Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Intel Halts Spectre, Meltdown CPU Patches Over Unstable Code

Intel on Monday said that users should stop deploying patches for the “Spectre” and “Meltdown” chip vulnerabilities disclosed by researchers earlier this month, saying the patches could cause problems in affected devices, including higher than expected reboots and other “unpredictable” system behavior.

Intel on Monday said that users should stop deploying patches for the “Spectre” and “Meltdown” chip vulnerabilities disclosed by researchers earlier this month, saying the patches could cause problems in affected devices, including higher than expected reboots and other “unpredictable” system behavior.

The US chip giant recommended that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions of the patches.

“We have now identified the root cause of the reboot issue impacting Broadwell and Haswell platforms, and made good progress in developing a solution to address it,” Navin Shenoy, Intel data center group executive vice president, wrote in security update.

“We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release,” Shenoy added.

Last Wednesday, Intel shared information on the performance impact of the inital Meltdown and Spectre patches on data centers, and the company did warn customers that systems with several types of processors may experience more frequent reboots after firmware updates are installed.

Shenoy said that Intel expects to share more details on the timing of new patches later this week. 

As technology firms rush out fixes to address the security risks, many of the updates have turned out to be unstable. 

Red Hat has also decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting.

The updates initially released by Microsoft caused some systems using AMD processors to stop booting. Some systems running Ubuntu also failed to boot after Canonical’s first round of updates was installed.

Several industrial control systems (ICS) vendors have advised customers not to apply them before conducting thorough tests.

VMware also decided to delay new releases of microcode updates until Intel addresses these problems.

Related: Industry Reactions to Meltdown, Spectre Attacks: Feedback Friday

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.