Intel is running into problems protecting its chips from the major Meltdown and Spectre vulnerabilities that became public last week. The company has been warning customers of three specific flaws in a recent firmware update and recommending that customers hold off installing the patch, according to emails first reported by The Wall Street Journal. According to a follow-up announcement by Intel, the issue may cause reboot issues in systems running older Haswell chips. Intel has been aware of the Spectre issues since June, but rewriting processor firmware to address the vulnerability proved to be a significant challenge. The company has committed to protecting 90 percent of its CPUs produced in the last five years, with patches to be deployed by January 15th, but technical issues have marred those patches across the board. Earlier this week, Microsoft had to halt the deployment of AMDs Spectre patches after they rendered some computers unbootable. Patching the CPU firmware is widely seen as the most technically difficult element of Spectre recovery, far more challenging than the operating system or browser patches that were deployed last week. Its also the patch most likely to slow computers down, although its still unclear how significant the performance hit will be. Intels recent benchmarks show less than 5 percent slowdowns on recent processors, but those tests did not extend to the Haswell processors affected by todays issues.
It has admitted that its chips are susceptible to both Spectre variants. While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that the risk of exploit using variant 2 was near zero due to its chips' architecture. But in its latest announcement, it said that because both variants are still "applicable to AMD processors," it also plans to release patches for the second variant to be absolutely safe. AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors. Since the second version of Spectre needs a different fix, AMD will provide its customers and partners for Ryzen and EPYC processors with a patch for its chips starting this week. Firmware updates for its older chips will follow in the coming weeks. If you use Linux, you might get it sooner than you think, since Linux vendors have already started releasing OS patches for the second variant. You might have to wait a bit if you're a Windows user, though, since AMD is still working out distribution timing with Microsoft. Despite deciding to release a patch for version 2, the company reiterated that its chips' architecture will make it very difficult for attackers to use the exploit. It also maintained that Meltdown isn't applicable to AMD chips at all. AMD's processors aren't "susceptible" to Meltdown, the chipmaker wrote, "due to [the company's] use of privilege level protections within paging architecture. " Since "no mitigation is required" for variant 3, it won't be creating a patch for the vulnerability. Update: AMD clarified that it never said its chips were not susceptible to variant 2.