Published: Mon, January 29, 2018
Research | By Raquel Erickson

Microsoft issues new update to negate issues from Intel's Spectre fixes

Microsoft issues new update to negate issues from Intel's Spectre fixes

Microsoft has made a decision to take matters into its own hands and, rather than simply advising users not to deploy the Intel patch, has released its own update that will disable the update.

KB4078130 disables mitigations against Spectre variant 2, the branch injection vulnerability Microsoft said is responsible for the instability issues. Intel, meanwhile, is still silent on when it plans to release an fixed microcode patch, having previously announced it had tracked down the root cause of the reboot bug.

The Spectre update was actually supposed to fix the vulnerability, but as the update was rolled out all of a sudden, it caused more harm than good. Intel is testing the new update on all processor to ensure that no performance and reboot issues occur in the patched systems. While there hasn't been any indication that China has taken advantage of the flaws, the report reveals Intel's glaring mistake to keep the USA government in the dark and thereby delaying the response time for issuing fixes.

PCs running Windows 7, 8.1 and 10 will have the Intel Spectre fix nullified by a new, out-of-bounds Microsoft patch, KB4078130.

Video: Meltdown-Spectre: A reminder to the IT industry that security is a mirage. Microsoft over the weekend responded to Intel's disclosure and has issued an out-of-band update that will allow users to disable Intel's faulty patch, particularly the one that mitigates against Spectre Variant 2. The software giant has explained that the Spectre Variant 2 affects all versions of the operating system, but the company is not aware of any exploitation attempts or attacks. "There are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715) has been used to attack customers, a Microsoft said".

"Our own experience is that system instability can in some circumstances cause data loss or corruption", Microsoft said.

Intel even warned users against downloading its own patch, with Intel EVP Neil Shenoy saying that "we recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions on specific platforms, as they may introduce higher than expected reboots and other unpredictable system behavior".

Like this: