Welcome Stranger to OCC!Login | Register

Intel Informed Several Companies, Including Chinese Companies, Before US Government of Meltdown and Spectre Vulnerabilities

Category: General News
Posted: 12:02PM
Author:

As we approach February, I am not surprised to see Meltdown and Spectre continue to be in the news, but I will admit this is not a story I expected to see. According to the Wall Street Journal, Intel informed a number of companies prior to the early public announcement of the vulnerabilities, but failed to notify the US government. Making the story more interesting is that Chinese companies were among those Intel shared the vulnerabilities with, which calls into question if the Chinese government, monitoring such communications, was also aware of the issues before any patches were available.

If you do not remember, both Meltdown and Spectre are vulnerabilities identified by Google's Project Zero in June 2017 that exploit speculative execution. While Spectre can affect all CPUs to differing degrees, Meltdown is only viable on unpatched Intel systems and can be used to expose the memory of all virtual machines on a server. Clearly this is a significant security threat, and as usually happens, Intel notified some partners about it so the companies could coordinate and develop patches to protect against it. Companies like Amazon and Microsoft were notified, as well as Chinese companies Lenovo and Alibaba, but the Department of Homeland Security and NSA were not. These US government organizations only learned about the vulnerabilities the day the Register broke the story, which was a week earlier than the planned public announcement. Due to this lack of awareness, the DHS Computer Emergency Response Team (CERT) was initially advising replacement of the CPU was necessary, but is now stating users should patch their systems to protect themselves.

Thus far, there is no evidence the information Intel was sharing was misused, but this still seems to have been an odd decision of Intel's on who to notify and when.

Source: Wall Street Journal



Register as a member to subscribe comments.

This news has comment postings disabled because it is now archived.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1539180279   (xlweb1)