Intel: Don't Deploy Our Faulty Spectre Patches

Adjust Comment Print

That's the latest directive from Intel, who cited spontaneous reboot and system instability problems - first reported January 11 - following its latest firmware patch aimed to defend against the Spectre and Meltdown exploit vulnerabilities. It seems Intel is asking many clients to rip that band aid off as the supposed cure is now causing more widespread harm than the vulnerabilities it is to protect against. However, Intel says it is also working to create a new version of its original update that removes Spectre variant 2-related fixes, but maintains Spectre variant 1 and Meltdown fixes. Assuming testing goes well, we can likely expect Intel to release the fix more broadly.

Now that a fix is in testing, Intel is recommending that "OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions" to limit the impact of unexpected reboots with current updates. The progress we have made in identifying a root cause for Haswell and Broadwell will help us address issues on other platforms. Intel cautioned users about installing the patch in a blog post last week, but as of today, the company appears to have given up on this round of patches altogether.


At the issue's outbreak, Intel advised hardware partners to stop issuing updates for unpatched devices, but not to recall the updates they had already issued.

As Intel began to roll out patches for the flaws, problems cropped up. In December, a critical flaw was discovered in all modern processors that let attackers use low-privileged apps to read the memory of a computer's kernel, the central part of an operating system, giving them the ability to steal sensitive data like passwords, files, and security keys. The same issues have been happening on Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors too; Intel says it's "actively working on developing solutions" for those platforms as well.

Comments