Microsoft has implemented Intel's advice to reverse the firmware fixes for the Specter 2 variant.
Redmond has released an exceptional weekend on the council cycle on Saturday, in order to make development possible.The first Intel patch was so bad that it made many computers less stable, which caused Linus Torvalds a justified crisis last week.
Chipzilla then removed the patch, but it made its way into a Microsoft solution, which the company released Saturday.
"Our own experience is that system instability can cause data loss or corruption under certain circumstances," writes Microsoft, adding, "We understand that Intel continues to study the possible impact of the current microcode version. and encourages clients to its ongoing advice, the basis for informing its decisions. "
This only applies to the Spectrum patch, Microsoft pointed out: "The application of this payload only specifically disables the mitigation against CVE-2017-5715 - 'Branch Target Injection Vulnerability'".
He noted that, as far as we know, no one has yet armed Specter 2.
LinuxConf panel: however, "sh! T-show"
Spectrum and Meltdown's treatment was severely criticized last week at LinuxConfAU in Sydney, with Jonathan Corbet, a member of the Linux Foundation's technical advisory board, complaining of maintaining the secrecy between the first private reports of errors and their eventual disclosure. . The register broke on January 2).
Instead of the disclosure processes used for most vulnerabilities, Corbet said, "This disclosure process was handled very differently," and no one explained why.
Corbet later added, "I would like the industry to finish at least this part, so we can update the whole story and find out how to improve next time.
The developer Jess Frazelle said the disclosure could be improved by "not having the shit of an embargo", while Katie McLaughlin added that only the big cloud providers were aware: "It seems like a club exclusive or I do not know, and the lines of who should be informed is not very clear. "
A video of the conference board is below, for your viewing pleasure.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.