Go Ad-Free
    My Alerts
    VICTORIS
    Budget Express 2026

    co-presented by

    • LIC
    • JIO BlackRock

    ASSOCIATE SPONSORS

    • Sunteck
    • SBI
    • Emirates
    • Dezerv
    Parallel Income Plan 2026
    Parallel Income Plan 2026

    Google and Microsoft find a CPU security exploit - the solution may slow down your PC

    The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts, Intel said

    Moneycontrol News
    May 22, 2018 / 17:36 IST

    Google and Microsoft have revealed a CPU security vulnerability which is similar to the Meltdown and Spectre flaws that were revealed earlier this year.

    CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

    The vulnerability called Speculative Store Bypass (SSB), also known as Variant 4 similarly exploits "speculative bypass". When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations.

    According to Intel, “Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.”

    Intel has also released microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). In coming weeks, it is expected that the update will be widely available.

    The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.

    Apparently, the update, if enabled, may impact the performance of the computers. So the admins of the system will have to pick between security and performance.

    “In this (off) configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate,” explained Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel Corporation.

    The exploit was initially discovered separately by Jann Horn of Google Project Zero and Ken Johnson of the Microsoft Security Response Centre.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    Moneycontrol News
    first published: May 22, 2018 05:36 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347
    CloseParallel Income Plan 2026