Microsoft has been forced to issue a second out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.”
Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1, and Windows 10 systems to disable protection against Spectre variant 2. Microsoft says its own testing has found that this update prevents the reboots that have been occurring.
Microsoft has issued the update as part of its Windows Update catalog, which means you’ll need to download it manually for now. It’s worth applying it to systems that are experiencing the issues since Intel’s buggy firmware updates. Microsoft is also releasing a new registry key setting for impacted devices, allowing IT admins to manually disable or enable the Spectre variant 2 protections.
Intel says it has identified the issues behind the unexpected reboots on Broadwell and Haswell processors and is working toward releasing an update that addresses the exploits without causing random reboots and data loss. Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors are also affected, and Intel says it’s “actively working on developing solutions” for those platforms too.
It’s clear patching for Spectre variant 2 has been a mess, fuelled by how quickly the software updates needed to be built and distributed. Buggy Intel firmware updates, problems on some AMD machines, and two emergency Windows updates in a month is strong evidence that these patches weren’t tested widely enough before their release. Let’s hope the updates currently in development aren’t “complete and utter garbage.”
Comments
Retpoline is the way to go, it fixes Spectre v2 for everyone except Skylake (which can be addressed via an ad-hoc fix) without huge slowdowns. Probably MS is finding hard to modify their crappy compiler to address the issue, given that both GCC and LLVM had to be patched to implement retpoline support.
By mcilloni on 01.29.18 4:46am
Where does it say Microsoft are finding it hard? It’s intel causing the issues with their updates.
By Narom on 01.29.18 5:13am
It’s usually a good idea to read the damn article first before commenting…don’t just go off the headlines.
By texazzpete on 01.29.18 7:15am
What are Intel actually doing about this?
By Popcorn! Smiles! on 01.29.18 9:12am
‘Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to "data loss or corruption."’
Well, first, Brian cashed out stock, and then his lawyers issued data loss warnings on all communication to prevent lawsuits.
Oh, you mean for customers? Nothing really. This is business friendly America, you see. Taking care of customers, even the US gov’t, is for losers and chumps.
By nico_mach on 01.29.18 9:39am
Way to go, Microsoft! You have been great, especially with Windows 10!
By Victor Junior on 01.29.18 9:24am
Can’t tell if this is sarcasm or not, but I agree. Windows 10 has been superb so far (for me).
By fxspec06 on 01.29.18 12:30pm
No, it is not sarcasm.
By Victor Junior on 01.30.18 5:55am
Haven’t had any rebooting issues on my Surface Book after the initial updates. But wow, Intel is really dropping the ball here.
By BausFight on 01.29.18 9:27am
I’m on a SB2 and yea… I haven’t noticed any slowdowns or random reboots.
By Burgerman on 01.29.18 9:51am
My layman’s understanding is that the bug can’t really be patched and that Intel’s solution to the problem is to flood the processors with garbage so that the spectre bug—exploiting branch prediction—is harder to accomplish.
I’m sure that the garbage Intel’s throwing at the processor is causing all sort of issues, including the kernel panics that unexpectedly shut down people’s processors. There’s no way for Intel to solve the problem without replacing the CPUs and Intel will continue to throw garbage at the processor and hope it all works out in order to avoid a recall of most of the world’s computers.
By ddhboy on 01.29.18 10:22am
That’s because the Spectre patches don’t exist for Kabylake processors yet… Only Broadwell and Haswell.
By elindalyne on 01.29.18 10:54am
MS provided the surface updates. I think this MS fix is for Intel provided Spectre patch that has been causing issues on many PCs.
By NoPokyMe on 01.29.18 3:01pm
So it seems like we’ll continue sitting unprotected for a while. That’s nice.
Anyone have an update on an class action suits out there? Time to start ramping them up…
By GoodTroll on 01.29.18 9:54am
If VW got their ass sued over Dieselgate , it’s time for Intel to go through Spectregate
By Darthdearth on 01.29.18 10:04am
Dieselgate was a deliberate effort to lie and cheat.
Spectre is incompetence, not malice. And it’s hard to prove there was any recklessness.
By MosquitoControl on 01.29.18 11:17am
Their response has been reckless.
Even then, I’m not so sure you can say this wasn’t deliberate. The design was absolutely deliberate. They apparently threw caution to the wind in the search for performance, and it has come back to bite them. I don’t know enough of the technical side to be sure, but it seems like we should see some sort of solid class action suit arise from this.
By GoodTroll on 01.29.18 12:52pm
Everything people do is more-or-less deliberate. The question isn’t whether they deliberately designed the processors… they obviously did. The question is whether they knew about the exploitable nature of the design and tried to cover it up or move forward. That would have been sheer idiocy to continue with the design had they known about the exploit, so I’d have to disagree with your stance.
Class action – maybe, but not for the reason you put forward.
By lusional on 01.29.18 7:48pm
They know about the issue now and they’re still selling products with it…
I’d say it’s simply not clear what Intel knew and when, and it’s also pretty clear that they created the issue by pushing aggressively in a particular area in search of performance gains and failed to catch the issue they created. The beauty of a class action suit is that we (might) get answers.
By GoodTroll on 01.30.18 6:28pm
I assume they’re still selling products with it because they think it is or will soon be "fixed."
I don’t really think being aggressive should be considered cause for litigation. If it can be shown they were legally negligent, then perhaps it could be said the aggressive stance was a contributing factor to that negligence.
Either way, I agree with wanting some more answers/information. This is a very interesting case because of the length of time it has stretched over.
By lusional on 01.31.18 11:16am
Right, negligence is negligence. They were aggressive in pushing towards higher performance which possibly blinded them to the ways in which this could be exploited.
Basically, it explains whey they were negligent.
All you need to prove the tort of negligence is a duty, a breach of that duty, that the breach caused the injury, and that there are damages. It seems pretty straightforward to me:
Intel owed me a duty not to expose me to malware unnecessarily; nevertheless, they did so by their processor design; the processor cause me injury (leaving open to attack or hurting performance by the fix), and the damage of lower performance that they’ve warned we’ll experience once the fixes actually come out.
That’s and oversimplification, but it’s essentially what the claims will come down to.
By GoodTroll on 02.06.18 12:24am
Right – it’ll be interesting to see the court’s view on it all.
By lusional on 02.06.18 1:46pm
A loss in a class action of this potential magnitude would put Intel out of business. And then who would actually fix the issues? You would just leave what might be billions of people in the lurch.
By iAmDeathTheKid on 01.29.18 10:27am
I doubt out of business. However, if that’s what’s necessary, that’s fine. It’s much more likely that the business would go into some sort of bankruptcy or receivership with a capital restructure. Wiping out the current capital owners is okay. Investment is inherently risky. We shouldn’t allow the manufacture of the chips to stop, just restructure the business side and settle the claims.
It would be disruptive, yes, but not the end of the world.
By GoodTroll on 01.29.18 12:50pm
So, too big to act responsibly? We still have AMD, but they aren’t totally clean either.
By pallentx on 01.29.18 1:33pm