Home Security Intel tells select customers not to use its bug fixes

Intel tells select customers not to use its bug fixes

Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

The advice, reported by The Wall Street Journal, was issued to select customers on Wednesday.

The company told customers to "delay additional deployments of these microcode updates", and added, "Intel will provide frequent updates".

Stephen Smith, the general manager of Intel's data centre group, told the WSJ that the advice was provided to makers of PCs and big cloud providers after feedback that its updates had caused some machines to reboot.

Smith claimed that the bugs are "unrelated to security", adding that the company advised consumers to use firmware update from their vendors. Computer makers and cloud providers were told to avoid using Intel's patches.

Details of the two bugs, dubbed Meltdown and Spectre, were released last week after an embargo of 9 January collapsed.

An employee of Google's Project Zero was the first to discover the two vulnerabilities, and the company justified breaking the embargo, saying: "We are posting before an originally co-ordinated disclosure date of 9 January 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."

Since then, a number of industry players, big and small, have issued patches for their products, including Microsoft and the Linux kernel project.

Meltdown removes the barrier between user applications and sensitive parts of the operating system while Spectre, which is also reportedly found in some AMD and ARM processors, can trick vulnerable applications into leaking the contents of their memory.

The WSJ quoted one unnamed Intel partner, who, like Theo de Raadt, the head of the OpenBSD project, expressed disquiet that the company was only informing some customers about the problems with the patches.

De Raadt told  iTWire about the initial bug disclosure: "Only Tier-1 companies received advance information, and that is not responsible disclosure – it is selective disclosure. Everyone below Tier-1 has just gotten screwed."

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.