sb-as logo
Story image

Stop patching Spectre & Meltdown issues or risk reboot problems, Intel warns

25 Jan 2018

Intel is warning all users to stop downloading patches for the Spectre and Meltdown vulnerabilities because they are causing system reboot issues for a number of machines.

On January 11 Intel received reports from customers that they were experiencing higher system reboots after installing the patches.

“Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.  We are also working directly with data center customers to discuss the issue,” the company said at the time.

This week Intel discovered the root cause of the issue and says it has made good progress towards a solution. The company will distribute the new solution to partners for testing this weekend and will release a final solution available once testing has finished.

In the meantime, Intel says customers and partners should stop installing current releases.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behaviour,” the company says.

This applies to all users affected by the Meltdown and Spectre vulnerabilities, which includes a number of Intel Core, Intel Xeon, Intel Atom, Intel Celeron and Intel Pentium processors. See the full list here. “We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.”

Intel also says customers must be vigilant in their efforts to keep systems up to date and to maintain security best practice.

Earlier this month Intel CEO Brian Krzanich wrote an open letter to tech leaders that reinforced Intel’s commitment to customers and to fixing the issues.

He explained that the company approaches the updates with ‘customer-first’ urgency, timely and transparent communications and the ongoing pledge to customer security.

“To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats,” he wrote.

“The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.”

Story image
Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise
At home and abroad, organisations have joined the rush to embrace Internet of Things (IoT) technology, but a new survey shows they’re only just beginning to wake up to the enormous risk those devices pose, writes ExtraHop A/NZ Regional Sales Manager Glen Maloney.More
Story image
Chillisoft nabs LogRhythm Distie of the Year for A/NZ
The specialist cybersecurity distributor has made great strides in LogRhythm sales and support since signing with them a year and a half ago.More
Story image
Forcepoint Dynamic Edge Protection delivers data-centric SASE solutions
The Dynamic Edge Protection suite includes new cloud security gateway and private access offerings through its SASE solution architecture.More
Story image
Internet outages drastically increased during COVID-19 lockdowns, report finds
Global internet disruptions increased 63% in March, with internet service providers hit the hardest. This is according to the 2020 Internet Performance Report from ThousandEyes, the internet and cloud intelligence company.More
Story image
Attivo Networks integrates with FireEye for advanced threat protection
The combined solution is designed to reduce time and resources required to detect and block attacks, while also collecting forensics to help organisations avoid future attacks. More
Link image
Are modern authentication solutions killing passwords?
Multifactor authentication is innovating the login process and making it more secure. Passwords may be the first to go - but there are still some factors keeping them alive.More