Story image

Stop patching Spectre & Meltdown issues or risk reboot problems, Intel warns

25 Jan 18

Intel is warning all users to stop downloading patches for the Spectre and Meltdown vulnerabilities because they are causing system reboot issues for a number of machines.

On January 11 Intel received reports from customers that they were experiencing higher system reboots after installing the patches.

“Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.  We are also working directly with data center customers to discuss the issue,” the company said at the time.

This week Intel discovered the root cause of the issue and says it has made good progress towards a solution. The company will distribute the new solution to partners for testing this weekend and will release a final solution available once testing has finished.

In the meantime, Intel says customers and partners should stop installing current releases.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behaviour,” the company says.

This applies to all users affected by the Meltdown and Spectre vulnerabilities, which includes a number of Intel Core, Intel Xeon, Intel Atom, Intel Celeron and Intel Pentium processors. See the full list here.

“We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.”

Intel also says customers must be vigilant in their efforts to keep systems up to date and to maintain security best practice.

Earlier this month Intel CEO Brian Krzanich wrote an open letter to tech leaders that reinforced Intel’s commitment to customers and to fixing the issues.

He explained that the company approaches the updates with ‘customer-first’ urgency, timely and transparent communications and the ongoing pledge to customer security.

“To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats,” he wrote.

“The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.”

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.