In what has become a case of warring patches, Microsoft updates Windows to reverse an issue introduced by Intel’s fix for the Spectre CPU vulnerability.
IT vendors are still out synch on implementing fixes to the critical Meltdown and Spectre processor vulnerabilities that were disclosed in early January.
Microsoft has released a new emergency update for Windows that disables an earlier patch issued by Intel, which could cause issues for users. Those problems can include “higher than expected reboots and other unpredictable system behavior” on systems with Broadwell and Haswell processors, according to an Intel advisory.
The chipmaker later cautioned in the Jan. 25 release of its fourth quarter 2017 earnings about possible “data loss or corruption” along with “the misappropriation of data by third parties” due to the mitigations issued to address the flaws, not to mention the flaws themselves.
Although Intel claimed it was making good progress toward developing an effective solution, the company recommended that users, OEMs, software vendors and cloud providers cease applying the problematic patch or “microcode” that alters a processors’ firmware.
In a move to help Windows users avoid unstable system performance, or worse, Microsoft issued its own patch that disables Intel’s fix, specifically as it applies to Spectre’s branch target injection vulnerability (Variant 2).
“In our testing this update has been found to prevent the behavior described,” stated Microsoft in an online support document. “This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server.”
For those already affected by Intel’s buggy patch, Microsoft published two support documents for advanced users and IT professionals who are comfortable working with the Windows registry and other parts of the operating system that the average end user rarely touches.
Windows 7, 8.1 and 10 users can consult knowledge base article KB4073119 for registry settings, a PowerShell script, group policies and MDM (mobile device management) configurations to avoid the issues introduced by Intel’s patch. Meanwhile, Windows Server administrators can check out knowledge base article KB4072698 for new registry settings along with a PowerShell script that can be used to verify that the changes have taken effect.
Windows isn’t the only operating system that’s undergoing changes in light of the Meltdown and Spectre CPU vulnerabilities.
Linus Torvalds recently released the Linux 4.15 kernel, the first new kernel of the year. Arriving later than expected, Torvalds acknowledged that the delay was due to the work Linux developers were doing to address the flaws.
“This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle. The extra two weeks were obviously mainly due to that whole timing issue,” wrote Torvalds in a Jan. 28 announcement.
And the work continues. Torvalds said developers are currently tackling Linux on Arm-based architectures and the Spectre bounds check bypass vulnerability (Variant 1).
Apple also issued updates across its various operating systems, including macOS, iOS and tvOS. On Jan. 23, the Cupertino, Calif. device maker released a security update for macOS High Sierra 10.13.3 and OS X El Capitan 10.11.6, specifically addressing the Meltdown vulnerability.