New Windows patch disables Intel's bad Spectre microcode fix
- Author: Joey Payne Jan 30, 2018,
Jan 30, 2018, 1:00
The Windows-maker also assured users that as of January 25, there are no indications that the Spectre variant 2 patch has been weaponized for potential hacking attacks.
Microsoft has disabled a recent Intel fix for the Spectre CPU flaw after the update caused some systems to unexpectedly reboot. On Friday, Intel wrote in a press release that patches to its chips "may result in adverse performance, reboots, system instability, data loss or corruption, unpredictable system behavior, or the misappropriation of data by third parties".
ARM and AMD chips are also vulnerable to attacks, but Intel remains the only manufacturer with products that are affected by all three of Spectre, Spectre Variant 2, and Meltdown. The update does leave the fixes for the two other vulnerabilities that make up the Meltdown and Spectre attacks while removing the buggy code that caused stability issues with Spectre Variant 2.
This is the second time this month Microsoft has issued a Windows update outside of its regular "Patch Tuesday" schedule.
Microsoft's initial Windows patches would detect the presence of the updated microcode and use the additional controls if they were available.
You can download KB4078130 from Microsoft's Update Catalog. The update will work on Windows 7 SP1, Windows 8.1, and all versions of Windows 10 for client and server.
Intel may be in hot water following revelations that it disclosed information about the risky Meltdown and Spectre flaws to certain Chinese customers before notifying the USA government.
The problematic Intel fix was created to mitigate against attacks using the Spectre-related Branch Target Injection vulnerability, CVE 2017-5715. Intel chose not to inform governments directly about the flaws, something which seems like it really should be done in today's world. Many different generations of Intel chips were suffering such problems, including its latest processors, codenamed Ivy Bridge, Sandy Bridge, Skylake, Kaby Lake, Broadwell and Haswell.
Claims that some Chinese companies may have had knowledge about security flaws in Intel chips before the USA government is "troublesome", said Republican Congressman Gregory Walden. In such case, restoring the Spectre 2 variant 2 patch will be the safe thing to do. Earlier reports claimed Intel is having being warned of the flaws by Google late a year ago itself though it came to be known to all in early January.