Microsoft Deploys Windows Update To Help Undo Intel's Troubled Spectre Patch

Printer-friendly version Email this CRN article

"The very best partners have helped their customers to adopt both a quick and properly governed patching process that allows patches to be validated in a test environment, then deployed to ever increasingly large rings of devices, with the ability to capture real-time telemetry on the success or failure of the patches themselves," New Signature's Wiedower said.

Patches can be deployed in minutes thanks to modern patch management, though implications such as reduced performance and potential data loss could cause customers to slow down their rollout, Wiedower said.

"We think the best partners are insisting that customers deploy real-time telemetry to stamp out any sorts of bugs, but to not slow down their patch deployment out of fear," he said. 

Microsoft reiterated that it has no information suggesting that Spectre variant 2 has been exploited as part of a cyberattack so far. 

Spectre and the related Meltdown processor exploit were revealed at the beginning of January. The vulnerabilities affect chips from multiple vendors, including AMD and ARM.

The flaws account for three variants of a side-channel analysis security issue in server and PC processors, and could potentially enable hackers to access protected data.

While Intel continues to work on software mitigations for the vulnerabilities, the company has acknowledged that it will ultimately take a hardware fix to fully solve the issue for its processors.

Last Thursday, Intel CEO Brian Krzanich said the company is now "working to incorporate silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware." On Friday, Intel CFO Bob Swan said the hardware fixes should be available "in the latter part of this year." 

Printer-friendly version Email this CRN article