Microsoft issues emergency Windows patch to undo Intel's bad Spectre fix

Adjust Comment Print

The Wall Street Journal reported over the weekend that "people familiar with the matter" said Intel initially told a small group of customers, including some Chinese technology companies, about the flaws, but didn't give the us government the same courtesy when the semiconductor giant learned about Spectre and Meltdown situations.

Intel has reported issues with recently released microcode meant to address "Spectre variant 2" termed as "CVE 2017-5715 Branch Target Injection".

However, Intel has assured that it is working on an updated solution for the security flaws that will not cause the systems to randomly reboot and the updated solution will roll out once the testing has been done.

Intel may have been working with many tech industry players to address the Meltdown and Spectre flaws, but who it contacted and when might have been problematic.

Intel notified Chinese companies about security flaws in its processor chips, according to some sources. Microsoft added that the fixes are creating stability issues and random reboots that could lead to data loss.

More news: Theresa Payton: Apple to Release New HomePod Next Month
More news: How Arsene Wenger's "stroke of genius" saw off Chelsea - Jermaine Jenas
More news: Grammy Awards 2018: Ceremony facing cash crunch

Microsoft says that update will cover Windows 7 (SP1), Windows 8.1, and all versions of Windows 10. For the full list of devices, see Intel's microcode revision guidance. You can also install it manually from the Microsoft Update Catalog, which ironically is styled like Windows XP. This is being fixed but in the meantime, Microsoft has pushed out its own Windows patch that disables Intel's prior buggy fix.

Pending the arrival of those fixes, however, Microsoft's out-of-band security update, designated KB4078130, will disable Intel's fix for CVE-2017-5715. No evidence has been discovered yet that the details fell into the hands of the Chinese government but many in the security community are still concerned.

In the rush to issue patches there have been multiple instances of Spectre- and Meltdown-related updates causing problems of their own.

Intel CEO later allayed fears of any data breach. Unfortunately, these update didn't quite do the trick, so the company chose to release KB4078130 in order to disable Spectre patches. The point here is that the USA government wasn't notified first where they could have helped coordinate disclosures to ensure that enough companies were able to have fixes in place before news of these vulnerabilities spread like wildfire.

While year-end financial results released last week show Intel enjoyed record earnings in 2017, the company could yet see long-term fallout from the Spectre and Meltdown hardware bugs.