Intel is running into problems protecting its chips from the major Meltdown and Spectre vulnerabilities that became public last week. The company has been warning customers of three specific flaws in a recent firmware update and recommending that customers hold off installing the patch, according to emails first reported by The Wall Street Journal. According to a follow-up announcement by Intel, the issue may cause reboot issues in systems running older Haswell chips. Intel has been aware of the Spectre issues since June, but rewriting processor firmware to address the vulnerability proved to be a significant challenge. The company has committed to protecting 90 percent of its CPUs produced in the last five years, with patches to be deployed by January 15th, but technical issues have marred those patches across the board. Earlier this week, Microsoft had to halt the deployment of AMDs Spectre patches after they rendered some computers unbootable. Patching the CPU firmware is widely seen as the most technically difficult element of Spectre recovery, far more challenging than the operating system or browser patches that were deployed last week. Its also the patch most likely to slow computers down, although its still unclear how significant the performance hit will be. Intels recent benchmarks show less than 5 percent slowdowns on recent processors, but those tests did not extend to the Haswell processors affected by todays issues.
It hasnt been a fun time to be Intel. Last week the company revealed two chip vulnerabilities that have come to be known as Spectre and Meltdown and have been rocking the entire chip industry ever since (not just Intel). This week the company issued some patches to rectify the problem. Today, word leaked that some companies were having a reboot issue after installing them. A bad week just got worse. The company admitted as much in a blog post penned by Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel. We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center, Shenoy wrote. He added, If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. Just when you couldnt think this situation could spiral any more out of Intels control, it did. The Wall Street Journal is reporting it got its hands on a confidential memo issued by the company and shared with large companies and cloud providers not to install the patches. Its important to note that Intel is advising consumers to install all patches, and they point out this isnt a security issue. Its just a bad software issue and while they should have made certain this was rock solid, a situation like this tends to lead to pressure that leads to mistakes — and thats probably what happened here. The Spectre and Meltdown issues were discovered last year by Googles Project Zero security team. They found that because of a flaw in modern chip architecture, designed for speed over security, the chip kernel could be exposed. This is where private information like passwords and encryption keys are stored and supposed to be protected. Instead, because of this flaw they could be unprotected. Meltdown affects just Intel chips, while Spectre affects just about all modern chips, including AMD, ARM, IBM Power chips and Nvidia. Raspberry Pi appears to be the only computer spared from this. So far there hasnt been a documented case of anyone taking advantage of this exploit, which, Google pointed out in a blog post yesterday, has existed in chips for 20 years, but security experts have suggested it would be hard to attribute an issue to this particular exploit, even if they had known about it.