Published: Tue, January 30, 2018
Research | By Francis Brooks

Microsoft pushes out emergency patch to disable Intel's buggy Spectre fix

Microsoft pushes out emergency patch to disable Intel's buggy Spectre fix

Since the reboot issues on PCs powered by Intel triggered a negative reaction from the rest of the industry, Microsoft and Intel are releasing updates to rollback the Spectre Variant 2 security patch. The agency initially advised that the Spectre flaw could only be addressed by swapping out for an unaffected processor before revising its position to advise that applying vendor-supplied patches offered sufficient mitigation. AMD has also experienced its own issues, with Microsoft earlier having to withdraw the AMD patches from Windows Update after they bricked machines. Microsoft additionally claimed the Intel fix could, in come cases, cause a loss of data or file corruption.

To top it all off, there have been many reports about the hastily-rushed-out software fixes introducing their own performance issues. According to ZDNet, Microsoft made the highly unusual decision to pull back the patch after ascertaining it can directly cause data loss. The update is now available from the Microsoft Update Catalog website and while it disables Intel's microcode fixes it does leave the fixes for the other two Meltdown and Spectre vulnerabilities intact. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. The company recently released a new Windows 7, 8.1, 10 update (KB4078130) to disable the previously released patches. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. This time, the update is not to fix anything, but to actually remove the buggy Intel fix for the Spectre variant 2 chip vulnerability (CVE-2017-5715). This is a very rare update (KB4078130) as Microsoft pushed a patch over the weekend to disable one of the fixes released by the company earlier.

Windows Support unleashed a new web page on Friday, January 26 to explain its actions.

Google's $30 million Lunar X Prize competition is over and nobody won
When it was clear no team would be ready for the original 2014 deadline, the Foundation convinced Google to extend it to 2015. The steps already made by teams in their bids are impressive enough, it says.

Arrangement for viewing Super Blue Blood Moon
However this will sadly not be visible from the United Kingdom because the eclipse will occur over the Eastern Hemisphere. Blue moons occur about once every 2.7 years, according to Space .com, so they aren't almost as rare as one might think.

Apple Books makeover has Amazon in its sights
Apple is reportedly tweaking its e-book offering to better take on Amazon, the current leader of the digital book market. This new app will have tabs where you can view the books you're now reading, along with a tab dedicated to audiobooks.

Update to Disable Mitigation against Spectre, Variant 2. "In this case, news of the exploit was reported ahead of the industry coalition's intended public disclosure date at which point Intel immediately engaged the USA government and others".

In other developments related to Spectre and Meltdown, which also affect many CPUs made by ARM and AMD, The Wall Street Journal reported yesterday that Intel's initial disclosures about the vulnerabilities were made to "a small group of customers, including Chinese technology companies, but left out the USA government". Many different generations of Intel chips were suffering such problems, including its latest processors, codenamed Ivy Bridge, Sandy Bridge, Skylake, Kaby Lake, Broadwell and Haswell.

Like this: