New flaw in Intel processors can be exploited in a similar way to Spectre

Intel Coffee Lake

A new security vulnerability has been found in Intel’s family of Core processors, along similar lines of the major Spectre bug that has been making headlines all year. Thankfully, this one appears to be less severe – and is already patched in modern versions of Windows and Linux.

The freshly-discovered hole is known as the ‘Lazy FP state restore’ bug, and like Spectre, it is a speculative execution side channel attack. Just a few weeks back, we were told to expect further spins on speculative execution attack vectors, and it seems this is one.

Intel explains: “Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.”

What that means is theoretically the flaw can be exploited to pilfer data from running applications, and worryingly, that potentially includes encryption operations, as ZDNet reports. All Intel Core chips are vulnerable regardless of the platform they’re running on.

Moderate severity

The good news is that severity of this attack is only rated as ‘moderate’ by Intel, as it’s tricky to exploit, and also easy to fix. Indeed, modern versions of both Windows and Linux – that includes Windows 10 and Windows Server 2016, and any Linux distro which employs the Linux 4.9 kernel or better – are believed to be safe from this vulnerability already.

OpenBSD and DragonflyBSD are also bulletproof, plus a fix has already been issued for FreeBSD.

Windows 2008 Server users, however, will need to install a patch to protect themselves. And despite this not being rated as a critical vulnerability, you’ll certainly want to get things patched as soon as possible.

As we’ve already mentioned, there are likely to be more of these speculative execution side channel attacks discovered, and 2018 is set to be a lively year on the security front, to say the least.

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).