Friday, 09 February 2018 12:18

Spectre reboot problems: Now Intel replaces its buggy fix for Skylake PCs Featured

Written by
Rate this item
(0 votes)
Intel Intel

Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks.

The stability issues caused by Intel's microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems.

Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel's updates cause data loss or corruption in some cases.

While updates for Variant 1 Spectre and Variant 3 Meltdown attacks were largely unproblematic, Intel's IBRS fixes for the Variant 2 'branch target injection vulnerability' significantly impacted performance and caused stability problems.

When Intel told customers on January 22 to stop deploying its fix, it said it had developed early fixes for Haswell and Broadwell systems and would eventually release fixes for newer CPUs.

The chipmaker on Wednesday said it has released microcode updates for several Skylake-based platforms, while updates for other architectures will be released in the coming days.

"Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days," Intel vice president Navin Shenoy wrote.

"We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production."

The company also published a new microcode revision guidance document, which indicates that new microcode has been released for Skylake U, Y, U23e, H, and S series chips.

As per the first round of fixes, Intel's new microcode will be delivered as firmware updates from OEMs.

Intel originally was aiming to have released updates for all affected CPUs by the end of January.

The company has faced scrutiny over its disclosure of the vulnerabilities, which Google had reported to Intel in June last year. While Amazon, Apple, Microsoft and Google were kept in the loop, Carnegie Mellon's CERT/CC only learned of the issue when the Meltdown and Spectre websites went live.

The Wall Street Journal reported a week ago that Intel had also provided an early disclosure to Chinese tech giants Alibaba Group and Lenovo, yet failed to inform the Department of Homeland Security's US-CERT, which only learned of the bugs after Google's disclosure.

The disclosure to Chinese tech firms raises the possibility that the Chinese government was aware of the vulnerabilities before the US government and the National Security Agency.

Shenoy said it was critical for "everyone to always keep their systems up to date", citing US-CERT's advice for preventing targeted attacks.

"Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today's environment, that must change. According to the Department of Homeland Security's cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented with -- among other things -- regular system updates," wrote Shenoy.

"This is especially top of mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers -- or bad actors -- direct their time and energy at it.

"We expect this new category of side-channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future."





Read 2152 times Last modified on Thursday, 09 August 2018 13:49
Samer Hmouda

I was Borne and raised in Kuwait, I take my degree in low from Lebanese university in 1994.

Technology is my passion so I read and teach myself a lot of things related to networking and technology. Internet was one of the most help tools in my learning. I watch many videos and learn from many articles which I read on the web, so now I will try to help others same as I got help from others without waiting for any thanks.

Samer H.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.