Intel told some customers to hold off on installing its updates. Earlier this week, Intel said it would have Meltdown and Spectre fixes available by the end of the month for all recently made chips. But as the Wall Street Journal reports, some of the patches the company has released have caused some problems of their own. Some firmware updates are apparently causing computers to reboot. The Wall Street Journal got its hands on a document Intel was sharing with some of its customers (see note below), in which it advised them to "delay additional deployments of these microcode updates." Stephen Smith, Intel's data-center group general manager, told the publication that the bugs didn't have anything to do with security and that the document was being shared with computer makers and large cloud providers. Since the Wall Street Journal published its report, Intel has released a blog post explaining the systems affected by the reboots are running Broadwell and Haswell CPUs. "We are working quickly with these customers to understand, diagnose and address this reboot issue," it said. Microsoft also halted some of its updates earlier this week after some AMD computer users reported that they couldn't boot their computers after installing its patch. And Intel reported that most people would experience a small amount of slowdown -- less than 10 percent -- on their personal computers after installing its fix. One of Intel's partners told the Wall Street Journal that only telling some of its customers about the issue was a bad move on the part of Intel, saying the public has "been given the microcode update but has not been given the important technical information that Intel recommends that you don't use this." But security researcher Paul Kocher, who discovered some of the issues with Intel's chips, said this sort of thing is to be expected. " It doesn't surprise me a lot that there would be some hiccups." Update: While the Wall Street Journal reported that only some of Intel's customers were receiving notice that they may want to hold off on installing its updates, Intel tells us that all of its customers were notified. The notice "was sent to all customers through the standard patch notification process," a spokesperson told us.
It hasnt been a fun time to be Intel. Last week the company revealed two chip vulnerabilities that have come to be known as Spectre and Meltdown and have been rocking the entire chip industry ever since (not just Intel). This week the company issued some patches to rectify the problem. Today, word leaked that some companies were having a reboot issue after installing them. A bad week just got worse. The company admitted as much in a blog post penned by Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel. We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center, Shenoy wrote. He added, If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. Just when you couldnt think this situation could spiral any more out of Intels control, it did. The Wall Street Journal is reporting it got its hands on a confidential memo issued by the company and shared with large companies and cloud providers not to install the patches. Its important to note that Intel is advising consumers to install all patches, and they point out this isnt a security issue. Its just a bad software issue and while they should have made certain this was rock solid, a situation like this tends to lead to pressure that leads to mistakes — and thats probably what happened here. The Spectre and Meltdown issues were discovered last year by Googles Project Zero security team. They found that because of a flaw in modern chip architecture, designed for speed over security, the chip kernel could be exposed. This is where private information like passwords and encryption keys are stored and supposed to be protected. Instead, because of this flaw they could be unprotected. Meltdown affects just Intel chips, while Spectre affects just about all modern chips, including AMD, ARM, IBM Power chips and Nvidia. Raspberry Pi appears to be the only computer spared from this. So far there hasnt been a documented case of anyone taking advantage of this exploit, which, Google pointed out in a blog post yesterday, has existed in chips for 20 years, but security experts have suggested it would be hard to attribute an issue to this particular exploit, even if they had known about it.