About speculative execution vulnerabilities in ARM-based and Intel CPUs

About speculative execution vulnerabilities in ARM-based and Intel CPUs

Kenneth Drake
January 5, 2018

Verify that you are running a supported antivirus application before you install OS or firmware updates.

Updates for Windows, Linux and Mac have all been patched following the discovery, although Intel hasn't denied that this might impact performance.

If nothing comes up, that means Windows has detected the presence of an incompatible anti-virus (AV) application on your system.

There's no evidence that bad actors have yet exploited the bugs, but companies from Microsoft to Mozilla said they have worked to patch up vulnerabilities to their operating systems. It did however say that most users wouldn't notice the change.

However, despite all of this work, Williams noted that with the Meltdown patches specifically, "the patch does not address the core vulnerability, it simply prevents practical exploitation".

This is where things get messy. Apple says that despite fears from users, these updates have not slowed down the performance of the Apple devices that received them.

This Google Docs file contains a list of the responses from some AV companies.

The simplest way to go about this is if you can go to the Windows Update section every day and press the "Check for updates" button and you'll receive the update after your AV product creates that registry key.

But the race is now on, says Tony Cole, vice president of global government and critical infrastructure with computer security company FireEye.

Nick Foles unable to ease concerns in postseason tune-up vs. Cowboys
In a meaningless game played in freezing temperatures, the Eagles' inactives list was littered with precautionary deactivations. But Nick Foles was far from comforting with 4-of-11 for 39 yards with an interception before getting the rest of the game off.

We'll display this in red so it sticks out. Microsoft is running into a compatibility issue with some antivirus apps.

Intel on Wednesday confirmed a report stating that its semiconductors contain a vulnerability based around a chip-processing technique called speculative execution.

How can you check the status of the patches?

Although the Cupertino firm hasn't announced it officially yet, AppleInsider quoted "multiple sources within Apple" as saying that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the CPU vulnerability. As explained above, this might take a few days for some users with "problematic" anti-virus software. There are two possible scenarios.

"As they are hardware bugs, patching is a significant job".

ARM said in a public statement that the "majority of ARM processors are not impacted", while AMD reassured users that the "described threat has not been seen in the public domain".

As you can probably imagine, the tech industry hasn't remained closed-mouthed and has reacted to the news accordingly, with some of the industry's biggest players from different sectors such as cloud providers and device manufacturers, already putting out statements.

Cloud administrations possessed by Amazon, Microsoft, and Google itself have additionally been utilizing Project Zero's examination to make and issue patches for their servers, while numerous other littler cloud suppliers who had not been beforehand told about the defect are now scrambling to fix their machines.