Microsoft deploys Windows update to address Intel's troubled Spectre patch

By on
Microsoft deploys Windows update to address Intel's troubled Spectre patch

Microsoft is aiming to wipe out buggy Intel patches for the Spectre processor vulnerability with a new update for Windows 10, Windows 8.1 and Windows 7. 

Intel disclosed on 22 January that its latest microcode patches related to Spectre had created reboot issues as well as "other unpredictable system behaviour".

IT vendors including Dell, HP and Lenovo have disclosed plans to return users to previous BIOS firmware versions to help eliminate the Intel microcode. 

Now, Microsoft also is offering a Windows operating system update for servers and client devices to address the problems caused by the Intel patches.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft said in its disclosure of the update.

Microsoft said the update would roll back the Intel mitigation related to Spectre variant 2, also known as the "branch target injection" vulnerability.

"While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – 'Branch target injection vulnerability.' In our testing this update has been found to prevent the behavior described," Microsoft said in disclosing the update.

The update can be downloaded from Microsoft's Update Catalog site. Microsoft also said it was providing a way for advanced users to manually address the issue using changes to registry settings (details here).

Microsoft reiterated that it has no information suggesting that Spectre variant 2 has been exploited as part of a cyberattack so far. 

Spectre and the related Meltdown processor exploit were revealed at the beginning of January. The vulnerabilities affect chips from multiple vendors, including AMD and ARM.

The flaws account for three variants of a side-channel analysis security issue in server and PC processors, and could potentially enable hackers to access protected data.

While Intel continues to work on software mitigations for the vulnerabilities, the company has acknowledged that it will ultimately take a hardware fix to fully solve the issue for its processors.

Last week, Intel chief executive Brian Krzanich said the company was "working to incorporate silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware." On Friday, Intel CFO Bob Swan said the hardware fixes should be available "in the latter part of this year". 

This article originally appeared at crn.com

Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

As a reseller, this year would you prefer to...
Do more business with my current vendors
Add new vendors and grow business with them
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?