Video: AMD and Microsoft join forces to block Spectre attacks.
Intel says it's "finalizing mitigations", following a report by German tech site heise.de[1] claiming its CPUs are affected by eight new "Spectre-class" vulnerabilities, including one found by Google's Project Zero[2], which identified the first set of CPU flaws known as Meltdown and Spectre[3].
The site reports[4] that the bugs have been assigned CVE identifiers and that at least one of them will be revealed by Project Zero on May 7, a day ahead of Patch Tuesday, which Microsoft recently begun using to distribute Intel's hardware patches or microcode updates.
The site says it has concrete evidence that Intel processors are vulnerable to the new flaws and that the chipmaker has patches in the works. AMD CPUs may also be vulnerable and further research on that issue is under way.
See: Special report: Cybersecurity in an IoT and mobile world (free PDF)[5]
Intel has issued a cryptic statement[6] citing additional "security issues" but confirms it is preparing mitigations without clarifying what they're for.
"Protecting our customers' data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers," wrote Leslie Culbertson, Intel executive vice president.
"We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date."
According to Heise,