Intel Nears Completion On Spectre Patches With Latest Processor Updates


Printer-friendly version Email this CRN article

Intel has moved microcode patches against the Spectre vulnerability out of beta and into production for its Ivy Bridge and Sandy Bridge processor lines.

The two older processor lines join Spectre mitigations that Intel has already released for processor families including Coffee Lake, Kaby Lake, Skylake, Broadwell and Haswell.

[Related: Microsoft Rolls Out Software And Firmware Updates To Foil Spectre And Meltdown]

That means that Santa Clara, Calif.-based Intel has now issued patches for a significant percentage of its existing processor families. Patches for even older lines, such as Clarkdale and Arrandale, which both came out in 2010, are in beta, according to Intel.

Last week, Microsoft made available microcode/firmware updates to devices running the Windows 10 Fall Creators Update and Intel Skylake processors. 

Windows device manufacturers such as HP, Dell and Lenovo will be doing much of the distribution for the firmware updates.

Spectre and a related processor exploit, Meltdown, were revealed at the beginning of January. The vulnerabilities affect chips from multiple vendors, including Intel, AMD and ARM.

The flaws account for three variants of a side-channel analysis security issue in server and PC processors, and could potentially enable hackers to access protected data.

Barrett Lamothe, federal sales team lead at MicroAge, a Tempe, Ariz.-based Intel partner, said he believes that Intel is making its best effort at trying to remediate the Spectre exploit threat. Lamothe noted that Intel has the benefit of having owned a major security vendor, McAfee, until spinning the company out last April.

"When Intel purchased McAfee, they absorbed a lot of knowledge from the McAfee acquisition that they've incorporated into their security, to help them resolve this problem," he said.

According to a CRN survey, Intel has gotten higher marks for its response to Spectre and Meltdown than competitors ARM and AMD. Solution providers have told CRN that Intel's communication has been key to the vendor being the most helpful as the channel has emerged as the trusted adviser between manufacturers and customers in the fallout of Spectre and Meltdown.

While Intel continues to work on software mitigations for the vulnerabilities, the company has acknowledged that it will take a hardware fix to fully solve the issue for its processors, which is expected to be available toward the end of 2018.

Printer-friendly version Email this CRN article