Microsoft recently released an emergency Windows patch in order to disable Intel’s problematic fix for the Spectre Variant 2 attack.
A Dangerous Intel Bug
The Spectre Variant 2 attack is the most recent breach to affect Intel’s products, and they quickly released a microcode fix in order to address the issue. It appears, however, that the fix may have caused more problems than it fixed, necessitating an emergency Windows patch from Microsoft to address data loss and corruption.
In a recent statement, Microsoft explained the reasoning behind the emergency Windows patch, stating that “Our own experience is that system instability can in some circumstances cause data loss or corruption…We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.”
Intel’s fix is causing reboots and stability issues, but those seem to be the least of the implementation problems. Some users have reported data loss or even complete system corruption.
The emergency Windows update disabled Intel’s mitigation for CVE-2017-5715 Variant Spectre 2 attack that has been described as a “branch target injection vulnerability.”
Intel’s solution for the attack has caused both Dell and HP to pull the new BIOS updates that contain Intel’s new code, and they plan to reissue them only once the buggy fix has been addressed.
Download Emergency Windows Patch
The emergency Windows update that disables the new Intel patch is available for Windows 7 SP1, Windows 8.1, and Windows 10 for both client and server. In order to download the patch, you can visit the Microsoft Update Catalog website. The update does leave the fixes for the two other vulnerabilities that make up the Meltdown and Spectre attacks while removing the buggy code that caused stability issues with Spectre Variant 2.
If you’re an advanced user and would rather not download the new emergency Windows patch, ZDNet reports that Microsoft gives users with the option to both manually enable and disable the mitigation for the Variant 2 attacks using special registry key settings. Visit Microsoft’s support page for more information regarding this process.
Potential PR Problems
While the Spectre Variant 2 vulnerability has the potential to cause some damage if exploited by enterprising hackers, there are currently no known reports of any users impacted by the attack. Ironically, it seems as if Intel’s fix for Variant 2 is actually resulting in more problems than Spectre itself.
ARM and AMD chips are also vulnerable to attacks, but Intel remains the only manufacturer with products that are affected by all three of Spectre, Spectre Variant 2, and Meltdown. The company is scrambling to address these issues and avoid any legal action, but in the process have caused more problems than they’ve fixed.
ZDNet reports that Intel CEO Brian Krzanich said last week that the manufacturer would “restore confidence in data security with customer-first urgency, transparent, and timely communication.”
This is a major problem for Intel in terms of PR, but so far investors don’t seem to be spooked. Despite the issues with the way the company addressed the Spectre Variant 2 attack, shareholders seem confident that the company will be able to work to address the problems before these bugs translate to a lack of sales.
Whether through editing the registry keys or downloading the emergency Windows patch, make sure you take the time to address the issue if you have an Intel chip with the most recent update. Avoiding data loss or corruption is a priority, and with the Intel “fix,” they are both a real possibility.