Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 8 MINUTES AGO.
You are here: Home / Windows Security / Microsoft's Patches Fix Intel's Fixes
Microsoft Releases Updates To Mitigate Intel's Flawed Chip Fixes
Microsoft Releases Updates To Mitigate Intel's Flawed Chip Fixes
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
29
2018
Intel's first attempt at mitigating two major vulnerabilities in its microprocessors led to PC reboot and behavior problems, so Microsoft has come out with Windows patches to fix Intel's fixes.

Microsoft's updates are aimed at Windows Server users as well as consumers with Windows 7, 8.1 and 10. Designed to prevent problems related to Intel's flawed patches for the Spectre vulnerability, the Microsoft fixes must be downloaded manually from the company's Windows Update catalog. They do not apply to Meltdown, the other major Intel chip bug.

Following reports of issues with its initial fixes, Intel last week advised hardware and software vendors and partners to stop rolling out those patches to customers. Microsoft's patches are designed to resolve problems in machines that have already received the Intel patch and to prevent unpatched devices from installing Intel's patch.

While year-end financial results released last week show Intel enjoyed record earnings in 2017, the company could yet see long-term fallout from the Spectre and Meltdown hardware bugs. Further fallout could likely be in relation to reports that Intel CEO Brian Krzanich sold millions of dollars' worth of personal stock before the public was made aware of the vulnerabilities, and that Intel notified a select group of customers, including Chinese tech firms, about the bugs before informing U.S. officials.

Software and Firmware Updates Required

Upon announcing its patches on Friday and Saturday, Microsoft said affected customers will also need to deploy processor microcode, or firmware, updates through their device manufacturers. Microsoft added that it was also working on mitigations to prevent Intel-related problems with its Internet Explorer and Edge Web browsers.

"While Intel tests, updates, and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 -- 'Branch target injection vulnerability,'" Microsoft said in its patch announcement. "In our testing, this update has been found to prevent the behavior described."

Intel's initial patch for Spectre was found to causes unexpected reboots and "other unpredictable system behavior" in some devices that could also lead to corruption or loss of data.

Intel is "working around the clock to ensure we are addressing these issues," Navin Shenoy, executive vice president and general manager of Intel's Data Center Group, said in an update last week.

Questions about Who Intel Notified of Bugs

In other developments related to Spectre and Meltdown, which also affect many CPUs made by ARM and AMD, The Wall Street Journal reported yesterday that Intel's initial disclosures about the vulnerabilities were made to "a small group of customers, including Chinese technology companies, but left out the U.S. government."

Even before that news emerged, Intel and other technology companies were already under scrutiny for working quietly behind the scenes to resolve the chip-level flaws without notifying the public. On Wednesday, members of the U.S. House Energy and Commerce Committee sent letters to Intel, Amazon, AMD, ARM, Apple, Google, and Microsoft expressing concern about "the information embargo instituted by the limited number of companies originally informed about the vulnerabilities in June 2017."

Several different groups of independent researchers discovered Spectre and Meltdown last year, but their work was not publicly disclosed until earlier this month. However, there is no evidence to date that either vulnerability has been exploited by hackers in the wild, according to Intel, Microsoft, and other companies.

Image credit: iStock/Artist's concept.

Tell Us What You Think
Comment:

Name:

Byron Ewing:
Posted: 2018-01-29 @ 1:27pm PT
I can't boot through a blue screen so what good is a patch, or 10?
I need something like an ISO that will boot and remove MS malware.

Like Us on FacebookFollow Us on Twitter
MORE IN WINDOWS SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.