Meltdown, Spectre: US lawmaker asks Intel, others for briefing on chip flaws

Joanna Estrada
January 17, 2018

Once the scan is complete the program pops up and displays clear information about the status of your system and in no uncertain terms whether it's vulnerable to Meltdown, Spectre or both of the CPU hardware bugs. Nonetheless, the Meltdown and Spectre patches for Windows and Linux systems with AMD systems turned out to be a huge fiasco.

Microsoft has distributed fixes for Meltdown and Spectre already, but a number of users reported the patches slowed down their machines. "Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay". And latest figures have shown that just four per cent of all enterprise devices were patched.

The download is called Intel-AMD-SecurityPatch-10-1-v1.exe - a filename that looks pretty legitimate, but when users install it onto their computer, they'll find it's actually laced with the Smoke Loader malware, causing the computer to connect to domains, sending encrypted information to them via additional payloads.

The scam initially targeted Windows 10 users in Germany and displayed a website that mimicked the design of a German government website.

Segura added: "Online criminals are notorious for taking advantage of publicised events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise", he said. "There is a chance that such requests are fake and meant to either scam you or infect your computer", he said.

Segura also warned that sites using SSL (HTTPS) are not necessarily trustworthy.

Separately, a Democratic US lawmaker asked Intel and two other microchip makers on Tuesday to provide a briefing on the recently detected Spectre and Meltdown security flaws that could allow hackers to steal information from most computers and devices.

We recently reported that almost all computers could be affected although no data breaches have so far been reported.

The Meltdown security risk affects laptops, desktop computers and internet servers with Intel chips.

The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

Other reports by Click Lancashire

Discuss This Article