Intel Patching New Variants of Meltdown, Spectre Vulnerabilities

Today’s topics include Intel patching two new Meltdown and Spectre vulnerabilities, and Google announcing general availability of Kubernetes Engine 1.10.

Two new variants of the Spectre and Meltdown side-channel vulnerabilities were publicly disclosed on May 21, impacting CPUs from multiple vendors including Intel and ARM.

The two vulnerabilities, identified as Rogue System Register Read and Speculative Store Bypass, “have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors' processors and operating systems," according to Intel.

Google Project Zero researcher Jan Horn said the Rogue System Register Read vulnerability is a variant of one of the previously disclosed Spectre vulnerabilities publicly reported Jan. 3, while the Speculative Store Bypass issue is something different, working “through the exploitation of store buffers that can allow older values of memory to be visible to an attacker."

Leslie Culberston, Intel’s executive vice president and general manager of Product Assurance and Security, said Intel has not seen any reports of the new attack methods being used in real-world exploits.

Google on May 21 announced that version 1.10 of its Kubernetes Engine platform for deploying production-ready containerized applications is now generally available, and that it will soon introduce several related high-availability, management and automation features to help organizations better manage enterprise workloads on Kubernetes Engine environments.

"We’ve been thinking about challenges such as security, networking, logging and monitoring that are critical to enterprises for a long time," said Yoshi Tamura, Google Kubernetes Engine product manager.

The features that will become available with Kubernetes Engine 1.10 include a shared virtual private cloud capability, new classes of persistent disks for high availability, and new automated scaling and repairs functions.