7349018
submission
Eukariote writes:
In an article outlining hidden strife in the processor world, Andreas Stiller has reported the scoop that Microsoft advised against the use of Intel Nehalem Xeon (Core i7/i5) processors under Windows Server 2008 R2, but was pressured by Intel to refrain from publishing this advisory. The issue concerns a bug causing spurious interrupts that locks up the Hypervisor of Server 2008. Though there is a hotfix, it is unattractive as it disables power savings and turbo boost states. See here for the original German-language article.
3818687
submission
Eukariote writes:
A paper and exploit code detailing a privilege escalation attack on Intel CPUs has just been published. The vulnerability, uncovered by security researchers Joanna Rutkowska (of Blue Pill fame), Rafal Wojtczuk, and, independently, Loic Duflot, makes use of Intel's System Management Mode (SMM). Quote: "The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM." The implications of this exploit are severe.
802467
submission
Eukariote writes:
An estimated 18 million laptops with NVidia G84 and G86 graphics chips sold in the past one and a half years are experiencing high failure rates. Various laptop models from multiple manufacturers (Apple, Dell, HP, Lenovo, and others) are affected. NVidia blames it on bad chip packaging causing thermal failure. BIOS updates that turn the laptop fan on more frequently or permanently have been released by Dell and HP. The cynical interpretation is that that is likely to only delay the problem until the warrantee has expired.
207705
submission
Eukariote writes:
Recently, Intel patched bugs in its Core 2 processors . Details were scarce, soothing words that a BIOS update was all that was required were spoken. OpenBSD founder Theo de Raadt has now provided more details and analysis on outstanding, fixed, an non-fixable Core 2 bugs. Some choice quotes: "Some of these bugs (...) will *ASSUREDLY* be exploitable from userland code.", "Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008".
