The New SpectreNG Flaw in Intel, ARM, AMD and Power CPUs

Delaware, USA – May 22, 2018 – Microsoft and Google experts discovered new variants of the Spectre attack on Intel, ARM and AMD and Power CPUs. The fourth variant of the attack was dubbed SpectreNG (CVE-2018-3639), and it can be performed remotely with the script files running within an application. The attack allows adversaries to retrieve essential data from other parts of this application. For example, execution of JavaScript code on one of the browser tabs can provide attackers with sensitive information from other tabs. Red Hat published a video explaining how this attack works:
According to Microsoft, so far there were no exploitation attempts. Intel representative said that the previously released updates for Meltdown and Spectre flaws significantly complicate the possibility of exploiting the CVE-2018-3639 vulnerability, and shortly the company will release updates to fix the SpectreNG flaw. It should be noted that the protection against this vulnerability will be disabled by default in microcode updates because it causes a performance impact of approximately 2-8 percent.
Also last week, experts from Eclypsium described another version of the attack exploiting the Spectre vulnerability. The attack allows adversaries to receive data from secure CPU area, but previously released updates can secure against it.
The possibility of conducting such attacks attracts both researchers and adversaries. Every month, researchers discover new variant of the attack, and you need to install microcode and software updates to protect from them. You can use your SIEM and Spectre & Meltdown Tracker use case to tag vulnerable assets and to track remediation progress.