Content, Breach, Channel partners

Intel: Meltdown, Spectre Patches Increase Reboots on Newer Chips

Meltdown and Spectre microprocessor security bug patches are causing more frequent reboots on Ivy Bridge-, Sandy Bridge-, Skylake- and Kaby Lake-based platforms, Navin Shenoy, EVP and GM of the Intel data center group, said in a prepared statement. Intel last week reported Meltdown and Spectre patches may cause higher system reboots after end users apply firmware updates; impacted systems included those running Intel Broadwell and Haswell CPUs for both client and data center.

Intel has reproduced Meltdown and Spectre security patch issues internally and is "making progress" toward identifying the root cause behind the problems, Shenoy stated. The company also will provide a beta microcode to vendors for validation by next week.

Furthermore, Intel has tested Meltdown and Spectre patches on server platforms running two-socket Intel Xeon Scalable systems, Shenoy indicated. The tests showed a reduction in performance ranging from 2 percent to 25 percent.

Intel has issued firmware updates for 90 percent of its CPUs introduced in the past five years, according to Shenoy. The company still has "more work to do," Shenoy pointed out, and will continue to provide regular updates.

Intel CEO Responds to Meltdown and Spectre

Brian Krzanich, Intel's CEO, last week issued a pledge after details were released about faulty Meltdown and Spectre security patches. The pledge focused on the following areas:

  • Customer-First Urgency: Intel will update older products as prioritized by its customers.
  • Transparent and Timely Communications: Intel will provide progress reports of patch progress, performance data and other information.
  • Ongoing Security Assurance: Intel will publicly identify security vulnerabilities and work with industry partners to share hardware innovations that accelerate industry-level progress in dealing with side-channel attacks.

Intel also will provide incremental funding for academic and independent research into potential security threats, Krzanich said.

Intel to Create Internal Cybersecurity Group

In addition to Krzanich's pledge, Intel intends to launch an internal cybersecurity group in response to Meltdown and Spectre, The Oregonian reported. Leslie Culbertson, Intel's SVP and director of human resources, will spearhead the cybersecurity group, and Krzanich has appointed VP Steve Smith and reassigned several company executives to the group.

The first details about Meltdown and Spectre were released January 3. However, the security bugs have been present in modern processors produced in the past decade.

Meltdown and Spectre allow administrator and user programs to identify the layout or contents of protected kernel memory areas, The Register indicated. They also enable malware and hackers to more easily exploit other security bugs and read the contents of a kernel's memory that otherwise is hidden from administrator and user processes and programs.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.