Windows update neutralizes Intel Spectre fix

Lena Tucker
January 30, 2018

And I'd imagine that many are simply waiting for the improved version from Intel so that they can deploy that to their customers.

How bad does a third-party fix have to be for Microsoft to issue a rare, weekend update that helps IT administrators disable it? This was important because Meltdown - which allows malware to extract passwords and other secrets from an Intel-powered computer's memory - is pretty easy to exploit, and cloud-computing environments were particularly exposed as they allow customers to share servers.

Microsoft has released a new emergency update KB4078130 for Windows 7, Windows 8.1 and windows 10 devices powered by Intel chips. However, after investigating reports that the fix was causing systems to become unstable, Intel last week recommended that system manufacturers and OS vendors stopped offering the update. This time, the update is not to fix anything, but to actually remove the buggy Intel fix for the Spectre variant 2 chip vulnerability (CVE-2017-5715).

Less than a month after Intel's massive processor vulnerabilities, namely Spectre and Meltdown, were revealed ahead of the´╗┐ planned disclosure timeline, The Wall Street Journal reports that Intel warned select customers of the flaws, but left out the U.S. Government. Intel noted that in some situations this reboot could case data loss or corruption.

In the rush to issue patches there have been multiple instances of Spectre- and Meltdown-related updates causing problems of their own. Microsoft's update specifically disables protection against the second variant as the fixes rolled out by Intel seem to be causing reboots and performance hits on the systems it has been deployed on. Intel's update that was meant to make your device more secure is resulting in unexpected reboots and more alarming, data loss or corruption. In order to download the patch, you can visit the Microsoft Update Catalog website.

The Windows-maker also assured users that as of January 25, there are no indications that the Spectre variant 2 patch has been weaponized for potential hacking attacks.

Brian Krzanich, the company's CEO said on the call to talk about its fourth quarter results that they have made progress and he is highly aware that they need to do more. Microsoft added that the fixes are creating stability issues and random reboots that could lead to data loss.

Other reports by AllAboutTopnews

Discuss This Article