Intel's Spectre 'Variant 4' Performance Tested: Speculative Store Bypass


Community Manager
Thread author
Staff Member
Aug 30, 2012
Today we’re taking a look at the impact addressing the Spectre 'Variant 4' CPU flaw has on Intel's 8th-gen Core CPUs (Coffee Lake). Back when the Meltdown and Spectre vulnerabilities were made public in early 2018 we knew this was going to be an ongoing process.

The initial patches didn’t take care of everything. They addressed Variant 1 better known as Meltdown and then two Spectre flaws known as Variant 2 and 3. Recently though Intel and Microsoft rolled out updates to address Variant 4, a related “speculative execution” attack dubbed “Speculative Store Bypass.”

Speculative Store Bypass affects not just Intel but also AMD and ARM. That said, AMD and ARM processors can be fixed via a simple software update, so if you keep your operating system and web browser up to date you’ll be protected against Variant 4 automatically.

If you’ve got an Intel processor, fully mitigating the issue requires not just software but also firmware updates, in other words a BIOS update. Intel started shipping microcode patches for Variant 4 to its hardware partners in beta form a few months ago and only now we’re starting to see manufacturers pushing them out. In fact, to my knowledge Asus is the only board maker to do so thus far.

However while the latest round of BIOS updates from Asus does include the updated microcode for Variant 4, it’s not enabled in Windows by default. Right now it has to be manually enabled by adding a few registry keys. It’s likely at some point this will be done automatically.

I suspect Microsoft is worried about a repeat of the disaster they encountered when addressing the first wave of vulnerabilities, so this time they’ve taken a more cautious approach.

Full Review
Intel's Spectre 'Variant 4' Performance Tested: Speculative Store Bypass

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.