Video: Fake Meltdown-Spectre patch emails hiding Smoke Loader malware
Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks.
The stability issues caused by Intel’s microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems.
Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel’s updates cause data loss or corruption in some cases.
While updates for Variant 1 Spectre and Variant 3 Meltdown attacks were largely unproblematic, Intel’s IBRS fixes for the Variant 2 ‘branch target injection vulnerability’ significantly impacted performance and caused stability problems.
When Intel told customers on January 22 to stop deploying its fix, it said it had developed early fixes for Haswell and Broadwell systems and would eventually release fixes for newer CPUs.
The chipmaker on Wednesday said it has released microcode updates for several Skylake-based platforms, while updates for other architectures will be released in the coming days.
“Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days,” Intel vice president Navin Shenoy wrote.
“We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.”
The company also published a new microcode revision guidance document, which indicates that new microcode has been released for Skylake U, Y, U23e, H, and S series chips.
As per the first round of fixes, Intel’s new microcode will be delivered as firmware updates from OEMs.
Download now: Network security policy
Intel originally was aiming to have released updates for all affected CPUs by the end of January.
The company has faced scrutiny over its disclosure of the vulnerabilities, which Google had reported to Intel in June last year. While Amazon, Apple, Microsoft and Google were kept in the loop, Carnegie Mellon’s CERT/CC only learned of the issue when the Meltdown and Spectre websites went live.
The Wall Street Journal reported a week ago that Intel had also provided an early disclosure to Chinese tech giants Alibaba Group and Lenovo, yet failed to inform the Department of Homeland Security’s US-CERT, which only learned of the bugs after Google’s disclosure.
The disclosure to Chinese tech firms raises the possibility that the Chinese government was aware of the vulnerabilities before the US government and the National Security Agency.
Shenoy said it was critical for “everyone to always keep their systems up to date”, citing US-CERT’s advice for preventing targeted attacks.
“Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented with — among other things — regular system updates,” wrote Shenoy.
“This is especially top of mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers — or bad actors — direct their time and energy at it.
“We expect this new category of side-channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.”
Previous and related coverage
Malware makers are experimenting with malware that exploits the Spectre and Meltdown CPU bugs.
The out-of-band update disabled Intel’s mitigation for the Spectre Variant 2 attack, which Microsoft says can cause data loss on top of unexpected reboots.
Great work on patching your own products, but why were smaller tech companies kept in the dark?
Dell and HP have pulled Intel’s firmware patches for the Spectre attack.
AMD PCs can now install Microsoft’s Windows update with fixes for Meltdown and Spectre and the bug that caused boot problems.
Intel’s firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs.
Roughly a week after the update was released, many machines still lack the fix for the critical CPU vulnerabilities.
Our devices may never truly be secure, says the CEO of the company that designs the heart of most mobile chips.