New SplitSpectre-Attack; Windows Retpoline Spectre Mitigation

Just a brief note: Researchers discover an new Spectre-like CPU attack, called SplitSpectre. And Microsoft has published an article about Windows Retpoline Spectre Mitigation.


Advertising


SplitSpectre CPU attack

Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code.

Catalin Cimpanu has more details within this ZDNet.com article (thx @phantomofmobile for the hint).

Mitigating Spectre variant 2 with Retpoline on Windows

In January 2018, Microsoft released an advisory and security updates. This was related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). That vulnerabilities affect AMD, ARM, and Intel CPUs to varying degrees.

Patches to mitigate these vulnerabilities has been a negative performance influence on the machines. With the retpoline technology developed by Google, it’s possible to mitigate spectre like vulnerabilities without reducing performance on a machine. Microsoft has begun to use retpoline in newer Windows builds. The article Mitigating Spectre variant 2 with Retpoline on Windows sheds more life into that topic.


Advertising


Advertising


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *