17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.
The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero.
Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:
The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018.
Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements:
Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”
Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”
After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.”
But Paul’s team exploited speculative execution and had solid proof.
They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.
In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.
When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease.
When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.
The research evidence was irrefutable.
Their results showed there was a flaw in Intel chips.
A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.”
Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.
Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.
The pages with the discontinued products are below:
When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows:
Intel also states in their Microcode Revision Guidance Legend:
As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.
If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.
Call our business managed IT services department directly at (404) 777-0147 or simply fill out this form and we will get in touch with you to set up a getting-to-know-you introductory phone call.
Fill in our quick form
We'll schedule an introductory phone call
We'll take the time to listen and plan the next steps
11285 Elkins Rd Suite E1, Roswell, GA 30076
© Copyright 2024 Centerpoint IT. All Rights Reserved. Website in partnership with Tech Pro Marketing. | Privacy Policy
Get Immediate Help For All Your Technology Issues (404) 777-0147
If you want our team at Centerpoint IT to help you with all or any part of your business IT, cybersecurity, or telephone services, just book a call.
Fill in your information below to get started today.
"*" indicates required fields
Fill in your information below to schedule now.
"*" indicates required fields
Before your organization commits to 1, 2, 3 or even longer managed IT services contract, understand what you’re getting. Centerpoint IT gives you the facts in our Managed IT Services Buyer’s Guide.
Enter your information below and we’ll send it over.
"*" indicates required fields
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
https://calendly.com/centerpoint-it/discovery-call