Intel’s chip problem is bad – but there’s more to the Meltdown and Spectre flaws than just that

Microsoft has released a compulsory maintenance update, dubbed the ‘Kaiser patch’, for Windows 10, designed to protect your computer from a major security flaw present in all modern Intel processors – in fact, virtually all microprocessors are thought to be affected. Worse still, there’s a chance the patch could cause your system’s performance to suffer. Here’s everything we know so far about the Meltdown and Spectre vulnerabilities. 

Intel has, perhaps unsurprisingly, dismissed complaints of compromised performance as exaggerated, saying in a prepared statement that any dip in processing power caused by the patch is purely “workload-dependent and, for the average user, should not be significant.”

It adds that the issue is not unique to its hardware, but rather that “…many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

So exactly what is the flaw and who’s right?

Well, there are actually two separate flaws – and Intel is correct in saying that it’s not the only chip manufacturer affected. It certainly seems to be the worst hit, but the single biggest myth about the so-called ‘Intel chip problem’ is that it’s all Intel’s fault.

Allow us to explain.

The Intel-specific vulnerability has been dubbed Meltdown, and if unaddressed, could provide malicious applications with a direct passage into your machine’s kernel memory data. This is the protected part of your computer used to store sensitive material, like login credentials – usernames and passwords – and credit card information, in an unencrypted format.

It’s thought to be relatively easy to implement Meltdown, as this proof-of-concept attack shows.

Related: CES 2018

Using #Meltdown to steal passwords in real time #intelbug #kaiser #kpti /cc @mlqxyz @lavados @StefanMangard @yuvalyarom https://t.co/gX4CxfL1Ax pic.twitter.com/JbEvQSQraP

— Michael Schwarz (@misc0110) January 4, 2018

The underlying vulnerability, however, is understood to affect nearly all microprocessors. It’s known as Spectre and, while harder to exploit, is arguably scarier as it’s rooted in fundamental processor design flaws that affect not only Intel but ARM, AMD and other chip makers.

According to some cybersecurity experts, fixing Spectre will require a complete overhaul of the way chips are made and could take years.

6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.

— Nicole Perlroth (@nicoleperlroth) January 3, 2018

Related: Best Intel processor

The aforementioned Windows update is currently available for computers running Windows 10, but won’t reach units powered by an older build of the operating system – Windows 7 and Windows 8, for example – until January 9. Compromised performance or not, we’d recommend installing all recommended updates, as Meltdown and Spectre sound like they mean business. In fact, ready-made JavaScript attacks are already out the wild.

Spectre has a ready made JavaScript implementation. 2018 is going to be awesome(ly horrifying) pic.twitter.com/VkIPrm8ko8

— Jake Williams (@MalwareJake) January 4, 2018

There’s no word on when the patch will arrive for processors manufactured by AMD and ARM, though the hope is that Microsoft will have a makeshift upgrade ready for distribution by the end of next week. Google, for its part, is also working on securing Chrome.

Have you installed the maintenance update on your Windows 10-powered computer? Have you noticed a drop in performance? Be sure to let us know over on Facebook or Twitter @TrustedReviews.