Intel Vows Meltdown, Spectre Hardware Fixes This Year

Intel will put hardware fixes for the Spectre and Meltdown security flaws on the next generation of its chips, CEO Brian Krzanich said in an Intel blog posting yesterday (March 15).

"We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3" Krzanich wrote, referring to one of the Spectre flaws and Meltdown, respectively. "Think of this partitioning as additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors."

The other Spectre flaw, aka Variant 1, "will continue to be addressed via software mitigations," Krzanich said.

He added that "these changes will begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel Core processors expected to ship in the second half of 2018," the latter of which presumably refers to newer Coffee Lake CPUs using the same architecture as chipsets already on the market.

MORE: Meltdown and Spectre: How to Protect Your PC, Mac and Phone

Krzanich didn't specify any further about how the hardware fixes would work, but because at least some of the chips being "fixed" are not being radically redesigned, it may be that these mitigations offer only a partial solution.

The Meltdown and Spectre flaws are a byproduct of the way most mainstream computer chips, not just Intel ones, have been designed for the past 20 years. Some chip-design and security experts have argued that only a wholesale redesign of chip architectures will solve the problems.

In the meantime, Intel has been releasing firmware, or, in industry parlance, "microcode," to mitigate the flaws in recent chips. Krzanich said that progress has been made on that front, despite some hiccups.

"We have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google," he wrote.

Google researchers were among several different groups and individuals who independently found the Meltdown and Spectre flaws. Google's team was the first to officially disclose its findings after the British tech blog The Register broke the story on Jan. 3 that researchers had been secretly working with vendors to patch the flaws before the public learned of them.

Computer makers are supposed to pass those firmware updates along to people who bought their PCs, but some of those manufacturers have been slow to do so. Microsoft has stepped in and posted several of the fixes online for end users to download and install directly.

It's been interesting to watch Intel's changing public stance on the severity of the Meltdown and Spectre bugs, which the company initially tried to downplay in a blog posting that, to Intel's credit, has not been deleted.

The Register observed that Intel "has shifted from claiming these bugs are overblown and not a problem, to admitting they are a problem but are easy to mitigate, to confessing they are not so easy to mitigate but at least there are no ill effects, to conceding there are some ill effects but it's nothing to worry about, to finally confirming: the issues are so embarrassing, we've redesigned our processors to address the design blunders."

Intel has created a helpful video explaining the Spectre and Meltdown bugs, and its fixes, which you can watch here.

Image credit: Charnsitr/Shutterstock

Windows 10 Security and Networking