Microsoft has issued a security update for Windows 10 to protect PCs against the processor bug which impacts chipsets from Intel, AMD, and ARM. The Register first reported on the vulnerability of Intel x86-64 processors, which have been manufactured for the last decade. Later Google’s Project Zero team put out another detailed blogpost explaining the particular vulnerability impacts nearly all modern processors, including those from AMD, ARM, and Intel.
Computers running on Linux and Windows operating systems are all at risk. Google says phones running on latest Android (which is not all devices) are protected against the vulnerability. According to The Verge, Microsoft’s update will “be automatically applied to Windows 10 machines.”
The company is also making the security patch available for systems on older versions of Windows 7, 8, though this will only roll out by next Tuesday along with the new Windows update. The automatic update is limited to Windows 10 computers only.
As the report points, Microsoft’s software update will not be enough. Intel or AMD, whichever is the chip vendor will have to issue firmware level updates as well. According to the original report from The Register, the fix for the security vulnerability could make the PCs slower. However, Intel has denied that it will have a significant impact on the performance of computers for the average user.
The Verge says performance of Intel processors based on Skylake or newer architecture should not see a significant fall, but older processors might get slower. The report is quoting sources for this. Intel has also gone on record to say that the issue was caused due to a ‘bug’ or ‘flaw’ in the design is wrong. The company’s CEO Brian Krzanich also went on record to say he was confident the exploit had not been used to hack into computer systems.
Interestingly, Google’s Project Zero team had discovered the vulnerability a year back and was supposed to reveal details about this on January 9, 2018. The team had also alerted Intel about the same. But after The Register broke the story , Google, Intel and others were forced to address the issue ahead of the original planned dates. Google in their blogpost says that vulnerability can be exploited via three methods of attack and each will require their own dedicated solution.