The following table from Terry’s blog provides the decoder ring for each of these variants:Įxploited Vulnerability CVE Exploit Name Public Vulnerability Name Spectre 2017-5753 Variant 1 Bounds Check Bypass Spectre 2017-5715 Variant 2 Branch Target Injection Meltdown 2017-5754 Variant 3 Rogue Data Cache Load The security researchers that discovered these vulnerabilities identified three variants that could enable speculative execution side-channel attacks. If you haven’t had a chance to read Terry’s post you should take a moment to read it before reading this one. This post is intended as a follow-up to Terry Myerson’s recent Windows System post with a focus on the assessment for MSVC. On the MSVC team, we’ve reviewed information in detail and conducted extensive tests, which showed the performance impact of the new /Qspectre switch to be negligible. Microsoft is aware of a new publicly disclosed class of vulnerabilities, called “speculative execution side-channel attacks,” that affect many operating systems and modern processors, including processors from Intel, AMD, and ARM.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |