Story image

Stop patching Spectre & Meltdown issues or risk reboot problems, Intel warns

25 Jan 2018

Intel is warning all users to stop downloading patches for the Spectre and Meltdown vulnerabilities because they are causing system reboot issues for a number of machines.

On January 11 Intel received reports from customers that they were experiencing higher system reboots after installing the patches.

“Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.  We are also working directly with data center customers to discuss the issue,” the company said at the time.

This week Intel discovered the root cause of the issue and says it has made good progress towards a solution. The company will distribute the new solution to partners for testing this weekend and will release a final solution available once testing has finished.

In the meantime, Intel says customers and partners should stop installing current releases.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behaviour,” the company says.

This applies to all users affected by the Meltdown and Spectre vulnerabilities, which includes a number of Intel Core, Intel Xeon, Intel Atom, Intel Celeron and Intel Pentium processors. See the full list here. “We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.”

Intel also says customers must be vigilant in their efforts to keep systems up to date and to maintain security best practice.

Earlier this month Intel CEO Brian Krzanich wrote an open letter to tech leaders that reinforced Intel’s commitment to customers and to fixing the issues.

He explained that the company approaches the updates with ‘customer-first’ urgency, timely and transparent communications and the ongoing pledge to customer security.

“To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats,” he wrote.

“The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.”

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.