Intel tells customers to skip buggy patches for Spectre and Meltdown
The Spectre and Meltdown saga continues to add chapters.
After a rash of reports showed Intel firmware updates caused unwanted rebooting, Executive Vice President Navin Shenoy told the company’s biggest customers to skip the latest patches as Intel sprints to release better fixes.
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions on specific platforms as they may introduce higher than expected reboots and other unpredictable system behavior,” Shenoy wrote in a blog post released Monday.
Spectre and Meltdown were discovered in June 2017 and then were kept largely under wraps for six months as chipmakers figured out what to do next. The released security updates have included various firmware and software updates meant as triage. In addition to Intel’s firmware updates, companies like Microsoft, Apple, Nvidia and AMD rolled out their own patches in efforts to protect their company’s devices.
Intel says it recently identified the root cause for the reboot problems on systems running Intel Broadwell and Haswell CPUs, and they have “made good progress in developing a solution to address it,” Shenoy wrote. Broadwell and Haswell CPUs are two generations old.
Other Intel CPUs like Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake have also been impacted by reboot problems, but it’s unclear where Intel is on fixing those issues. Intel has not responded to a request for comment.
The Spectre and Meltdown exploits can allow attackers to steal sensitive data. Virtually all unpatched processor chips made since 1995 are vulnerable. The security updates meant to triage the problems have caused their own headaches, especially for large-scale data center computing, which can suffer significant slowdowns and other bugs like the reboots.
Shenoy urged Intel’s industry partners to “focus efforts on testing early versions of the updated solution so we can accelerate its release.” More details are expected later this week.
Average consumers have been far less affected by the Spectre and Meltdown patches. They’re advised to keep installing the latest updates as they are available.