Microsoft issues new update to negate issues from Intel's Spectre fixes

  • Microsoft issues new update to negate issues from Intel's Spectre fixes

Microsoft issues new update to negate issues from Intel's Spectre fixes

Microsoft over the weekend responded to Intel's disclosure and has issued an out-of-band update that will allow users to disable Intel's faulty patch, particularly the one that mitigates against Spectre Variant 2. Microsoft told ZDNet it's now waiting for Intel to release the fixed firmware version after determining "system stability can in some circumstances cause data loss or corruption".

Microsoft is today rolling out a small update for all versions of Windows including the old Windows 7 operating system with a fix for performance issue. IT admins can also manually disable Intel's mitigation against Spectre Variant 2 by applying new registry key settings, and more details are available on this support page.

Microsoft's update is meant to prevent that behaviour. When Intel discovered the issue, the company may have made a critical misstep from a national security standpoint: It alerted Chinese customers and a small number of companies, including Chinese firms Alibaba and Lenovo, about its chip security issues before disclosing the vulnerability to the USA government, the Wall Street Journal reports. Intel, for example, pushed its initial updates out the first week of January, and largely completed the task by the end of the second week. The reason you see different timelines on that depends on which bug variant and the degree of risk, but in aggregate, most Intel CPUs since the Pentium Pro are affected. In that January 11 note, Intel added that, "End-users should continue to apply updates recommended by their system and operating system providers". If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. The company last week publicly admitted the reboot issues in a security update but then buried its separate admission about potential data corruption inside its financial results.

Shenoy also told personal computer users that he would provide more information as it became available. Due to this lack of awareness, the DHS Computer Emergency Response Team (CERT) was initially advising replacement of the CPU was necessary, but is now stating users should patch their systems to protect themselves.

Earlier this month, Microsoft warned that Windows PCs won't receive any further security updates until third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown, although this issue has now mostly been resolved.