The Spectre-like flaws, referred to as Variant 4 in a blog post by Intel’s Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, were first reported in early May by the German computer magazine C’T, which had been told of the flaws by then-unnamed researchers (some of whom worked for Microsoft (opens in new tab) and Google) and called the flaws Spectre NG, or Next Generation. (, and here’s a list of affected Intel processors.) The Meltdown-like flaw is called Variant 3a and is less serious overall. It will be patched through upcoming CPU firmware updates, not via operating-system patches. AMD released its own statement that Variant 4 fixes were being rolled out by Microsoft and Linux distributors. ARM said four of its later Cortex A-series processors were affected by Variant 4, and listed technical mitigations. IBM detailed how the Variant 4 flaws affected its POWER chips. MORE: Meltdown and Spectre: How to Protect Your PC, Mac and Phone
What Can You Do
Culbertson said that “browser-based mitigations [for Variant 4 … have already been deployed and are available for use today,” so keep your browser up to date. Chrome should update automatically, provided you occasionally restart your machine. To check if Chrome has a pending update, navigate to chrome://settings/help, where you’ll see its version status. Firefox should also update itself, but you can confirm its status for yourself. Just click the menu button, click Help and select About Firefox. If updates are available, Firefox will download them automatically. Microsoft’s Edge and Internet Explorer browsers update themselves via Windows Update, which you’ll want to check for system-wide updates. Apple’s Safari browser also piggybacks on system updates, although there was no word yet from Intel or Apple about whether Macs had been or would be patched against the new Spectre flaws. Culbertson said Intel had “already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors,” and that this patch should be “released into production BIOS and software updates over the coming weeks.” Expect to see system notifications from the proprietary updates software on your system, such as Dell SupportAssist or HP Support Assistant. Those will arrive soon and should be downloaded to protect your PC.
More About Variant 4
Culbertson writes that Intel has “not seen any reports of this method being used in real-world exploits,” but that shouldn’t sway users from delaying updates. Like the other Spectre and Meltdown flaws already disclosed, the Variant 4 and Variant 3a vulnerabilities are rooted in speculative execution, a method of speeding up a CPU’s processes that has become commonplace in the past two decades. Fixing or mitigating any Spectre or Meltdown flaws slows down CPU processes, and Culbertson says Intel chips that had implemented the patches for Spectre Variant 4 “observed a performance impact of approximately 2 to 8 percent” based on overall scores for benchmark testing.
Windows 10 Security and Networking
Previous TipNext Tip
Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar