Chip giant rolls out revised Spectre patches, after initial fix proved worse than the bug it was supposed to repair
Intel has for the second time released new microcode updates in an effort to fix the security exploits disclosed by Google Project Zero back in early January.
It comes after Intel, which had already known about the Spectre and Meltdown issues nearly a year ago and kept it secret for months, along with a number of other companies, rushed out botched updates to fix the flaws.
Indeed, Intel’s first fixes were so bad that it soon urged its manufacturer partners to stop distributing the botched patches. And Microsoft even took the unusual step of issuing out an out-of-band update that specifically disabled Intel’s Spectre variant 2 patch.
The Spectre and Meltdown bugs first became public knowledge at the start of the year and affect virtually every processor made by Intel, AMD and ARM manufacturer during the past 20 years.
Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could in theory obtain passwords, encryption keys or steal information from other applications.
Caught out by Google’s decision to go public about the issue, Intel rushed out its initial fixes and actively downplayed talk of any system slowdown, releasing its fixes to OEMs on 12 January.
That was despite a warning from Microsoft at the time that there would be a ‘significant’ impact on some PCs and servers if the fixes to Meltdown, Spectre were applied.
But some of Intel’s fixes caused more than a slowdown.
Indeed, Redmond soon warned that patched system could become unstable and that Intel’s faulty patch could in some cases cause “data loss or corruption”.
Soon thereafter, OEMs halted the rollout of Intel’s updates.
But now weeks later, Intel has said that it has updated the firmware for Kaby Lake- and Coffee Lake-based platforms, plus additional Skylake-based platforms.
These cover Intel’s 6th, 7th and 8th generation Intel Core product lines as well as the latest Intel Core X-series processor family. The fixes also includes the Intel Xeon Scalable and Intel Xeon D processors for data centre systems.
“This effort has included extensive testing by customers and industry partners to ensure the updated versions are ready for production,” wrote Navin Shenoy, executive VP of Intel’s Data Center Group. “On behalf of all of Intel, I thank each and every one of our customers and partners for their hard work and partnership throughout this process.”
“The new microcode will be made available in most cases through OEM firmware updates,” said Shenoy. “I continue to encourage people to always keep their systems up-to-date.”
He said that the updates should also provide protection against the Google-developed binary modification technique Retpoline.
Intel is thought to be facing over 30 lawsuits in the US over Spectre and Meltdown.
Quiz: What do you know about Intel?