※ 引述《ejsizmmy (pigChu)》之铭言:
: 帮各位画个重点:
: ※ 引述《Everless (ミカ)》之铭言
: : Intel 最近发布了新的 CPU 微代码,以解决最近的4个安全漏洞,这些微代码可以透
: 过主机
: : 板 UEFI 来更新,有些处理器甚至可以透过 Windows Update 升级,这些处理器微代
: 码更新
: : 包括了第二代 Sandy Bridge 之后的 Core 、Xeon 处理器。
: 这些漏洞主要是针对 Intel 的 HT 多执行绪进行攻击,
: Intel 建议用户除了更新软件与微代码之外,也可以关闭 HT 来杜绝漏洞,
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
根据Intel的网页
Mitigation
...
Once these updates are applied, it may be appropriate for some customers to
consider additional steps. This includes customers who cannot guarantee that
trusted software is running on their system(s) and are using Simultaneous
Multi-Threading (SMT). In these cases, customers should consider how they
utilize SMT for their particular workload(s), guidance from their OS and VMM
software providers, and the security threat model for their particular
environment. Because these factors will vary considerably by customer, Intel
is not recommending that Intel® HT be disabled, and it’s important to
understand that doing so does not alone provide protection against MDS.
下面的FAQ
Is Intel recommending that I disable HT?
No. Intel is not recommending that users disable Intel® Hyper threading. It’s
important to understand that doing so does not alone provide protection against
MDS, and may impact workload performance or resource utilization that can vary
depending on the workload.