Microsoft releases emergency update to disable Intel's faulty Spectre patch

Share

Intel would not reveal which companies they had discussed the bugs with but stated that they didn't have time to contact everyone directly, including the us government, due to the early reveal of the Meltdown and Spectre bugs.

The confusion around Meltdown and Spectre flaws appears to be getting even more confusing for the end user. It is unlikely anything awful has happened on a widespread basis because of this flaw and the playing field is now level again; however this remains a great example of how not to deal with the discovery of a major architectural flaw which continues to cause grave security concerns globally.

Intel warned Chinese firms about its infamous Meltdown and Spectre processor vulnerabilities before informing the U.S. government, it has emerged.

"Security vulnerabilities and/or mitigation techniques, including software and firmware updates, may result in adverse performance, reboots, system instability, data loss or corruption, unpredictable system behavior, or the misappropriation of data by third parties".

"Standard and well-established practice on initial disclosure is to work with industry participants to develop solutions and deploy fixes ahead of publication", the spokesperson said.

The Meltdown and Spectre chip flaws were first identified by a member of Google's Project Zero security team shortly before they were independently uncovered and reported by other teams of security researchers.

More news: The Grammys Wouldn't Let Lorde Perform Solo
More news: You Can Now Add GIF Stickers To Your Instagram Stories
More news: Razzies 2018 nominations: Tom Cruise, Johnny Depp up for 'Worst Actor' trophy

According to former NSA staffer Jake Williams who now owns a cybersecurity firm called Rendition Infosec, vulnerabilities like Meltdown and Spectre would have sparked the interest of any intelligence organization.

The Spectre Variant 2 attack is the most recent breach to affect Intel's products, and they quickly released a microcode fix in order to address the issue. This has raised concern as Intel's actions could have allowed the Chinese government to exploit the vulnerabilities to gather data before the patches were released.

The patch essentially disables the fix for variant two of Spectre but will still protect against the first variant of the flaw.

He further added that they are functional to incorporate silicon-based modifications to future products that would directly tackle the Spectre and Meltdown flaws in hardware.

The Journal quotes an Intel spokesman as saying it meant to inform government agencies about the newly discovered flaw, but the news became public before it could act.

Share