Microsoft Deploys Windows Update To Help Undo Intel's Troubled Spectre Patch


Printer-friendly version Email this CRN article

Microsoft is aiming to wipe out buggy Intel patches for the Spectre processor vulnerability with a new update for Windows 10, Windows 8.1 and Windows 7. 

"We've been pleased to see Microsoft taking an aggressive approach to both the deployment of patches, as well as to reactions based on customers in the field," said Reed Wiedower, CTO of New Signature, a Washington, D.C.-based Microsoft partner.

Intel disclosed on Jan. 22 that its latest microcode patches related to Spectre had created reboot issues as well as "other unpredictable system behavior."

[Related: Dell, HP And Lenovo Work Toward Rolling Back Firmware Versions After Intel Nixes Spectre Patch]

IT vendors including Dell, HP and Lenovo have disclosed plans to return users to previous BIOS firmware versions to help eliminate the Intel microcode. 

Now, Microsoft also is offering a Windows operating system update for servers and client devices to address the problems caused by the Intel patches.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft said in its disclosure of the update.

Microsoft, Redmond, Wash., said the update will roll back the Intel mitigation related to Spectre variant 2, also known as the "branch target injection" vulnerability.

"While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – 'Branch target injection vulnerability.' In our testing this update has been found to prevent the behavior described," Microsoft said in disclosing the update.

The update can be downloaded from Microsoft's Update Catalog site. Microsoft also said it's providing a way for advanced users to manually address the issue using changes to registry settings (details here).

Wiedower said Microsoft's response "drives home the key differentiator for partners in the Microsoft ecosystem."

Printer-friendly version Email this CRN article