Search

» » Intel: We now won't ever patch Spectre variant 2 flaw in these chips

Intel: We now won't ever patch Spectre variant 2 flaw in these chips

Video: Meltdown-Spectre attack variants discovered.

Meltdown-Spectre

Intel is dropping plans to patch certain CPU families affected by the Meltdown and Spectre bugs, because it's impractical or they're not widely supported.

The chip maker has spent the past few months releasing and re-releasing microcode updates to fix the Spectre variant 2 flaw. But while it's rolled out updates for all processors launched in the past five years, it has now revealed some older CPUs won't be patched at all.

Intel's latest Microcode Revision Guidance, dated April 2, applies a new 'stopped' status to several CPU product families for which it had been developing microcode updates. The product families include chips from Intel's Core, Celeron, Pentium, and Xeon-branded CPUs.

Most of the chips are older, with some starting production in 2008, and are probably less widely used today than the already patched Kaby Lake, Skylake, and Coffee Lake CPUs.

Intel says it stopped developing the Spectre variant 2 mitigations for at least one of three main reasons, including that it was impractical, the CPU was not widely supported, or that customers indicated the CPUs are running on closed systems.

"After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating variant 2 CVE-2017-5715.
  • Limited commercially available system software support.
  • Based on customer inputs, most of these products are implemented as 'closed systems' and therefore are expected to have a lower likelihood of exposure to these vulnerabilities."

CPU families that won't be updated include Bloomfield, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0 and M0, Wolfdale E0 and R0, Wolfdale Xeon X0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.

Intel announced in March that forthcoming 8th Generation Intel Core processors will have built-in mitigations for Spectre variant 2 and Meltdown.

Previous and related coverage

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

Microsoft's Meltdown fix opened a gaping hole in Windows 7 security, warns researcher.

Use HP, Lenovo or Dell? Get ready for new updates to guard against Spectre

Intel's fixed microcode updates to mitigate the Spectre attack have now reached Sandy Bridge and Ivy Bridge chips.

New Spectre attack variant can pry secrets from Intel's SGX protected enclaves

Sensitive data protected by Intel's Software Guard Extensions could be open to a new side-channel attack.

Intel's Spectre fix for Broadwell and Haswell chips has finally landed

Chips that sparked Intel's recall of microcode for Spectre Variant 2 attack now have stable fixes.

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

Customers accuse the chip maker of charging premium prices for a faulty product.

Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode

Intel makes progress on reissuing stable microcode updates against the Spectre attack.

Meltdown-Spectre: Now the class action suits against Intel are starting to mount up

Intel faces 32 class action lawsuits over its processor flaws and says more may be in the pipeline.

Meltdown-Spectre flaws: We've found new attack variants, say researchers

Intel and AMD may need to revisit their microcode fixes for Meltdown and Spectre.

Linux Meltdown patch: 'Up to 800 percent CPU overhead', Netflix tests show

The performance impact of Meltdown patches makes it essential to move systems to Linux 4.14.

Spectre reboot problems: Now Intel replaces its buggy fix for Skylake PCs

And offers patching tips from US CERT, which it failed to brief on the bugs.

Meltdown-Spectre: Malware is already being tested by attackers

Malware makers are experimenting with malware that exploits the Spectre and Meltdown CPU bugs.

Windows emergency patch: Microsoft's new update kills off Intel's Spectre fix

The out-of-band update disabled Intel's mitigation for the Spectre Variant 2 attack, which Microsoft says can cause data loss on top of unexpected reboots.

Meltdown-Spectre: Why were flaws kept secret from industry, demand lawmakers

Great work on patching your own products, but why were smaller tech companies kept in the dark?

26% of organizations haven't yet received Windows Meltdown and Spectre patchesTech Republic

Roughly a week after the update was released, many machines still lack the fix for the critical CPU vulnerabilities.

Bad news: A Spectre-like flaw will probably happen againCNET

Our devices may never truly be secure, says the CEO of the company that designs the heart of most mobile chips.

Let's block ads! (Why?)

http://www.zdnet.com/article/intel-we-now-wont-ever-patch-spectre-variant-2-flaw-in-these-chips/

Bagikan Berita Ini

0 Response to "Intel: We now won't ever patch Spectre variant 2 flaw in these chips"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.