Two vulnerabilities affecting x86 and ARM processors that power desktops, laptops, tablets, and even smartphones around the world are causing tech giants such as Microsoft and Intel to butt heads as they scramble to come up with solutions.
According to a recent report published by BBC News, Microsoft has released a patch that essentially disables a security fix previously distributed by Intel. The computer chip manufacturer had rushed to issue a software patch to address Meltdown and Spectre, two CPU architecture flaws that could give hackers an opportunity to capture sensitive information from computers powered by x86 processors. After reports from Windows users that the Intel patch caused instability and sudden reboots, Microsoft issued a fix that essentially disables the security measure rolled out by Intel.
Spectre and Meltdown are the names given to the two aforementioned vulnerabilities, which were discovered by Google’s Project Zero with the collaboration of European researchers whose work consists of looking for the least likely attack vectors and vulnerabilities they can find in information systems.
Information security analysts believe that Intel is facing an uphill battle in addressing these vulnerabilities because developers of the software patches have to consider the wide diversity of system configurations where x86 chips are present; for example, the patch disabled by Microsoft affects certain motherboards running Windows 7, 8.1 and 10. Intel also has to consider that the flaws may also affect computers running the Linux operating system, which has dozens of distribution; in other words, Intel may have to develop and thoroughly test numerous patch versions before they are made available to the public.
Microsoft software engineers explained that they disabled the Intel patch not only because of reports about sudden shutdowns and reboots; there was also a great risk of permanent data loss.
Not everything related to Meltdown and Spectre has been bad news. Newer versions of the Android mobile operating system are not affected, and the security researchers who discovered the flaw have been particularly careful about not releasing information that may fall in the hands of malicious hackers. As of late January, there have been no reports about attacks that may have been based on exploits developed to take advantage of these vulnerabilities.
Hardware engineers working on the next generation of microprocessors are paying close attention to the work of Google engineers assigned to Project Zero, a team that has already discovered many security issues across various systems.