Two weeks after Intel pulled a Spectre CPU patch over reboot problems, the chip giant has released new production microcode updates for its Skylake processors to confront variant 2 of the security exploit.
Quick rewind: In early January, AMD, ARM and Intel confirmed that two new vulnerabilities known as Meltdown and Spectre can exploit processors developed by the chip makers since 1995. Intel quickly hopped on it, issuing patches for machines running on Broadwell, Coffee Lake, Haswell, Kaby Lake and Skylake processors. Users, however, began suffering from unstable and in some cases unusable systems, prompting Intel to pull the fixes.
The retooled Skylake firmware update, which covers devices equipped with mobile Skylake and mainstream desktop Skylake chips, will be tested by PC makers before it’s available to the general public, Navin Shenoy, executive VP and GM of Intel’s data center unit, said in a recent blog post.
“Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners,” he wrote. That still leaves a long list of unpatched chip platforms but Intel apparently is readying firmware updates for older systems, ostensibly Broadwell and Haswell, to release in the next few days. The chip maker also is huddling with OEMs to beta test microcode updates ahead of production, Shenoy said.
Given that consumers will largely receive the firmware updates through their system OEMs, the chip maker is again stressing the importance of keeping security up to date. “Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change,” Shenoy said.
Intel is anticipating that the Meltdown and Spectre security exploits will follow a similar evolutionary pattern as have others. New derivatives building on the original exploit will appear as hackers adjust to fixes.
“We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future,” he said.
The danger is likely to gain momentum now that security provider Fortinet has found at least 100 publicly available malware samples in the wild based on the previously released proof-of-concept code for the CPU vulnerabilities.