social network

Critical vulnerability in Intel processors forced Windows and Linux developers to change the core of systems

Security updates can slow down computers.

The Intel chips found a vulnerability that allows attackers to gain access to passwords, files and data stored in the kernel’s memory. The manufacturer can not fix the bug itself: it can be closed only by developers, having reworked the kernel architecture at the system level.

The bug affects all Intel processors released in the last 10 years. It allows all normal programs to access content in a protected part of the kernel’s memory. Among such data can be passwords, cached files from the disk, access keys programs and not only. The danger of a bug is that, due to a vulnerability, attackers can intercept this information even through JavaScript code that is launched in the browser.

The remaining details of the vulnerability are hidden for security reasons, but AMD engineer suggested that the problem is the working principle of Intel processors: they try to predict the code that will be executed further, and for the sake of speed do this without the necessary security checks. This makes it possible to run malicious code at the kernel level.

The essence of the fixes is to completely separate kernel memory from user processes. However, because of this, many applications can start to work more slowly, because some tasks are processed the fastest through the kernel.

For the past two months, programmers have been working on updating the OS, which closes the security hole in Linux and Windows. Judging by the test builds of Windows Insider, Microsoft can release a patch for its system on January 9th. Upgrading the Linux kernel already released , but developers could distributions until they have time to add it to their systems.

The Register noted that updates can reduce the performance of Linux-based computers by 5-30%, depending on processor models and tasks: more recent chips are less likely to reduce power. Researcher Andres Freund conducted his own experiment, which showed that, at best, productivity falls by 17%, and at worst – by 30%.

Patches will be required for users of other systems, including macOS: apparently, Intel can not solve the problem only with the help of firmware updates of the chip.

Detailed information about the vulnerability remains a secret: Linux developers specially edited comments on updates, and Windows in principle does not disclose the details of the work on patches. This is done so that attackers can not reproduce the bug, since users have not yet received patches.

AMD processor manufacturer said that its chips are not vulnerable to vulnerability, as their architecture does not provide for such manipulations. The company’s shares rose against the backdrop of problems with the competitor’s processors.

Intel did not publicly comment on the situation. However, it is known that the general director of the company Bryan Krzhanich in the middle of December sold 889 thousand shares of Intel, leaving only 250 thousand shares. He bailed out 54 million dollars.

Back to top button