The Curious Case of the Intel Microcode

This post was originally published on this site

This guest post by Bjørn Anders Jørgensen first appeared on LinkedIn.

Disclaimer: This is a report based on current development as of 7. January, the situation is changing by the hour so read this opinion piece with that in hindsight.








Unless you have been living under a rock for the last week you will know by now that there is a universal design flaw in most modern microprocessors, leaving them vulnerable to a serious information disclosure problem that requires updates to all operating systems and processors.

If you are not familiar with the issue, start here: Meltdown and Spectre

Jan Wildeboer also has a comprehensive timeline: How we got to #Spectre and #Meltdown A Timeline

The issue has been known by Intel at least since June, and has been under embargo while everyone has been hammering out code to mitigate the threat and be ready when the embargo was lifted.

So we have three vulnerabilities, one that requires microcode update:

CVE-2017-5715 (variant #2/Spectre) aka branch target injection

Microcode is a small piece of code that can be loaded by the processor at boot time, either from the BIOS or from the operating system. Intel has