Windows 10: Intel CPUs Vulnerable to New 'BranchScope' Attack

Read more: Intel CPUs Vulnerable to New Attack | SecurityWeek.Com

 

Please god, not this again...

:)

 

Windows 10 stutters / lag when opening UWP apps

Below is the official Microsoft statement on this issue.

“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying
mitigations to cloud services and are releasing security updates todayto protect Windows
customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as "speculative execution side-channel attacks" that affects many modern processors and operating systems including Intel, AMD,
and ARM.

To address these issues, Microsoft has worked in partnership with the hardware industry to develop mitigations and guidance.

Your understanding is highly appreciated.

 

Windows Phone vulnerable to FREAK ATTACK!

I am puzzled.

When I visit
security bulletin does not mention anything about it! What is worse, there is no hope for any update coming.

Did I miss something? Or are the Windows Phones not meant to be secure?

Can somebody explain please?

With thanks in advance for any clues.

Martin

 

Are they saying that it only affects Intel processors, or are they saying that it has only been tested on Intel processors?

 

AMD should also be affected in some way if it's in relation to Spectre 2. It's possible that this was tested soley on Intel though.

As predicted, more branch prediction processor attacks are discovered | Ars Technica

 

Have these "Experts" got nothing better to do than look for unheard of never used possible exploits? Are they on some kind of look how clever we are ego trip?

 

If the attacker has physical access, then security has already been compromised.

If the attacker has remote access, then security has already been bypassed.

So the concern is strictly espionage. A mole or double-agent working normally while the injected code retrieves sensitive info.

 

Microsoft is offering rewards for new speculative execution exploits. Whether or not this is a good idea is debatable.

Microsoft Announcing Speculative Execution Bounty Program Launch - Windows 10 Forums

 

My thoughts too. Pretty tired of all this. All they seem to be doing is ‘alerting’ these underworld types to the possibilities with these big reveals.

 

Why would they put this out there in the first place??

These Holes should be taken care of in their respective labs and Then give us a patch.

Now, they are just fueling the fires of all hackers.

I just wish they would use a bit of common sense but, I guess common sense isn't very common.

 

So you are saying, as long as nobody looks for holes, none exist and therefore no one is exploiting them? *Confused

 

This is getting tiresome while our systems become slower and less responsive.

 

Not exactly but how do you exploit something that has not been discovered and the "how to" published?
If these so called flaws have been exploited then where is the evidence or put another way, how many times has Spectre and Meldown actually been a problem before it was discovered and the code made public?