More bad news for Intel

Yet another security vulnerability has been identified in the processors the company makes.  This one is so newly discovered that the full technical details have yet to be released.  Here's what we know so far, from a recent Intel announcement:

"System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch...Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value."

In simpler terms, what this means is that a hacker could use this exploit to gain partial cryptographic keys used by other programs running on the target computer.

Different than the recent Spectre and Meltdown

While related to the recent Spectre and Meltdown security flaws, this one is different in two ways.  First, it's not quite as severe as the formerly discovered flaws in scope or scale.  To make use of this, one would require an incredibly exotic attack that would simply be beyond the capabilities of most hackers.

Also, it should be noted that where Spectre and Meltdown impacted dozens of chipsets dating back more than a decade, the "Lazy FP State Restore" flaw only impacts chips beginning at Sandy Bridge.

The other key difference is that the flaw, in this case, does not reside in the hardware.  That's good news for businesses of all shapes and sizes because it means that when Intel and their hardware vendors have a patch ready, it will be quick and relatively painless to install it.

Our perspective

Unfortunately, since the initial discovery of Spectre and Meltdown, a number of variants of those flaws have emerged, and now this new one.  It's unlikely that this will be the last we've seen of these types of issues, so if you're using Intel equipment, brace yourself.  There's likely more to come.


Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller, fast-growth companies in Greater Los Angeles. And have created cost-effective IT solutions, including managed IT support systems, for small business for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs to business and professional associations.

Check out this blog post

"Cyber Security Check List That Will Underscore Your Potential Business Risks"