New Windows patch disables Intel's bad Spectre microcode fix

Adjust Comment Print

Intel chose not to inform governments directly about the flaws, something which seems like it really should be done in today's world.

The update is now offered only as an out-of-band update that must be manually downloaded and installed, and it has no effect other than to disable the use of this particular Spectre mitigation.

"We're working to create silicon-based changes to future products, that will directly address the Spectre and Meltdown threats in hardware". Microsoft over the weekend responded to Intel's disclosure and has issued an out-of-band update that will allow users to disable Intel's faulty patch, particularly the one that mitigates against Spectre Variant 2.

An official at the Department of Homeland Security said that the staffers learned of the flaws on January 3 from news reports and not from Intel in advance, explaining the hastily-provided mitigation for the problem.

Last week, Intel reported its fourth-quarter results in which the company said that complete patches to fix the Spectre and Meltdown flaws won't be widely available until the fall. In Microsoft's testing, this new update should fix the reboot issues for users, but for moment it also means that these users will remain vulnerable to Spectre v2.

Microsoft's updates are aimed at Windows Server users as well as consumers with Windows 7, 8.1 and 10.

First Woman's Rep Blasts False Reviews About Melania Trump
Trump had originally been scheduled to join her husband at an economic summit in Davos, Switzerland, this week. Melania Trump concluded her tour at the Hall of Remembrance and participated in a moment of silence.

'Our own experience is that system instability can in some circumstances cause data loss or corruption.

Since then, some updates to chips made by Intel and AMD were later revealed to cause their own problems. This update will only disable mitigation against CVE-2017-5715, while keeping the fixes for Meltdown and Spectre variant 1 in place.

The Windows update can be downloaded from Microsoft's Update Catalog portal.

Spectre and Meltdown are vulnerabilities in modern chip design that could allow attackers to bypass system protections on almost every recent PC, server and smartphone-allowing hackers to read sensitive information, such as passwords, from memory. Further fallout could likely be in relation to reports that Intel CEO Brian Krzanich sold millions of dollars' worth of personal stock before the public was made aware of the vulnerabilities, and that Intel notified a select group of customers, including Chinese tech firms, about the bugs before informing USA officials.

IT vendors including Dell, HP and Lenovo have disclosed plans to return users to previous BIOS firmware versions to help eliminate the Intel microcode.