We are investigating allegations that computers with Intel processors are being slowed down by up to 30% by a recent patch to the Windows, macOS, and Linux operating systems. If you have a personal computer, work computer, or server that uses an Intel processor, you may be affected.
Use a computer with an Intel processor?
You may have recourse for exposed data and decreased computer performance. Talk to a lawyer today, free.
Security Researchers Discover Major Security Vulnerability in Intel Chips
Three independent groups of information security researchers discovered a computer vulnerability in Intel computer processing units (“CPUs” or “processors”) that allows an unauthorized system process, such as one run by a hacker, to gain access to the computer’s core memory. Naming this vulnerability “Meltdown,” the researchers privately contacted Microsoft, Apple, and Linux developers to help them implement a patch to fix the problem.
Linux developers released a patch, codenamed “Kaiser,” on November 10, 2017. Apple released a patch on December 6, 2017. Microsoft was still beta testing its patch, when on January 3, 2018, the news leaked publicly that Intel chips were subject to the Meltdown vulnerability. Microsoft was forced to immediately release an emergency patch because public announcements about a vulnerability often allow hackers to start exploiting it. The Equifax hack, for example, was facilitated by the public announcement of a vulnerability, coupled with Equifax’s failure to patch it.
Patches to Fix the Intel Vulnerability Slow Down Computers By Up To 30%
Researchers have tested the patch required to protect Intel chips from the Meltdown vulnerability and found that “the software patch needed to fix the issue could slow down computers by as much as 30 percent,” reports NY Times.
The researchers who discovered the Meltdown vulnerability say that it affects all Intel processors that were manufactured “since 1995 (except Intel Itanium and Intel Atom before 2013).”
In contrast, computer processors manufactured by Advanced Micro Devices (AMD) are unaffected, according to software engineer Tom Lendacky, because the AMD chip architecture does not have the same flaw as the Intel architecture: “The AMD microarchitecture does not allow memory references … [to] access higher privileged data when running in a lesser privileged mode,” which is the flaw exploited by the Meltdown vulnerability.
Some Windows Users May Be Unable to Install The Patch to Protect Against Meltdown
Microsoft has issued a statement saying that users will be unable to install its January 3 patch if their anti-virus software is not compatible with the latest Windows update. As ZDNet reports, “Microsoft has warned users that its patches for the dangerous Meltdown CPU bug won’t reach them if their third-party antivirus hasn’t been updated to support this week’s Windows security update.”
As of January 4, 2018, the following anti-virus programs won’t support the latest Windows update, according to a list compiled by Kevin Beaumont, a Cybersecurity Vulnerability Manager:
Other anti-virus programs, such as Avast, F-Secure, Symantec, and Kaspersky, are compatible with the patch, so their users will be able to receive the latest Windows upgrade. Makers of the non-compatible anti-virus programs are planning to release software updates in the future to make their products compatible with the patch.
Businesses May Experience Significant Slowdowns
Businesses may be significantly impacted by slowdowns on their Intel computers once they apply the Meltdown patch. The Meltdown vulnerability affects not only the desktops and laptops used by workers, but also the servers that businesses use to run their databases, shared drives, and websites.
Microsoft’s January 3 patch was released not only for its PC operating systems (Windows 10, Windows 8, and Windows 7 SP1), but also for its server operating systems (Windows Server 1709, Windows Server 2016, Windows Sever 2012 R2, and Windows Server 2008 R2). Databases running on Microsoft SQL Servers can be protected by implementing the patch.
Phoronix, a company with a suite of automated benchmarking tool, tested the patch and found significant slowdown on the FS-Mark benchmark, which is often used to simulate email servers. Email servers could face significant slowdowns when patched.
The Meltdown vulnerability and patch is also expected to impact major cloud services, such as Amazon Web Services (AWS) and Google Cloud Platform.
How Does The Meltdown Vulnerability Attack Computers With Intel Inside?
The Meltdown CPU vulnerability “breaks the most fundamental isolation between user applications and the operating system,” says nixCraft, a site run by Unix administrators. “This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”
TechCrunch explains that unlike more typical vulnerabilities, which exploit a flaw in computer code, Meltdown preys upon a flaw in the Intel CPU architecture: This is not “a software bug you might find in an application like Word or Chrome,” TechCrunch explains, but rather is “at the level of the processors’ ‘architectures,’ the way all the millions of transistors and logic units work together to carry out instructions. In modern [Intel] architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications.” Meltdown exploits the system architecture to gain access to the kernel or system memory, where it can see sensitive information, such as passwords.
TechCrunch explains that “Meltdown can be fixed essentially by building a stronger wall around the kernel; the technical term is ‘kernel page table isolation.’ This solves the issue, but there’s a cost. Modern [Intel] CPU architectures assume certain things about the way the kernel works and is accessed, and changing those things means that they won’t be able to operate at full capacity.”
Meltdown affects not only individual computers, but also virtual machines and cloud platforms, which businesses may use on their networks to share information. TechCrunch states, “Meltdown in particular could conceivably be applied to and across cloud platforms, where huge numbers of networked computers routinely share and transfer data among thousands or millions of users and instances.”
Wall Street Analyst: Meltdown Will Be The Costliest Flaw in Intel System-Architecture To Date
Intel has twice before made costly mistakes in the design of its CPUs and chipsets. The “FDIV” bug was a flaw in Intel Pentium processors’ floating point unit (FPU) that would cause the processor to return incorrect binary results. The flaw was discovered by Professor Thomas R. Nicely in 1994.
A second flaw occurred in Intel’s “Cougar Point” chipset. Geek.com reports that the “new Intel 6 Series chipset, Cougar Point, has a flaw with the SATA controller, which leads to ports degrading over time and giving substantially worse input/output performance down the road.”
These mistakes were costly, but not as costly as the Meltdown vulnerability, according to one Wall Street analyst who predicted: “the company’s liability will likely be larger than the $475 million charge for the Pentium FDIV bug in 1994 and the $700 million charge for the Cougar Point chipset problem in 2011.”
Our attorneys have previously prosecuted a class action against Intel, alleging that their Pentium 4 chip-architecture resulted in worse performance for users than for the Pentium III.
After ten years of hard-fought litigation, we achieved a class action settlement, with the judge stating:
“It is abundantly clear that Class Counsel invested an incredible amount of time and costs in a case which lasted approximately 10 years with no guarantee that they would prevail.”
The settlement offered cash payments to the approximately 5 million class members and required Intel to pay an additional $4 million to charity.
Share this on: