Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

Microsoft has paused distributing its Meltdown and Spectre security updates for some older AMD machines after reports of PCs not booting. Microsoft’s support forums have been full of complaints from PC owners with AMD processors, and the software giant has acknowledged the issues today. Microsoft is blaming AMD’s documentation for the unexpected problems.

“Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates,” says a Microsoft spokesperson. “After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.”

Microsoft is now preventing AMD PCs from receiving updates, to stop machines from getting into an unbootable state. Microsoft is working with AMD to resolve the problems and continue issuing updates to AMD PCs soon, and affected owners will need to visit Microsoft’s support site for fixes to get machines back into a bootable state. The hiccup is an embarrassing issue for both AMD and Microsoft, just as the industry as a whole continues to deal with the fallout from the Meltdown and Spectre CPU flaws.

AMD confirmed the issues in a statement to The Verge. “AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend,” says an AMD spokesperson. “AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for those impacted shortly.”

Update 8:50PM ET: AMD statement added.

Comments

I guess I should be glad I only have Intel based PCs !?

Well, no. Intel is massively vulnerable to Markdown, and it is also quite susceptible to the branch target injection variant of Spectre, which has been shown to be rather serious on Haswell CPUs and that can lead to worse exploits than the bounds check bypass variant every CPU suffers from (which, while way harder to fix, it is generally less useful and harder to exploit).
AMD is seemingly architecturally immune to Markdown and has not been reported to be vulnerable to branch target injection yet, given its implementational differences, leaving out only bounds check bypass. So I guess you should be rather sad about only owning Intel CPUs, at least as far as we know.

Not to be that guy but you mean Meltdown. Markdown is a text formatting language.

How I could have been able to write "Markdown" instead of "Meltdown" TWICE still baffles me. Probably I’ve been reading so much stuff about these vulnerabilities these days I’ve started to suffer from random brainfarts about them.

Having a markdown of your own it seems

Autocorrect maybe?

I was typing on a laptop. I guess my server’s DDR3 RAM is not the only thing having memory corruption issues in the room.

I’ll be sad when my machine gets attacked.

Meanwhile, I’ll watch some people being sad because their machines can’t even boot.

Wasn’t AMD pretty adamant that their chips weren’t affected?

AMD’s aren’t affected by the worse of the two (Meltdown). And the Linux commit’s comment, from AMD, was in regards to this, as that particular patch was only for Meltdown.
Microsoft is doing patches for both bugs though, so this must revolve around Spectre.

Meltdown is specifically an Intel program, but Spectre is a generic CPU design flaw and AMD was pretty loud about how they were unaffected. Don’t get me wrong, we all raised an eyebrow of suspicion at that claim, but that was the information they put out there, and profited accordingly.

I was under the impression Meltdown also hit some ARM processors, but AMD was immune to it — pretty sure that’s what they were saying, too.

AMD submitted a patch to disable the Linux KPTI workaround on AMD CPUs, claiming that they were unaffected by that particular issue. KPTI is the workaround for Meltdown, not Spectre.

AMD wasn’t talking about Spectre, they were talking about Meltdown.

The article is slightly misleading because it fails to clarify that AMD chips are not vulnerable to Meltdown, the most serious (in the short term) between the two vulnerabilities. Maybe a little note at the end would suffice?

Briefly recalled these comments in the previous article about Apple…

The world’s most valuable company with a huge war chest can’t even tell their customers whether they’re affected until today? In the same time, Microsoft has already released patches for their Surface machines against both Meltdown and Spectre. And yet Apple keeps calling their devices secure.
The hiccup is an embarrassing issue for both AMD and Microsoft, just as the industry as a whole continues to deal with the fallout from the Meltdown and Spectre CPU flaws.

This is an understatement

Microsoft already patched their own Surface computers, which was the point of that random comment you decided to put on a pedestal. These patches are for third party AMD devices.

Yes, a lot of people were crowing about how Microsoft patched their systems first. Meanwhile Apple patched a lot of it back in November, and the rest of it last week, with no bricked machines as far as I can tell.

Well that’s embarrassing.

It’s a good job AMD has been dead in the water until recently and most W10 machines are intel then (I suppose).

@Verge what’s up with the spammy ad links?

Shouldn’t there be like an quote from AMD here? Or a least a request for statement that was unanswered and a note to that effect in the article at publish time?

Why, would a denial from a corporate entity make this issue any more acceptable?

Two sides to every story, and AMD has taken a particular side on Meltdown patches (the patches aren’t useful, getting them disabled by the Linux kernel Team, etc).

So you’d think given a directly relevant prior statement, they would be a good source to provide meaningful context to Microsoft’s "we did some AMD patches that they said not to do and they made things worse".

AMD has been infected by another bug: Microsoft’s patching.

View All Comments
Back to top ↑