Author Topic: Windows emergency patch: Microsoft's new update kills off Intel's Spectre fix...  (Read 695 times)

0 Members and 1 Guest are viewing this topic.

Offline Admin

  • Administrator
  • Jr. Member
  • *****
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Windows emergency patch: Microsoft's new update kills off Intel's Spectre fix
The out-of-band update disabled Intel's mitigation for the Spectre Variant 2 attack, which Microsoft says can cause data loss on top of unexpected reboots.
  shared by in home computer, tablet and smart cell phone tutor, mobile virus removal, repair and setup specialist, dual certified teacher, website designer and SEO expert J. Richard Kirkham B.Sc. of Honolulu Hawaii covering all of Oahu. Call or  Text 808.224.1870  Text only for the rest of the U.S. for English speaking remote computer support for help with Windows PCs, Surface tablets or Apple/Mac computers. Do It Yourselfers download Mr. Kirkham's Ebook ComputerHelp808@gmail.com

Microsoft has released an emergency Windows update to disable Intel's troublesome microcode fix for the Spectre Variant 2 attack.

Not only was Intel's fix for the Spectre attack causing reboots and stability issues, but Microsoft also found it resulted in the worse scenario of data loss or corruption in some circumstances.

To justify the out-of-band update, Microsoft highlights a comment in Intel's fourth-quarter forward-looking statements that mentions for the first time that mitigation techniques potentially lead to data loss or corruption.

Until then, Intel had only mentioned its update was causing unexpected reboots and unpredictable system behavior.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft said.

"We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions," it added.

To prevent the potential for data loss, Microsoft issued an out-of-band update on the weekend that disables Intel's mitigation for CVE-2017-5715, or the Variant 2 Spectre attack described as a "branch target injection vulnerability".

Intel's mitigation for this bug is the main reason it advised customers and hardware makers last week to stop deploying its current microcode.

Dell and HP have since pulled their respective BIOS updates carrying Intel's buggy code, and plan to reissue them once Intel has ironed out the problems.

Microsoft's update that disables Intel's patch is available for Windows 7 SP1, Windows 8.1, and all versions of Windows 10, for client and server. The update can be downloaded from the Microsoft Update Catalog website. The update leaves in place fixes for the other two vulnerabilities that make up Meltdown and Spectre.

Microsoft has also provided an option to manually disable and enable the mitigation for Variant 2 via special registry key settings. Links to the registry setting instructions can be found on Microsoft's support page.

Given that there are no known reports of attacks on Spectre Variant 2, it would seem the greatest risk to systems and data at present is Intel's buggy microcode.

The company is facing scrutiny from US lawmakers over its handling of the embargo, which has been described by some as an utter mess that left important software projects in the dark.

Jonathan Corbet, a member of the Linux Foundation's Technical Advisory Board, said the disclosure process for Meltdown and Spectre was unusually secretive.

While the bugs affect Arm and AMD too, Intel is the only chipmaker whose hardware is vulnerable to all three attacks. Despite facing a heightened risk of lawsuits, investors in Intel don't appear to have been spooked by the bugs.

Intel CEO Brian Krzanich said at last week's earning update the company will "restore confidence in data security with customer-first urgency, transparent, and timely communication".


Welcome, Guest. Please login or register.
Did you miss your activation email?
April 21, 2018, 05:23:17 PM

Login with username, password and session length

Recent Topics