|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
.There are still eight more (still secret) security flaws in Intel’s CPUs. German computer magazine heise.de, who received secret documents of the unreleased flaws called the vulnerabilities SpectreNG (Spectre Next Generation).
Currently the details are online available in German, but I’ve covered a few thing within this English article:
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
Just been reading on W10 Meltdown bypass: BleepingComputer
Microsoft issued today an security update, but it wasn’t to backport the “fixed” Meltdown patches for older Windows 10 versions.
Spectre-NG: Security bods uncover eight new ‘Spectre-class’ flaws in Intel CPUs
But chipmaker promises patches are on their way
By Carly Page | May 4, 2018
According to the website, Google’s Project Zero uncovered one of the flaws, which have been collectively named ‘Spectre Next Generation’ or ‘Spectre-NG’, and will publicly reveal it on 7 May, a day ahead of Microsoft’s Patch Tuesday.
Heise says Intel had classified four of the flaws as “high risk” and the rest as “medium”.
One of the most serious bugs could theoretically let attackers bypass virtual machine isolation from cloud host systems to steal sensitive data such as passwords and digital keys.
Read the full article here
Catalin Cimpanu has tweeted that disclosure has been delayed, apparently at Intel’s request:
Disclosure of the Spectre-NG vulnerabilities has been delayed two weeks, for May 21, per source
— Catalin Cimpanu (@campuscodi) 7 May 2018
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
