An uncovered Intel Core i5-3210M (BGA) inside of a laptop.

Enlarge / An uncovered Intel Core i5-3210M (BGA) inside of a laptop. (credit: Köf3)

Microsoft last month pushed a silent update that mitigated a serious vulnerability in all CPUs Intel has introduced since 2012, researchers who discovered the flaw said Tuesday.

The vulnerability—discovered and privately reported to Intel 12 months ago—resided in every CPU Intel has introduced since at least its Ivy Bridge line of processors and possibly earlier, a researcher from security firm Bitdefender told Ars. By abusing a performance capability known as speculative execution, attackers could open a side channel that leaks encryption keys, passwords, private conversations, and other secrets that are normally off limits.

The attack demonstrated in a research paper published by Bitdefender is similar to those disclosed in January 2018 under the names Spectre and Meltdown. Patches Microsoft released around the same time largely blunted those attacks.

Read 15 remaining paragraphs | Comments