Intel Rolls Out Spectre Mitigations For Newer Processors To OEMs And Partners

Intel has released firmware updates for the company's latest three generations of Core processors to address the Spectre vulnerability.

The production microcode updates, which have been released to Intel's OEM customers and partners, are for devices running the eighth generation (Coffee Lake), seventh generation (Kaby Lake) and sixth generation (Skylake) of Intel Core processors.

[Related: Intel Bests ARM and AMD For Its Spectre, Meltdown Exploit Response]

The updates also cover Intel's most recent Core X-series chips, along with the latest Xeon Scalable and Xeon D data center processors.

"Over the past several weeks, we've been developing and validating updated microcode solutions to protect Intel customers against the security exploits disclosed by Google Project Zero," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Santa Clara, Calif.-based Intel, in a post. "This effort has included extensive testing by customers and industry partners to ensure the updated versions are ready for production."

On Jan. 22, Intel acknowledged it had released buggy patches for Spectre, which ultimately had to be rolled back, including with Microsoft updates to Windows 10, Windows 8.1 and Windows 7. IT vendors including Dell, HP and Lenovo disclosed plans to return users to previous BIOS firmware versions to help eliminate that previous Intel microcode.

Earlier in February, Intel released production microcode for some Skylake platforms and is addressing additional Skylake platforms with the latest update.

The new updates from Intel "will be made available in most cases through OEM firmware updates," Shenoy said.

Spectre and a related processor exploit, Meltdown, were revealed at the beginning of January. The vulnerabilities affect chips from multiple vendors, including Intel, AMD and ARM.

The flaws account for three variants of a side-channel analysis security issue in server and PC processors, and could potentially enable hackers to access protected data.

The latest update from Intel "really shows progress" on keeping customers secure, said Michael Goldstein, president and CEO of LAN Infotech, an Intel partner in Fort Lauderdale, Fla. "It shows Intel's commitment to maintaining quality."

According to a recent CRN survey, Intel has gotten higher marks for its response to Spectre and Meltdown than competitors ARM and AMD.

"Intel has been extremely easy to work with, and has been transparent with the channel through this process," said Barrett Lamothe, federal sales team lead at Tempe, Ariz.-based MicroAge, in a previous interview with CRN. "We know that they have all their security guys working on this issue."

While Intel continues to work on software mitigations for the vulnerabilities, the company has acknowledged that it will take a hardware fix to fully solve the issue for its processors, which is expected to be available toward the end of 2018.