Intel is warning customers, computer makers and cloud providers to avoid installing its Spectre and Meltdown patches — designed to address two high-profile security flaws in its chips — after it found the patches were not behaving as expected.
Intel disclosed that the patches were causing devices to reboot unexpectedly among other “unpredictable” behavior. The company has advised users to stop updating their systems until they deploy a better fix. The updates include security measures to protect devices and users against the critical Meltdown and Spectre vulnerabilities that came to light earlier this year.
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” executive vice president Navin Shenoy said in a statement on the chipmaker’s website.
The company said it has identified the root cause of the “reboot issue” affecting its Haswell and Broadwell processors that first popped up earlier this month, and is working towards deploying a solution that patches the exploits without causing any other unexpected issues.
It did not name other processor families such as Ivy Bridge, Skylake, Kaby Lake and Coffee Lake in this guidance. However, they were included in a list of hardware that also exhibit “reboots and other predictable system behaviour”.
“I apologise for any disruption this change in guidance may cause. I assure you we are working around the clock to ensure we are addressing these issues,” Shenoy said.
In recent weeks, technology giants have scrambled to address and issue fixes for the critical Meltdown and Spectre design flaws after researchers found the critical flaws exist in Intel, ARM and AMD chips built in the past two decades. From computers and smartphones to servers and tablets, these vulnerabilities affect nearly every modern processor and device that uses these chips and could allow attackers to access almost any data stored on the device.
Intel’s decision to pause its updates comes amid criticism from security and technical experts over tech companies’ approach to dealing with and patching Spectre and Meltdown.
Earlier this month, Microsoft also suspended its patches for computers with AMD chips after users reported seeing the dreaded “Blue Screen of Death” and were unable to reboot their device after installing the updates.
Over the past few weeks, Intel customers have also reported that the patches deployed have been slowing down computer performance. The company said the patches could slow down its newer chips by 6% or less, but older processors could experience a more significant slowdown.
This week, Linux creator Linus Torvalds blasted the Meltdown and Spectre patches issued by Intel as “complete and utter garbage”.
In a message posted to the Linux kernel mailing list on Sunday, Torvalds — who is known for his fiery rhetoric — wrote: Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here – talk to your managers.
“They do literally insane things,” he continued. “They do things that do not make
sense. That makes all your arguments questionable and suspicious. The patches do things that are not sane… So somebody isn’t telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out.”
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India