Intel has released details and mitigation information for what it calls the L1 Terminal Fault, but which most media outlets have dubbed the 'Foreshadow' CPU flaws. These flaws are similar in nature to the Spectre and Meltdown security holes which were uncovered early this year and affected billions of computer processors. Happily, security researchers gave Intel the heads-up months ago so it has had time to work on microcode patches and with OS/cloud vendors like Microsoft, Google, and Amazon.

The L1 Terminal Fault (L1TF) is a speculative execution side-channel method of attacking a processor. Ironically it affects modern Intel processors which come with Intel Software Guard Extensions (Intel SGX). To exploit L1TF a method might target access to the L1 data cache which will store information on what a processor core is most likely to do next, explains Intel.

A hacker could run a program on one thread to spy on L1 cache information from another thread/process

If you are interested in more technical explanations and guidance with regard to L1TF then Intel has prepared an advisory and guidance document for IT professionals. This describes the three L1TF variants and lists the potentially affected products. The first two variants were patched in a microcode released as part of INTEL-SA-00115 in May/June this year, though it wasn't mentioned at the time. The third variant, affecting Hypervisor software, as used in virtualisation, has only just to get patches delivered, with rollout starting yesterday.

Many enterprises such as data centres commonly use virtualisation technology and it is "advisable that customers or partners take additional steps to protect their systems". In some cases "performance or resource utilisation on some specific workloads may be affected," which could be bad news for the organisations affected as it will increase costs.

Looking to the not-too-distant future (Q4 2018), Intel will release the next-generation Intel Xeon Scalable processors (code-named Cascade Lake) with silicon level mitigations for not just Spectre and Meltdown but for L1TF too.

AMD CPUs are not affected by L1TF.