Security Experts:

Intel Releases Spectre Patches for More CPUs

Intel has released firmware updates that fix the Spectre vulnerability for many of its processors and patches for dozens more are nearly ready for use in production environments.

After the first round of microcode updates released by the company caused problems for many users, including more frequent reboots and unstable systems, Intel started working on a new set of patches that should address these issues.

The company first released new firmware updates for its Skylake processors, but on Tuesday it announced that patches are now also available for Kaby Lake, Coffee Lake and other CPUs. This includes 6th, 7th, and 8th generation, and X-series Intel Core products, as well as Xeon Scalable and Xeon D processors used in data center systems.Intel releases microcode updates to patch Spectre

As of February 21, the following products have Spectre firmware patches ready for use in production environments: Anniedale/Moorefield, Apollo Lake, Avoton/Rangeley, Broxton, Cherry View, Coffee Lake, Cougar Mountain, Denverton, Gemini Lake, Kaby Lake, Knights Landing, Knights Mill, Skylake, SoFIA, Tangier, Valleyview/Bay Trail, and XGold.

Beta patches, which have been provided to OEMs under NDA for validation, are currently available for Broadwell, Gladden, Haswell, some Ivy Bridge, Sandy Bridge, and Skylake Xeon E3 processors.

As for the remaining CPUs, patches are either in pre-beta or planning phase, but pre-mitigation microcode updates, which should be replaced once production fixes are released, are available for many products.

The patches are generally available through OEM firmware updates. Device manufacturers started releasing BIOS updates to patch the Meltdown and Spectre vulnerabilities shortly after their disclosure, but many decided to halt the updates after Intel warned of instability issues. Some vendors have resumed the distribution of firmware updates.

Meltdown attacks are possible due to a vulnerability tracked as CVE-2017-5754, while Spectre attacks are possible due to flaws tracked as CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be patched with software updates, but Spectre Variant 2 requires microcode updates for a complete fix.

Both Intel and AMD announced recently that they are working on processors that will have built-in protections against Spectre- and Meltdown-like exploits.

In the meantime, Intel faces more than 30 lawsuits, including ones filed by customers and shareholders, over the Meltdown and Spectre vulnerabilities.

Related: Device Manufacturers Working on BIOS Updates to Patch CPU Flaws

Related: IBM Releases Spectre, Meltdown Patches for Power Systems

Related: ICS Vendors Assessing Impact of Meltdown, Spectre Flaws

Related: Malware Exploiting Spectre, Meltdown Flaws Emerges

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.