Most Intel processors* released in the past decade are vulnerable to the recently disclosed Meltdown and Spectre security vulnerabilities, and that’s a problem. But shortly after Intel released a microcode update to mitigate the risk, users started noticing that their computers were unexpectedly shutting off (crashing) more often than before.
Intel’s solution: don’t install that update, and instead wait for a newer update that’s less likely to crash your PC.
Now Microsoft has released a Windows update designed to remove that Intel fix from most computers running Windows 7 Service Pack 1 or later. It’s available from the Microsoft Update Catalog (meaning that it’s not rolling out through automatic updates yet, but you can download and install it manually).
This is a rare “out of band” update from Microsoft, which means that it’s an unscheduled, emergency software update.
If you’re worried that your PC will be less secure after removing Intel’s patch, that may actually be true… but so far there’s no evidence that anyone has successfully leveraged the Spectre vulnerability to create malware that can steal data from your PC yet.
Meltdown and Spectre both take advantage of a feature in modern PCs called speculative execution that effectively have the chip guess what your next move may be based on your current request. But security researchers discovered last year that the way this is carried out could allow some data to be “leaked” to software that isn’t properly authorized to access that data.
Researchers say Spectre attacks are theoretically more difficult to carry out. But just because nobody has reported a case of a Spectre-based attack doesn’t mean there isn’t one in the wild yet.
So it makes perfect sense for Intel (and Microsoft) to roll back a buggy update that can make PCs unstable. Microsoft notes that unexpected reboots and shutdowns aren’t the only problem… because they can also lead to data loss.
But there is still some risk that removing the patch could leave a computer vulnerable… at least until Intel and Microsoft can release the next update.
Meanwhile, other developers have been building Spectre and Meltdown mitigations into vulnerable software including Google Chrome and Firefox.
*While the Spectre vulnerabilites also affect AMD and ARM chips, the Meltdown vulnerability primarily affects Intel processors, although some ARM-based designs could also be affected.Â
via The Verge
Its a good thing 5 our of 6 of my computing devices don’t have Intel processors!
The first sign of a problem should have been when someone followed the word “speculative” with the word “execution”. 🙂
This is what I was afraid since the beginning… rushed and half-baked solutions to try to quickly fix the problem! What a mess of a situation we have here, nobody is looking good on this.
Today I had to explain this mess/confusion to a very confused colleague (who is supposed to know a bit about this issues), which illustrates that the big problem is still lack of understanding of the issues at hand. The root cause being the contradicting information that is flowing! Patches exists so people stopped caring, even if those bring lots of problems and affect performance!
Microsoft needs a Linus Torvalds for its Windows kernel team. He delayed the linux kernel fixes until they looked and acted proper.
What a mess for Intel. I know AMD is also somewhat affected by Spectre, but they have to look better then Intel right now.