Security

Intel: Don't install our Spectre fix, risk of unwanted reboots is too great

The advice to stop offering the firmware update comes after the chipmaker investigated reports the patch was causing unexpected reboots on systems with Intel processors.

Intel has told computer manufacturers to stop rolling out its fix for the Spectre CPU flaw.

The advice to stop offering the firmware update comes after the chipmaker investigated reports the patch was causing unexpected reboots on systems with Intel processors.

The problems were originally thought to only be affecting systems running on older Intel Broadwell and Haswell-era chips, however Intel later revealed that computers using newer processors were also suffering from instability after applying the update.

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions," Intel warns in its latest advice.

Instead Intel advises to wait for a new firmware update, which is currently being tested, and says that later this week it will provide information on when this new fix will be more widely available.

While not all Intel-based systems suffer from instability after applying the fix, Intel now recommends that it is not used on a wide variety of PCs and servers, ranging from the newest machines back to PCs running Haswell-era Intel processors and servers running Ivy Bridge-era processors.

The chipmaker is also working on providing computer manufacturers with an earlier firmware release that doesn't cause stability problems. The downside is that rolling a machine back to this earlier firmware will remove protections against certain Spectre-related attacks.

SEE: Incident response policy (Tech Pro Research)

Spectre and Meltdown are design flaws in modern CPUs that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.

The firmware update blamed for increasing the risk of reboots is designed to mitigate against attacks using Branch Target Injection to exploit the Spectre vulnerability CVE-2017-5715, also known as the Spectre (Variant 2) vulnerability.

Fixes for Meltdown and the other Spectre vulnerability, Variant 1, are being addressed by separate operating system and virtual machine patches released by vendors.

These updates have also caused problems. Microsoft recently said that some Windows PCs won't receive any further security updates until their third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown. And chipmaker AMD worked with Microsoft to resolve problems after patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot.

spectrecode.jpg
Image: BeeBright, Getty Images/iStockphoto

Also see

About Nick Heath

Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.

Editor's Picks

Free Newsletters, In your Inbox