Intel is releasing microcode updates aimed at mitigating against the Spectre vulnerability in two older processor lines, Broadwell and Haswell.
Santa Clara, Calif.-based Intel previously attempted a Spectre fix for Broadwell and Haswell in January but acknowledged on Jan. 22 that bugs in the patches were causing unexpected reboots and "other unpredictable system behavior." Those patches had to be rolled back, including via Microsoft updates to Windows 10, Windows 8.1 and Windows 7.
Now, Intel says it's making microcode updates available for processor families including Broadwell H 43e, Broadwell U/Y, Broadwell Xeon E3, Haswell (H and S) and Haswell Xeon E3.
Intel's previous attempt to patch the processors, which had to be rolled back, "showed the urgency that they wanted to secure their product, which is a positive," said Barrett Lamothe, federal sales team lead at MicroAge, a Tempe, Ariz.-based Intel partner. "They were trying their best to get those patches out as fast as possible, but the execution of that was slightly flawed."
Now, "Intel is doing everything they can to ensure and regain that trust, that they do have the engineering and the ethics to remediate this problem as fast as possible," Lamothe told CRN. "Are they getting caught up? Yes.
"By having their dev teams basically re-engineer that patch to make sure it is production-ready shows they're doing everything they can to ensure they have a stable product for the market."
Updates for processor families including Broadwell Server EX, Haswell Server EX, Ivy Bridge and Sandy Bridge are in beta, Intel said.
The microcode updates for Broadwell and Haswell come a week after Intel released Spectre-related updates for the three most recent processor generations – Coffee Lake, Kaby Lake and Skylake.
According to a CRN survey, Intel has gotten higher marks for its response to Spectre and Meltdown than competitors ARM and AMD.
Partners have told CRN that Intel's communication has been key to the vendor being the most helpful as the channel has emerged as the trusted advisor between manufacturers and customers in the fallout of Spectre and Meltdown. "The transparency we're seeing out of Intel on the VAR channel side is definitely positive," Lamothe said.
Spectre and a related processor exploit, Meltdown, were revealed at the beginning of January. The vulnerabilities affect chips from multiple vendors, including Intel, AMD and ARM.
The flaws account for three variants of a side-channel analysis security issue in server and PC processors, and could potentially enable hackers to access protected data.
While Intel continues to work on software mitigations for the vulnerabilities, the company has acknowledged that it will take a hardware fix to fully solve the issue for its processors, which is expected to be available toward the end of 2018.