The following is the body of an email from Intel®, regarding findings of their security research--related to widely-publicized exploits that have created issues with computer chipsets, operating systems and other technologies. The content is reproduced in entirety with attribution, and contains helpful resources for further information about the vulnerabilities, and regarding proactive measures that can be taken to protect business systems.
Intel® and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” and are unique to Intel® products are incorrect. Based on the analysis to date, many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD*, ARM Holdings* and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. The performance impact of these updates is highly workload-dependent and will vary depending on the microprocessor, platform type (client or server), configuration, and mitigation technique. Intel believes that for the average computer user, the performance impact should not be significant, although some workloads may see a noticeable performance impact.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue a week later when more software and firmware updates would be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
You can find helpful resources from Intel and other industry partners here:
- Intel Analysis of Speculative Execution Side Channels (white paper) >
Content above Copyright © 2018 Intel Corporation. [Intel Corporation, 2200 Mission College Blvd., M/S RNB4-145, Santa Clara, CA 95054 USA. www.intel.com]
Please contact a Derive Healthcare Security Specialist by calling (212) 363-1111 [New York], (201) 299-9132 [New Jersey] or TOLL-FREE at (844) 363-1110, or by completing the form on this page (please include "Intel Research Findings" in the form's comments).