Meltdown, Spectre Explained, Patch Fixes: Companies Encounter Hiccups as Researchers Become Closer to Weaponizing Vulnerabilities
Even before the Meltdown and Spectre vulnerabilities were revealed to the public, companies have been hard at work to roll out fixes to protect their affected computers and machines.
For those who do not know, Meltdown and Spectre take advantage of an action a computer does called "speculative execution," which allows the machine to guess what a user will do next to go ahead and perform it without being initiated for faster and more efficient performance.
Unfortunately, data stored involving this also puts the computers at risk of being mined for any of the private information stored in their caches.
While companies like Apple, Microsoft, Google, and many others are working round the clock, there is still a long way to go before these exploits are completely contained. In fact, some tech giants have stumbled upon a hitch in the middle of their efforts.
Microsoft recently pulled out the patch for AMD systems they released last week after it caused some machines to fail to boot and completely stop working. Microsoft has resumed distribution of the same patch already although older machines are yet to take advantage of it.
Microsoft also notes that Windows 10 is much safer from Spectre than older operating systems so users are advised to upgrade to protect their computers.
Intel, which is both exploitable by Meltdown and Spectre, has released microcode update that helps operating systems shield against the latter, but this has proven to be problematic after reports of crashes.
Those with Haswell and Broadwell processors are advised to shy away from the update as well as those whose motherboard or system vendor has an updated firmware with the new microcode. Users with VMware ESXi for microcode updates are advised to roll back to an earlier version.
As per Ars Technica, the companies cannot afford such missteps especially with researchers are not too from figuring out a way to turn Spectre and Meltdown into a practical attack, which means that hackers are dangerously close as well.
Thankfully, the tech titans are quick to roll out fixes of their earlier hiccups. However, the sense of urgency is greater as real-world attacks using the lethal vulnerabilities, which affect basically every computer within the last two decades, are sure to follow soon.
Users should also be wary of the updates they download. Some hackers are exploiting the situation by disseminating fake updates through email that are made to look like they are from a government agency. So unless the patch or update is confirmed to directly come from Intel or Microsoft, users should not download any.