Microsoft has been forced to issue a second out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.”
Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1, and Windows 10 systems to disable protection against Spectre variant 2. Microsoft says its own testing has found that this update prevents the reboots that have been occurring.
Microsoft has issued the update as part of its Windows Update catalog, which means you’ll need to download it manually for now. It’s worth applying it to systems that are experiencing the issues since Intel’s buggy firmware updates. Microsoft is also releasing a new registry key setting for impacted devices, allowing IT admins to manually disable or enable the Spectre variant 2 protections.
Intel says it has identified the issues behind the unexpected reboots on Broadwell and Haswell processors and is working toward releasing an update that addresses the exploits without causing random reboots and data loss. Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors are also affected, and Intel says it’s “actively working on developing solutions” for those platforms too.
It’s clear patching for Spectre variant 2 has been a mess, fuelled by how quickly the software updates needed to be built and distributed. Buggy Intel firmware updates, problems on some AMD machines, and two emergency Windows updates in a month is strong evidence that these patches weren’t tested widely enough before their release. Let’s hope the updates currently in development aren’t “complete and utter garbage.”