Dynabook |
Archive.

Back

Intel Processor firmware vulnerability


Summary
A vulnerability has been found that affects Intel® CPUs (processors) of a type used in PCs and tablets, including some Toshiba devices. The vulnerability could potentially allow hackers to access private data. We are informed by Intel that specific malware would have to be installed in order for an attacker to exploit this vulnerability. It is possible that processors manufactured by other firms than Intel could also be affected, however this is currently under investigation. Although there are no recorded cases of this vulnerability being exploited, Toshiba takes such security threats very seriously and we are working hard to protect our customers from this potential issue. As such we are preparing firmware updates to correct this issue, and offer further advice on countermeasures in the meantime.

The reported threat
The threat relates to speculative execution and indirect branch prediction techniques which are used in some microprocessors manufactured by Intel. If an attacker were able to access a device with one of these processors and install a specific type of malware, there is a possibility that data could be compromised. This vulnerability applies across different operating systems that could be run on devices using these processors – for example Windows and Android. Processors from AMD are also affected although to a lesser degree. Processors from other manufacturers could also be affected, though this is still under investigation.
You can read more about this vulnerability here:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://www.amd.com/en/corporate/speculative-execution

Countermeasures
  • Since malware would need to be installed to exploit this vulnerability, we advise you to update your anti-virus software, utilise a strong Windows password to deny direct access from other parties, and to be careful about which websites you visit.
  • As a permanent measure, we are preparing BIOS updates with updated CPU microcode.
  • In order to activate this updated microcode, an operating system security patch is also necessary. Microsoft has released patches for its different supported operating systems. If your system is not configured to automatically implement operating system updates, please visit the appropriate page to obtain the correct patch:
  • Windows 10 Patch: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
  • Windows 8.1 Patch: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
  • Windows 7 Patch: https://support.microsoft.com/en-in/help/4088878
  • For Toshiba devices utilising the Android operating system, further details are under investigation.
  • For Toshiba devices utilising AMD CPUs, no firmware update is required to fix this vulnerability, though the Microsoft security patch should be applied as soon as possible.


  • Along with applying the necessary adjustments related to the Intel CPU vulnerability, Toshiba is implementing additional security measure in Toshiba’s own BIOS. Please ensure that you always update your BIOS to the latest version to ensure that your system includes the latest security enhancements.

    Affected Toshiba PCs, and schedule for BIOS updates
    Please check here to determine if your system is affected and when updated BIOS will be available, if appropriate.