Hello, welcome to the Tuesday, May 22nd, 2018 edition of the Zanzanet Storms and its Stormcast. My name is Johannes Ulrich,

and I'm recording from Reston, Virginia. Yesterday I talked about two different hardware-related flaws,

one of the older specter flaws and how it can be used to exploit system management mode. Also new exploits

over the network for Rohhammer. Well, we are not done yet with these hardware flaws.

Today on Monday we have a new news about new variants of the Specter flaw. These are these Specter and G flaws

that sort of have been rumored now for a couple of weeks. We didn't have any details about

them, but today Intel, Microsoft and Redhead have released advisories regarding these flaws.

There are two distinct flaws that have been released as part of Spectre NG.

One is a variant of the Spector variant 3, which we already have seen,

and then there's also a new variant Spectre variant 4. Intel now has released some bios updates and microcode

updates to OEMs in beta forms, so they're probably not yet out by the time you listen to this.

However, Microsoft and Redhead also released patches of their own to protect yourself from these vulnerabilities.

One of the more dangerous exploits, of course, against Specter was always the use of

JavaScript and the browser in order to take advantage of these vulnerabilities. According to

Intel, the browser protection mechanisms that have been put in place for Spector

1 should also be effective for these newer versions of Spector.

So now, what should you do as an end user?

Well, what do you usually do?

Apply patches.

I wouldn't really rate these patches as super critical, so give them some time to actually

make sure that they're not causing any issues.

Remember, we had issues with some of these specter patches in the past, so don't rush it,

...