Some Microsoft users who have installed the latest Windows security update have experienced freezing on devices with AMD processors, Microsoft disclosed in a recent update on its support site.
Affected machines have been forced into "an unbootable state" because some AMD chips do not match up with documentation previously given to Microsoft by the semiconductor manufacturer, according to the Redmond, Wash.-based computing giant. That documentation was used by Microsoft when developing its security response to the Spectre and Meltdown threats, the company said.
As a result, Microsoft is temporarily halting Windows OS updates to devices with AMD processors affected by this apparent bug. This includes nine updates that have been released since Jan. 3, with the security-only Spectre and Meltdown update among them (KB4056897). Microsoft also detailed troubleshooting steps for blue screen errors affecting Windows 7, Windows 8.1 and Windows 10.
Microsoft said it is working with AMD to resolve the issues as soon as possible.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," Microsoft stated on its website. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown."
The number of affected AMD processors has not been disclosed, but an AMD spokesperson said the booting errors affect only a small subset of its "older" processors. At least some user complaints referenced AMD's Athlon CPUs.
"It's definitely not any large volume of processors that are out there. It's being fixed. The patches are being updated so that service can be turned back on and rolled back out," the spokesman told CRN.
Last week, AMD said that there was "near-zero risk" to its processors with regard to the Spectre and Meltdown security flaws, due to differences in AMD's chip architecture. Intel has gone to great lengths to stress that Spectre and Meltdown are not "unique to any one architecture or processor implementation." However, AMD also said in a company statement that the "bounds check bypass" threat variant must be resolved by vendor software and OS updates.
Allen Falcon, CEO of Cumulus Global, a Westborough, Mass.-based cloud solution provider, hasn't come across any AMD-related performance issues among his company's customers. However, he emphasized that businesses running transactional processing systems or time-sensitive applications need to conduct testing before they apply any OS security updates.
"Yes, it's a security risk, but it's also at the hardware level," Falcon told CRN. "You need a level of access to the system before it can be exploited. Most companies with adequate, multi-tier security have less to worry about with this exploit. I'm not saying don't patch or address it."