Until Monday, prevailing wisdom on Spectre-related microcode patches for Intel CPUs was “Patch ASAP!” For most owners of such gear, this meant “Patch as soon as your OEM or motherboard vendor makes one available.” No more. Intel has fielded numerous complaints from those who followed this advice, particularly for Broadwell and Haswell platforms. It seems that applying some of these patches caused spontaneous reboots on certain systems. Consequently, Intel’s decided to call a temporary halt. That’s right: Intel now advises against installing Spectre patches! Temporarily, at least …
Cute graphic aside, there’s nothing cute or cuddly about the Spectre vulnerability.
Dirty Details: Why Intel Now Advises Against Installing Spectre Patches
An Intel News Byte item provides more details. Dated 1/22, it’s entitled “Root cause of reboot issue identified; updated guidance for customers and partners.” Its key statements read:
- We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
- We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
- We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
What does this mean? For the time being, microcode patches are on hold until Intel and its partners get the kinks worked out of their patches. It seems that the only thing worse than the vulnerability is the currently available cure!
Undoubtedly, Intel will update its guidance when those patches work properly. Then, we should expect to start patching like mad once again. I’ll keep an eye on this situation in the meantime. Count on me to report back when it changes. Stay tuned!
More Reading on Spectre & Meltdown
I’ve already blogged about this mess twice:
1. KB4056892 Fixes Critical Win10 Security Bugs (1/5/18)
2. More Details on KB4056892 Wintel Vulnerabilities (1/10/18)
Other great sources on this topic include:
1. Aryeh Goretsky “Meltdown and Spectre Vulnerabilities: What You Need to Know” (1/5/18)
2. Richard Hay “ITPro Snapshot: Resources for the Meltdown and Spectre Flaws” (1/5/18)
3. Original researchers/Graz University “Meltdown and Spectre” (undated)
[Note added 1/26/2018 2 PM]
Here’s a pretty comprehensive list of related patches/updates with KB numbers for all of them: A Clear Guide to Meltdown and Spectre Patches. If you installed any of them, and are now experiencing random reboots, try uninstalling them. It just may fix your problems!