Security Experts:

Intel Halts Spectre, Meltdown CPU Patches Over Unstable Code

Intel on Monday said that users should stop deploying patches for the “Spectre” and “Meltdown” chip vulnerabilities disclosed by researchers earlier this month, saying the patches could cause problems in affected devices, including higher than expected reboots and other “unpredictable” system behavior.

The US chip giant recommended that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions of the patches.

"We have now identified the root cause of the reboot issue impacting Broadwell and Haswell platforms, and made good progress in developing a solution to address it," Navin Shenoy, Intel data center group executive vice president, wrote in security update.

"We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release," Shenoy added.

Last Wednesday, Intel shared information on the performance impact of the inital Meltdown and Spectre patches on data centers, and the company did warn customers that systems with several types of processors may experience more frequent reboots after firmware updates are installed.

Shenoy said that Intel expects to share more details on the timing of new patches later this week. 

As technology firms rush out fixes to address the security risks, many of the updates have turned out to be unstable. 

Red Hat has also decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting.

The updates initially released by Microsoft caused some systems using AMD processors to stop booting. Some systems running Ubuntu also failed to boot after Canonical’s first round of updates was installed.

Several industrial control systems (ICS) vendors have advised customers not to apply them before conducting thorough tests.

VMware also decided to delay new releases of microcode updates until Intel addresses these problems.

Related: Industry Reactions to Meltdown, Spectre Attacks: Feedback Friday

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.