※ 引述《ejsizmmy (pigChu)》之銘言:
: 幫各位畫個重點:
: ※ 引述《Everless (ミカ)》之銘言
: : Intel 最近發布了新的 CPU 微代碼,以解決最近的4個安全漏洞,這些微代碼可以透
: 過主機
: : 板 UEFI 來更新,有些處理器甚至可以透過 Windows Update 升級,這些處理器微代
: 碼更新
: : 包括了第二代 Sandy Bridge 之後的 Core 、Xeon 處理器。
: 這些漏洞主要是針對 Intel 的 HT 多執行緒進行攻擊,
: Intel 建議用戶除了更新軟體與微代碼之外,也可以關閉 HT 來杜絕漏洞,
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
根據Intel的網頁
Mitigation
...
Once these updates are applied, it may be appropriate for some customers to
consider additional steps. This includes customers who cannot guarantee that
trusted software is running on their system(s) and are using Simultaneous
Multi-Threading (SMT). In these cases, customers should consider how they
utilize SMT for their particular workload(s), guidance from their OS and VMM
software providers, and the security threat model for their particular
environment. Because these factors will vary considerably by customer, Intel
is not recommending that Intel® HT be disabled, and it’s important to
understand that doing so does not alone provide protection against MDS.
下面的FAQ
Is Intel recommending that I disable HT?
No. Intel is not recommending that users disable Intel® Hyper threading. It’s
important to understand that doing so does not alone provide protection against
MDS, and may impact workload performance or resource utilization that can vary
depending on the workload.