Microsoft releases emergency Windows update to hamstring earlier 'Spectre' defence

Share

Microsoft's latest security update has blocked Intel's patches for the Spectre and Meltdown chip vulnerabilities, on the basis that Intel itself has acknowledged flaws in the software updates.

Intel has been in the news for their Spectre fixes lately that seem to be causing stability and performance issues. Microsoft says that this update will prevent the reboots and data corruption and it covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10. With both hardware vendors struggling to develop reliable updates, Microsoft has been forced to take the unprecedented step of issuing multiple emergency Windows patches in an attempt to contain the disruption to end users.

Now, Microsoft also is offering a Windows operating system update for servers and client devices to address the problems caused by the Intel patches. The update is now available from the Microsoft Update Catalog website and while it disables Intel's microcode fixes it does leave the fixes for the other two Meltdown and Spectre vulnerabilities intact.

Pending the arrival of those fixes, however, Microsoft's out-of-band security update, designated KB4078130, will disable Intel's fix for CVE-2017-5715.

The Windows update can be downloaded from Microsoft's Update Catalog portal. According to Wall Street Journal's sources, they claim that Intel initially reached out to a handful of customers about the vulnerabilities, including Chinese tech companies like Lenovo and Alibaba, but failed to first reach out to the United States government.

More news: The Reason Why Lorde Turned Down Her Grammy Performance

Intel CEO Bryan Kraznich recently said the chipmaker is working on a new design for processors that would incorporate "silicon-based changes" to mitigate the threat posed by the Spectre and Meltdown vulnerabilities.

"We have received reports from a few customers of higher system reboots after applying firmware updates", an Intel advisory notes.

The Journal is reporting that Intel notified some of its customers of the security flaws in its processors, dubbed Spectre and Meltdown, but left out the USA government as part of that.

As of January 25th, there have been no known reports of these vulnerabilities being used to attack users but that doesn't mean that this will be the case going forward.

Microsoft has hurried out a second patch to disable Intel's patch for the Spectre bug after it was found to cause unexpected reboots for processors. The company is scrambling to address these issues and avoid any legal action, but in the process have caused more problems than they've fixed.

Share