Google and Microsoft announced new bugs on the CPU, update fixes will slow down the machine again

Microsoft and Google jointly announced a new security hole on the CPU similar to Meltdown and Specter that was discovered earlier this year. Also known as the Speculative Store Bypass (variant 4), this latest vulnerability is similar to Specter and exploits speculative execution techniques that CPUs often use today.

Browsers like Safari, Edge or Chrome have been patched for the Meltdown vulnerability earlier this year and Intel said that 'they can be applied to the 4' variable.

But unlike Meltdown (and more like Specter), this new vulnerability will also have a firmware update for the CPU and may affect machine speed. Intel has now released a micro-update for the Speculative STore Bypass in beta form to OEMs, hoping to release it in the next few weeks.

The firmware update will set the protection mode to the default Speculative Store Bypass, ensuring that most people will not realize the negative effects on the machine speed.'If you turn it on, you will see an effect on the 2-8% speed based on SYSmark 2014 SE benchmark or SPEC Integer Rate on the system, ' said Leslie Culbertson, Intel's chief security officer.

Users (especially system administrators) will have to choose between the security or the optimal speed of the system. As with previous Specter variants, the choice depends on each user and server.

Microsoft suspended the $ 250,000 prize for similar Meltdown and Specter errors in March and said it had discovered the new bug in November. "Microsoft had previously discovered this variant and told other partners in November. / 2017 in CVD (Coordinated Vulnerability Disclosure) ' , Microsoft representative said. Microsoft is currently working with Intel and AMD to determine the impact of errors on the device.

'We do not see any version of this vulnerability on Windows or cloud services. We are committed to making our customers day-to-day when possible, the standard policy for low-risk issues is to provide a fix via the Update Tuesday update .

Intel is also preparing to make changes to its CPU by redesigning the processor, resisting vulnerabilities like Specter or this new 4 variant. The new generation Xeon processor (Cascade Lake) will have built-in protection in hardware along with the 8th generation Intel Core processor that will be released in the second half of 2018.

See more:

1. Intel released Microcode for CPU Linux to fix Meltdown and Specter
2. AMD released a firmware update for Specter to fix the vulnerability on the CPU
3. Intel's chip has eight new serious vulnerabilities