Just as the shadow of Meltdown and Spectre was starting to fade, a new variant of the latter chip flaw has been disclosed. Microsoft and Google researchers discovered the vulnerability, which has been dubbed ‘Speculative Store Bypass (Variant 4). Like other variants of Spectre, it exploits speculative execution to expose sensitive data through a side channel.
To prevent against Variant 4 being used in other ways, Intel and its industry partners are offering additional mitigations in the form of microcode and software updates. The company said it has already delivered the beta microcode update to OEM system manufacturers and software vendors, and that BIOS and software updates will be released in the coming weeks.
As with the original flaws, the updates will have a small effect on system performance—Intel estimates a 2 to 8 percent impact based on benchmark scores. Because of this, and the fact there’s no evidence of any exploits being used in the wild, the mitigations will be set to off-by-default, “providing customers the choice of whether to enable it.” AMD said its protections will be left off by default, too.
Back in February, Intel expanded its bug bounty program to include Spectre- and-Meltdown-style vulnerabilities, upping the reward for finding the most serious bugs to $250,000. Microsoft writes that it disclosed Variant 4 to industry partners in November 2017 as part of Coordinated Vulnerability Disclosure (CVD)."
“We are continuing to work with affected chip manufacturers and have already released defense-in-depth mitigations to address speculative execution vulnerabilities across our products and services,” says a Microsoft spokesperson. “We’re not aware of any instance of this vulnerability class affecting Windows or our cloud service infrastructure. We are committed to providing further mitigations to our customers as soon as they are available, and our standard policy for issues of low risk is to provide remediation via our Update Tuesday schedule.”
At the start of the year, Intel CEO Brian Krzanich said the first redesigned Intel chips that are protected against Spectre variants would arrive in the second half of this year.