Spectre and Meltdown security exploits came to light earlier this year to which majority of Intel chips are vulnerable, however, BIOS and OS patches were rolled out to secure the users but new Intel Spectre vulnerabilities have been published by former Intel security head.

According to Yuriy Bulygin, new speculative execution attacks have been discovered which hinge on Spectre variant 1 and could possibly work with Variant 2 Spectre Exploits.

These new Intel Spectre Vulnerabilities just simply leverage the bounds check bypass element of the Variant 1 to bypass the SMRR protection of the SMM memory.

This exploit allows the unauthorized user to read the contents of the memory including the one which is to be protected by the system management mode (SMM).

However, this is not the only variant of Spectre made public as recently, 8 new Spectre-NG exploits came to light of which 4 are classified as high-risk vulnerabilities.

According to the report, shared hosting providers are at risk with these newly discovered Spectre variants and the vulnerabilities share the same design pattern as Meltdown and Spectre Security exploits.

Furthermore, the report suggests that Intel is actively working to patch out these newly discovered exploits and has been working with Microsoft to develop patches, however, it is not clear when these patches will be available.

However, these Intel Spectre-NG patches have been delayed due to Intel not able to get them ready in time. The report suggests that Intel Spectre-NG Patches were supposed to drop on May 7, 2018, but now Intel has delayed the patches for the newly discovered security exploits by 14 days and are now scheduled to roll out on May 21, 2018.

What is interesting is that these exploits have emerged shortly after Intel revealed 8th gen CPU refreshes which have completely been redesigned to counter Spectre and Meltdown security exploits. Which raises the question that if these new exploits have also been patched in the redesigned or not.

Source: Hothardware