Gunnar Assmy - Fotolia
Risk & Repeat: Meltdown and Spectre mitigation efforts stumble
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Meltdown and Spectre mitigations efforts and why they're struggling with bad updates and miscommunication.
Cracks are starting to show in the Meltdown and Spectre mitigation efforts.
Since the critical microprocessor vulnerabilities were disclosed at the start of the month, chipmakers and software vendors alike have combined their efforts to push out patches and microcode updates.
However, Meltdown and Spectre mitigations have stumbled; Intel last week was forced to halt its updates after reports of "higher than expected reboots" for systems running Broadwell and Haswell chips. This led to Microsoft issuing an out-of-band patch to mitigate the Intel update that was causing the reboot issues.
In addition, the Meltdown and Spectre mitigation efforts have included questionable disclosure decisions and communications. For example, confidential Intel documents show the chipmaker didn't notify OEM customers of variant 2 of the Spectre vulnerability until Nov. 29. And Intel isn't alone; after initially saying that variant 2 posed "near zero risk" to customers, AMD was forced to reverse course and announce microcode updates for the Spectre flaw.
Do the issues with the Meltdown and Spectre responses show that vendors weren't prepared? Or are they evidence that the vulnerabilities are much more serious than previously thought? SearchSecurity editors Rob Wright and Peter Loshin are joined by Senior Reporter Michael Heller to discuss those questions and more on this episode of the Risk & Repeat podcast.