ds_tomshrdwr :
How can you write this article without mentioning Meltdown & Spectre?!?
Here you go..5/21/18..https://www.amd.com/en/corporate/security-updates
Spectre Variant 4 Disclosed, Mitigations to Result in Another Performance Hit
Another variant of Spectre was disclosed this week by Microsoft, Google, AMD, ARM, Intel, and Red Hat. Variant 4, labeled "Speculative Store Bypass," allows hackers to read older system values in a CPU stack or other memory locations. Intel’s microcode fixes will result in a performance hit of 2-8%, and the company’s hardware-based safeguard, "virtual fences," will not protect against Variant 4 at all.
Patrick Moorhead, principal analyst at Moor Insights and Strategy, said that Variant 4 would be much harder to "fix" architecturally than V1, V2, or V3a. "You either have to turn memory disambiguation on or off, which will be a BIOS setting," he told Threatpost in an email. "It’s important to note that browsers have already included mitigations and that from a severity standpoint, has been flagged as ‘medium’ severity, compared to V1, V2, and V3, which were flagged as ‘high.'"
4/10/18 (Updated 5/8/18 to reflect Microsoft release of Windows Server 2016)
Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.
As a reminder, GPZ Variant 1 (Spectre) mitigation is provided through operating system updates that were made available previously by AMD ecosystem partners. GPZ