Intel’s telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug

source
Amazon

  • Intel said Thursday one of its patches for the Spectre and Meltdown attacks can cause its processors to reboot when they’re not supposed to.
  • Intel is telling some big customers to “delay” installing the patches, the Wall Street Journal reported.

Intel is quietly telling some of its big customers to “delay” installing a fix it issued that was intended to address a major security vulnerability that became public last week, the Wall Street Journal reported.

The giant chipmaker is giving that advice because the recently issued software update can cause its latest processors to reboot when they’re not supposed to, something the company acknowledged in a statement on Thursday.

“We have received reports from a few customers of higher system reboots after applying firmware updates,” Navin Shenoy, executive vice president and general manager of Intel’s data center group, said in the statement. “We are working quickly with these customers to understand, diagnose, and address this reboot issue.”

Notably, Intel didn’t give the same advice to consumers as it’s giving to its big customers.

“End-users should continue to apply updates recommended by their system and operating system providers,” Shenoy said in the statement.

The updates are intended to address a security flaw that affects nearly every Intel processor produced since 1995. The flaw, which can be exploited in a pair of attacks dubbed Meltdown and Spectre, could allow hackers to access photos, passwords, and other sensitive information from just about any PC or server.

Confirmed by Google, the underlying flaw affects many different kinds of processors from a variety of manufacturers. But the revelation of its existence hit Intel the hardest, in part because unlike other processors, its chips are vulnerable to both attacks.

Some experts initially worried that fixes for the flaw could slow the performance of PCs and other devices and that the Spectre attack in particular would be extraordinarily difficult to defend against.

Intel has said it will issue fixes that won’t directly affect performance, and the best thing to do would be to install them as soon as possible.

“The best thing you can do to make sure your data remains safe is to apply updates from your operating system vendor as soon as they become available,” company CEO Brian Krzanich said in a speech Monday.

A fundamental flaw

Intel CEO Brian Krzanich.

caption
Intel CEO Brian Krzanich.
source
David Becker/Stringer

But the reboot bug indicates that the flaw in the chips may be so fundamental that Intel may have a tougher time fixing it than it expected.

On Tuesday, Microsoft published a blog post where it said it expects “most users” with older computers to “notice a decrease in system performance” after applying patches to fix the flaw.

On Thursday, Krzanich published an open letter to customers on the Intel website pledging timely progress updates on the issue.

Intel is just one of several tech companies issuing software updates to address the flaw and defend against Meltdown and Spectre. Microsoft, Amazon, Google, Apple, and others have all rushed out fixes.

On Monday, Krzanich said there’s no evidence that Meltdown or Spectre have ever been used to steal customer data in real life and that Intel plans to keep it that way.