On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as
Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information located on affected systems.
Variant 3a (Rogue System Register Read – CVE-2018-3640) is a vulnerability that might allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Variant 4 (Speculative Store Bypass – CVE-2018-3639) is a vulnerability that exploits "speculative bypass". When exploited, Variant 4 could allow an attacker to read older memory values in a CPU stack or other memory locations. Although implementation is complex, this side-channel vulnerability could allow less privileged code to:
- Read arbitrary privileged data.
- Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
We're monitoring the situation and will post updates as they become available.
For malware best practices, s
ee KB89805 - How to respond to a ransomware infection.
Subscribe to this article for updates.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
