Variant 4 (Speculative Store Bypass) CPU flaw

Variant 4 (Speculative Store Bypass) CPU flaw discovered, but patch will slow down devices

A new CPU vulnerability has been found, and it's labelled Speculative Store Bypass. Firmware update is in the works, but it cause performance problems.

A number of tech companies, including Microsoft, Intel, and Google are disclosing a new processor security vulnerability similar to the Spectre and Meltdown. The new flaw is called “Variant 4,” and it’s a new subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (SSB), and affects Intel processors as those from AMD and ARM.

Similar to Meltdown and Spectre, this new vulnerability could allow attackers to read and steal user private data, but it’s less impactful than Variant 2 and it shares many characteristics of Variant 1.

Intel says that recent patches to mitigate Spectre and Meltdown for modern web browsers, such as Chrome, Microsoft Edge, and Safari also mitigate Variant 4. However, same as Variant 2, Variant 4 will require software updates as well as firmware updates for affected processors, which unfortunately will affect system performance.

Intel has already created a mitigation called “Speculative Store Bypass Disable (SSBD)”, which is now available as beta for computer manufacturers, and the chip maker is expecting the update to rollout to the public in the coming weeks.

According to Microsoft and Intel there hasn’t been any reports of this method being used in real-world exploits, as such this “mitigation will be set to off-by-default, providing customers the choice of whether to enable it.” However, if enabled, it’s expected that computers will take a performance hit of up to eight percent.

As always the best way to stay protected is to keep up your system updated with the latest software and firmware patches, and having an up to date anti-malware solution, such as Windows Defender Antivirus.

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He is also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me.