Spectre NG – 8 New Serious Spectre Level Security Vulnerabilities Found in Intel Processors

Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches.

Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors.

Spectre and Meltdown flaw allow an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

Recent discovered “Spectre Next Generation or Spectre-NG”  vulnerabilities have their own names and this flaw have been affected some of the ARM CPUs as well.

Group of security researchers has been reported all these vulnerabilities to Intel and Intel is already working on its own patches for Spectre-NG.

Also, Intel Planned to work with other operating system manufacturers and planning to release the patch in two waves. first one will be May 2018 and the second one will be August 2018.

Google Zero-day elite hackers have been reported one of the 8 vulnerabilities and they have 90-day deadline policy to fix the vulnerability so it was unclear about going public when the deadline ends.

According to Intel, 4 Vulnerabilities are classified as the severity of “high risk” and other 4 vulnerabilities are “Medium risk” in this Out of 8 Spectre-NG Vulnerabilities.

These high-risk vulnerabilities attack scenario similar to the Spectre vulnerability and one of the 8 vulnerability has estimated the potential risk is higher than old Spectre vulnerability.

According to Researchers, Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Also, Spectre-NG vulnerability exploitation is quite easier for the attackers across system boundaries.

Researchers warned that this Spectre-NG flaw danger for private individuals and corporate PCs and they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

A Spectre-NG vulnerability has been clearly double and triple check the consequences of the flaw and researchers denied to publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public.

In this case, Microsoft already started working for patches and PC manufacturers are taking too long to provide BIOS updates. Microsoft already announced up to $250,000 in a bug bounty program for Spectre flaws .

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

5 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago