Intel Delays Patches for Spectre-NG Vulnerabilities

Intel’s Spectre Nightmare is Far From Over

Bad news for Intel as security researchers have discovered eight new “Spectre-class” vulnerabilities in their processors. These are the next-generation independent from the original Spectre vulnerabilities. This is goes by appropriately as ‘Spectre-NG’, and it could also affect a small number of ARM processors. Further research is also underway to determine if closely related AMD processor architecture is susceptible.

How serious is it? According to German computer magazine Heise.de, Intel has classified four of them as “medium”, but four are under the “high risk” category. These new CPU flaws originate from the same design issue as the original. However, one of these vulnerabilities allows attackers with access to a virtual machine to target the host system. Therefore making it much more threatening than any previous Spectre variants.

Is There a Fix Coming for Spectre-NG?

Also according to Heise.de, the patches are originally supposed to come out on May 7. However, Intel is delaying it for 14 days, or possibly longer. The coordinated release is now on schedule for May 21, 2018. These patches are for Intel Core processors and their Xeon derivatives, staring with Nehalem (2010) until the latest 8th generation CPUs. Even Atom-based Pentium, Celeron processors from 2013 onward are of concern.

The patches coming soon will not be able to address all eight vulnerabilities. Customers would have to wait until Q3 (August 14 specifically) for the rest. To fully secure the architecture, Intel plans to fix rollout to be a combination of hardware microcode updates, as well as software improvements on OS-level.