Intel is running into problems protecting its chips from the major Meltdown and Spectre vulnerabilities that became public last week. The company has been warning customers of three specific flaws in a recent firmware update and recommending that customers hold off installing the patch, according to emails first reported by The Wall Street Journal. According to a follow-up announcement by Intel, the issue may cause reboot issues in systems running older Haswell chips. Intel has been aware of the Spectre issues since June, but rewriting processor firmware to address the vulnerability proved to be a significant challenge. The company has committed to protecting 90 percent of its CPUs produced in the last five years, with patches to be deployed by January 15th, but technical issues have marred those patches across the board. Earlier this week, Microsoft had to halt the deployment of AMDs Spectre patches after they rendered some computers unbootable. Patching the CPU firmware is widely seen as the most technically difficult element of Spectre recovery, far more challenging than the operating system or browser patches that were deployed last week. Its also the patch most likely to slow computers down, although its still unclear how significant the performance hit will be. Intels recent benchmarks show less than 5 percent slowdowns on recent processors, but those tests did not extend to the Haswell processors affected by todays issues.
Intel told some customers to hold off on installing its updates. Earlier this week, Intel said it would have Meltdown and Spectre fixes available by the end of the month for all recently made chips. But as the Wall Street Journal reports, some of the patches the company has released have caused some problems of their own. Some firmware updates are apparently causing computers to reboot. The Wall Street Journal got its hands on a document Intel was sharing with some of its customers (see note below), in which it advised them to "delay additional deployments of these microcode updates." Stephen Smith, Intel's data-center group general manager, told the publication that the bugs didn't have anything to do with security and that the document was being shared with computer makers and large cloud providers. Since the Wall Street Journal published its report, Intel has released a blog post explaining the systems affected by the reboots are running Broadwell and Haswell CPUs. "We are working quickly with these customers to understand, diagnose and address this reboot issue," it said. Microsoft also halted some of its updates earlier this week after some AMD computer users reported that they couldn't boot their computers after installing its patch. And Intel reported that most people would experience a small amount of slowdown -- less than 10 percent -- on their personal computers after installing its fix. One of Intel's partners told the Wall Street Journal that only telling some of its customers about the issue was a bad move on the part of Intel, saying the public has "been given the microcode update but has not been given the important technical information that Intel recommends that you don't use this." But security researcher Paul Kocher, who discovered some of the issues with Intel's chips, said this sort of thing is to be expected. " It doesn't surprise me a lot that there would be some hiccups." Update: While the Wall Street Journal reported that only some of Intel's customers were receiving notice that they may want to hold off on installing its updates, Intel tells us that all of its customers were notified. The notice "was sent to all customers through the standard patch notification process," a spokesperson told us.