Another Significant Security Gap Discovered in Intel Processors

First Spectre and Meltdown, Now Foreshadow

Intel has been notified by various researchers that yet another security gap has been found in their processors.  The vulnerability affects its chip security technology called Software Guard Extensions (SGX).  This technology has been used in Intel processors since  2015.  Therefore, if you have an older PC — there is no need to be concerned about this vulnerability, as it does not impact you.  However, the processors that were affected include:

  • Intel Core i3/i5/i7/M processor (45nm and 32nm)
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 and X299 platforms
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Xeon Processor E3, E5, and E7 –  v1/v2/v3/v4/v5/v6 Families of each
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor D (1500, 2100)

In addition to impacting the SGX, Foreshadow exploits Intel’s speculative execution component.  This feature uses behavioral analysis to determine which application or program the user is going to need next.  It then automatically opens it, to increased productivity.  If the program is not needed by the user, it will close automatically.  The problem with exploiting this function is the cached information that may be held within these applications, including usernames, passwords, personally identifiable data, etc.  Any cached information can be stolen by hackers through this exploit.

Now What?

According to Kim Komando, Intel is releasing an update today, August 21st, which is supposed to patch the vulnerability.  Microsoft has also released an update to address the security vulnerability.

All of this is great — but it’s going to be up to the user to deploy the updates.  Therefore, as a user — UPDATE, UPDATE, UPDATE!!

4,000 total views, 1 views today

(Visited 2,279 times, 1 visits today)

3 thoughts on “Another Significant Security Gap Discovered in Intel Processors

  1. For a dummy like me, this article is fine EXCEPT, how, where to get update to download if needed?
    How does one determine if their processor is part of the issue?
    Old Army acronym : KISS. Keep It Simple Stupid.

    • @lawrence wilson: I agree with Lawrence, the article puts the fear of God into you but offers no details about how to determine if you processor is one of the vulnerable and how does Intel propose to circulate the update?

  2. I haven’t gotten an automatic update since 8/14 and today is 8/25. I’ve checked for updates. Nothing! I got ‘bricked’ with the last Intel problem and am now concerned about another.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.