5 Companies That Had A Rough Week

The Week Ending Jan. 19

Topping this week's roundup of those having a rough week is Intel – again – for the continued fallout from the Spectre and Meltdown exploits. This week Intel dealt with reports that some of its firmware updates were causing Intel chips to reboot.

Also making the list this week were a number of IT vendors, including VMware, Cisco and Oracle, who scrambled to investigate Meltdown and Spectre, issue fixes and – in VMware's case – rollback fixes for the vulnerabilities.

Also on this week's list is Xerox, which faced a complaint by a major stockholder about its plans for a Fujifilm deal; Broadcom, which is under Federal Trade Commission investigation for possible antitrust activity; and Lenovo, which had to fix a system vulnerability that dates back to 2004.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Intel's Faulty Meltdown And Spectre Patches Are Causing Reboot Issues In Newer Chips

Things just don't appear to be getting any easier for Intel in the ongoing problems caused by the Meltdown and Spectre exploits in microprocessors developed by Intel and other manufacturers.

This week Intel said that recently issued patches for Spectre and Meltdown are creating reboot issues for the company's newer chips including Kaby Lake, Ivy Bridge, Sandy Bridge and Skylake.

Intel's statement followed reports of reboot issues with older chips in both client devices and data center servers, including Broadwell and Haswell CPUs, after firmware updates were installed.

Major IT Vendors, Including VMware And Cisco, Wrestle With Spectre/Meltdown

As in recent weeks, many companies across the IT industry spent the past week wrestling with the Spectre/Meltdown fallout.

On Tuesday virtualization software developer VMware said a bug in the firmware update for Meltdown and Spectre manifested itself when running virtual machines. That prompted VMware to rollback a recently issued security patch based on microcode Intel had released to tackle the problem.

On Tuesday Oracle issued an astounding 237 security patches, covering a wide range of its database, middleware, application, and development software, to close Spectre and Meltdown vulnerabilities.

Moreover, on Friday Cisco Systems disclosed that it had expanded its investigation into which Cisco products might be impacted by the Spectre and Meltdown exploits to include nine additional products. The list already includes dozens of Cisco products.

The newest Cisco products under investigation include network application, service and acceleration products, as well as network management, routing and server products not covered in an initial advisory earlier this month.

Xerox Hit With Complaint By Major Shareholder About Fujifilm Talks

Reported talks between Xerox and Fujifilm Holdings about a potential joint venture came under fire this week when Xerox's third-largest shareholder blasted Xerox's handling of the deal in a letter to the Xerox board of directors.

Former Affiliated Computer Services CEO Darwin Deason, who because a major Xerox shareholder in 2010 when he sold his company to Xerox, demanded that Xerox disclose details of the talks. Deason said U.S. securities laws require such disclosures.

Deason also demanded that the board hire independent advisors to evaluate Xerox's strategic options with Fujifilm, saying the potential deal could be "a one-sided, value-destroying agreement disfavoring Xerox."

This latest shareholder headache for Xerox comes just weeks after activist investor Carl Icahn, who also is a major Xerox stockholder, complained about Xerox's strategic direction and called for the removal of Xerox CEO Jeff Jacobson.

Broadcom Under FTC Investigation For Possible Antitrust Practices

Broadcom Ltd. disclosed this week that the U.S. Federal Trade Commission (FTC) is investigating whether the giant chip manufacturer engaged in anticompetitive behavior in negotiations with customers, according to a Reuters story.

Broadcom was recently issued subpoenas seeking information about reported changes to contracts to require customers to buy a percentage of its production of items, rather than just a specific number, the story said. (Reuters cited The Wall Street Journal for some of the information in its story.)

Broadcom is currently engaged in a hostile takeover effort to buy chipmaker Qualcomm for $103 billion.

Broadcom said the FTC investigation was "immaterial" to its business and has no impact on its proposal to buy Qualcomm, Reuters said.

Lenovo Scrambles To Issue Fix For Years-Old Flaw In Its Network Operating System

Not every patching effort this week was related to Spectre and Meltdown. Lenovo this week had to issue a patch for a vulnerability in its network operating system that dates back to 2004, according to a Threatpost report.

The vulnerability, which was rated "high" in severity, is within Lenovo's Enterprise Networking Operating System (ENOS) that's used in Lenovo and IBM RackSwitch and BladeCenter products, Threatpost said. The flaw could allow an attacker to perform an authentication bypass attack and gain administrative-level access on affected switches.

Threatpost said the flaw dates back to 2004 in a firmware update by Nortel Networks' blade server and switch business unit. IBM acquired that business in 2010 and sold it to Lenovo in 2014.