January 23, 2018 // 11:34 a.m.
Intel has been forced to warn users not to install the microcode updates it released to mitigate against the Spectre and Meltdown processor design flaws more than two weeks ago, following the discovery of widespread random-reboot issues across all processor models.
Following the disclosure of major security vulnerabilities in the speculative execution features of most modern mainstream processors, Intel released a series of software patches with the warning that they could impact performance for a variety of mainly server-centric workloads by up to 35 percent - a hit large enough that it has been quietly advising server customers to think long and hard about whether they are more concerned by security or performance. Taking a hit that large was bad enough for the company's image, but worse was to come: Intel was forced to admit that the microcode updates were causing random reboots, initially believed to be limited to older Broadwell and Haswell parts but later verified as affecting all Intel chips.
That Intel released a faulty patch months after it was informed of the security flaw is terrible, but what's worse is that the fault is bad enough to force the company into warning customers not to install it - more than two weeks after it made the patches available and encouraged their use. 'We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions [of the patches], as they may introduce higher than expected reboots and other unpredictable system behaviour,' Intel's Navin Shenoy has posted on the company's newsroom page.
'We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date,' adds Shenoy - the latter seemingly contradicting the company's stance that the currently available patches should not be installed.
Intel users are now faced with a dilemma: Removing the microcode update will leave them vulnerable to attack using the Meltdown and Spectre vulnerabilities, but installing them will have a guaranteed impact on both performance and stability.