Intel updated its patching guidance for Spectre this week, continuing the months-long process of fixing the critical security flaw. Although the company had previously said it planned to patch all affected chips, today it clarified that some product lines won’t receive updates. Most are older and, presumably, not as widely used. They include: the Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Wolfdale line, and the Yorkfield line.
Intel says it’s stopped production of these fixes for three reasons, in its words:
-Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
-Limited Commercially Available System Software support
-Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
I’d expect that most companies have upgraded some of these older systems, which date back as far 1998. But at least one of these chips, the SoFIA 3G, is from 2015, which isn’t very old. Intel, it seems, can’t figure out how to fix its entire product portfolio and is instead recommending users upgrade their processor if they want protection.
The company has continuously struggled to patch Spectre. Earlier this year, it recommended users stop deploying these patches because they caused constant reboots. It later adjusted the fixes and resumed the rollout. Still, it’s now April, and Intel is continuing to work on these patches, almost a year after it first found out about the security flaw. That’s not great!