February 25, 2018

Main » Microsoft issues emergency Windows patch to undo Intel's bad Spectre fix

Microsoft issues emergency Windows patch to undo Intel's bad Spectre fix

30 January 2018

It would seem that Intel failed to take into account the cyberwarfare impact of their early notifications.

Along with the turn-it-off update, Microsoft also published instructions for manually disabling the defenses against the pertinent Spectre vulnerability.

Engadget reports that CPU manufacturer Intel warned a number of customers including Chinese firms such as Alibaba and Lenovo about the "Meltdown" bug that left millions of CPU's vulnerable worldwide before they warned the US government.

Microsoft has released a new Windows patch to disable Intel's hardware-based mitigation for the Spectre attack due to bugs introduced by Intel's mitigation.

This means that the issues the Intel patch caused were deemed more serious than the security vulnerabilities it was created to fix - at least in the short term. This time, the update is not to fix anything, but to actually remove the buggy Intel fix for the Spectre variant 2 chip vulnerability (CVE-2017-5715).

Intel issued a firmware fix for variant 2 of the trio of chip security vulnerabilities known as Meltdown and Spectre (see Expect More Cybersecurity "Meltdowns"). According to ZDNet, Microsoft made the highly unusual decision to pull back the patch after ascertaining it can directly cause data loss.

In the rush to issue patches there have been multiple instances of Spectre- and Meltdown-related updates causing problems of their own. Microsoft additionally claimed the Intel fix could, in come cases, cause a loss of data or file corruption. READ NEXT:Report: Microsoft building new "modern" Windows 10 version For PC users, this is likely to confuse the situation around Meltdown and Spectre even further. Microsoft's update is available as part of the Windows Update catalogue and can be downloaded here.

The weekend release was Microsoft's response to an announcement seven days ago by Intel, which told customers of all stripes - from computer makers to end users - to stop deploying the firmware updates it had offered after disclosures of the Spectre and Meltdown flaws.

ZDNet reports that Intel CEO Brian Krzanich said last week that the manufacturer would "restore confidence in data security with customer-first urgency, transparent, and timely communication".

IT vendors including Dell, HP and Lenovo have disclosed plans to return users to previous BIOS firmware versions to help eliminate the Intel microcode.

Microsoft issues emergency Windows patch to undo Intel's bad Spectre fix