Published in News

Microsoft kills off Spectre patch

by on30 January 2018


Your computer is safe from the Intel patch, it is just insecure again

Microsoft has released an emergency Windows update to disable Intel's troublesome microcode fix for the Spectre Variant 2 attack.

Not only was Intel's fix for the Spectre attack causing reboots and stability issues, but Microsoft found it resulted in the worse scenario of data loss or corruption in some circumstances.

To justify the out-of-band update, Microsoft highlights a comment in Intel's fourth quarter forward looking statements that mentions for the first time that mitigation techniques potentially lead to data loss or corruption.

Until then, Intel had only mentioned its update was causing unexpected reboots and unpredictable system behavior.

"Our own experience is that system instability can in some circumstances cause data loss or corruption", Microsoft said.

"We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions", it added.

To prevent the potential for data loss, Microsoft issued an out-of-band update on the weekend that disables Intel's mitigation for CVE-2017-5715, or the Variant 2 Spectre attack described as a "branch target injection vulnerability".

Dell and HP have since pulled their respective BIOS updates carrying Intel's buggy code, and plan to reissue them once Intel has ironed out the problems.

Microsoft's update that disables Intel's patch is available for Windows 7 SP1, Windows 8.1, and all versions of Windows 10, for client and server. The update can be downloaded from the Microsoft Update Catalog website. The update leaves in place fixes for the other two vulnerabilities that make up Meltdown and Spectre.

Given that there are no known reports of attacks on Spectre Variant 2, it would seem the greatest risk to systems and data at present is Intel's buggy microcode.

 

 

Last modified on 30 January 2018
Rate this item
(0 votes)

Read more about: