Intel has announced its second crack at tackling the Meltdown and Spectre security vulnerabilities, releasing a revised microcode for a subset of its chips which it claims will not repeat the random crash issues of its previous release.
Revealed ahead of schedule in early January, Meltdown and Spectre refer to a family of four serious security vulnerabilities embedded in most modern mainstream processors and which allow unauthorised access to supposedly protected memory contents. Intel's response to the issue has been, unfortunately, troubled: As well as performance issues surrounding the loss of speculative execution capabilities to patch the hole, random reboot issues were found in Intel's microcode update serious enough for the company to advise customers to not install the update and instead leave their systems unprotected while a fixed version could be developed.
That work, Intel's Navin Shenoy claims, continues, with the company's original equipment manufacturer (OEM) customers now having received fixed microcode patches - though only for small subset of the affected products, with Shenoy confirming the fixes apply to 'several Skylake-based platforms' only with 'more platforms [due for release] in the coming days'.
'Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasise enough how critical it is for everyone to always keep their systems up-to-date,' Shenoy writes, two weeks after specifically telling customers to 'stop deployment of current versions [of the patches], as they may introduce higher than expected reboots and other unpredictable system behaviour' and with no small amount of irony. 'Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them.
'Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.'
Users are advised to pay attention to firmware updates from their motherboard manufacturers in order to receive the latest microcode updates, but to avoid installing Intel's previous microcode updates - a confusing mess rival AMD has thus far avoided by failing to release any microcode updates at all for the Spectre vulnerabilities which are present in its own processors.
September 16 2019 | 14:00