The current hardware-level protections are meant to mitigate both the Meltdown (CVE-2017-5754) and Spectre variant 2 (CVE-2017-5715) vulnerabilities, but they will also be effective against any other type of malicious code that tries to tap into the speculative execution process.
Technology behemoth Microsoft is aiming to nip the next Meltdown or Spectre vulnerability in the bud with a lucrative new bug bounty program. This "partitioning" will add extra barriers between applications and user privilege levels, the chief exec explains. The first phase in dealing with Meltdown and Spectre was to patch vulnerabilities as best as possible through software updates, but now Intel has designed a permanent fix for its upcoming chips. However the chip manufacturers like Intel will be needing more time to fix the issue and protect their processors from being attacked in future.
Intel didn't release further technical details of its hardware redesign. The company having now found a method is working on releasing its 8th generation of Intel Core processors in second half of 2018 which will be coming with the partitioning method against the Spectre Variant 1 and 2. "This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues", said Phillip Misner, Principal Security Group Manager at Microsoft Security Response Center. Krzanich recommends continuous software updates to ensure all security protocols remain up to date. Meanwhile, the company will continue to address variant 1 through software mitigations. According tot he chip-maker, the new Variant 2/3 protected designs will roll out with the next-generation Xeon Scalable processors, aka Cascade Lake, for server users. "Our goal is to offer not only the best performance, but also the best secure performance".
Intel now says it has released microcode for all its products launched in the past five years that are vulnerable to the side-channel attacks.
Intel concludes its blog by stating that this is a "long-term commitment", and that its "work is not done" just yet. "This is our pledge and it's what you can count on from me, and from all of Intel", he said.