“Without Meltdown and Specter”: Intel redesigns its processors

Intel announced last week that it is continuing to work on protection from Meltdown and Specter. In addition to the released software “patches” for existing processors, the company intends to process subsequent models at the “silicon level”.

Details below.

/ photo Intel Free Press CC

Software Patches for Current Products

Intel CEO Brian Krzanich in the middle of the month presented a report on the work done by the company since the discovery of vulnerabilities. According to him, microcode updates for all products released over the past 5 years have already been released.

We are talking about the platforms Kaby Lake, Coffee Lake and Skylake, representing the 6th, 7th and 8th generations of Intel processors, as well as the "family" Core X. The update also affected the recently announced Intel Xeon and Intel Xeon D, intended for use in the data center .

Intel previously released software patches (in early January) after information about Specter and Meltdown was widely publicized in the press. However, updates on many computers led to malfunctions, reboots and BSOD. But later, the IT giant released new updates with which no problems were noticed.

Recycling future processor models

In addition to software updates, the company decided to process the chips at the "silicon" level. For this, Intel even created a special IPAS group (Intel Product Assurance and Security) led by Leslie S. Culbertson, one of Intel's long-standing top managers. The group's goal is not only the development of hardware patches from Specter and Meltdown, but also the search for solutions to prevent possible threats in the future.

Hardware enhancements will begin with the new Intel Xeon Scalable (codenamed Cascade Lake), as well as the 8th generation Intel Core processors, which will be released to the market in the second half of 2018. General Director Brian Krzhanich assures that "work in this direction is a long-term process that the company takes seriously."

What does AMD do

The vulnerability problem affected AMD products only partially - Meltdown “bypassed” AMD. The company released a software patch from Spectre Variant 1 in the form of updates for your operating system and firmware modification to counteract Spectre Variant 2. However, according to the assurances of the company, AMD updates were not critical.

Despite this, it was decided to take a number of additional measures. AMD CEO Lisa Su has confirmed that the new Zen 2 architecture will include a “silicon-level” fix. Zen 2 output with 7 nm process technology expected in 2019.

/ photo Fritzchens Fritz CC

How else are they fighting Specter and Meltdown

Microsoft recently launched a new bug-bounty program aimed at detecting vulnerabilities like Specter and Meltdown in Windows and Azure products. The reward for the bug depends on the level of danger found - there are only four.

The first level (from 5 to 25 thousand dollars) corresponds to finding already known vulnerabilities (such as CVE-2017-5753) in Windows 10 or Microsoft Edge, and the fourth (from 100 to 250 thousand dollars) corresponds to the discovery of previously unknown attack vectors. Microsoft suggested searching for vulnerabilities until December 31, 2018.

Intel is also not far behind and in March expanded your bug-bounty program. For finding threats such as Specter and Meltdown, the corporation will pay from 20 to 250 thousand dollars, depending on the rating of the revealed vulnerability CVSS (Common Vulnerability Scoring System). As with Microsoft, the program is active until December 31, 2018.

Other content from 1cloud's corporate blog: