IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Intel gives up patching some chips with Spectre flaws

Chipmaker deems some chips too tough to fix, advising of Spectre stability issues

The Spectre and Meltdown chip vulnerability saga continues today, with Intel admitting it can't or, rather, won't issue patches for some of its affected CPUs.

Spectre and Meltdown are two flaws found at the chip level that can lead to serious data breaches. As the problem is at the architecture level, it affects virtually all processors made within the past 20 years - not just from Intel but also other giants like ARM and potentially AMD.

While no exploit of either flaw has been seen in the wild, because the problem is so widespread it's considered one of the greatest information security problems of recent times.

Despite previous pledges to issue microcode updates that will fix the flaws, Intel is now backtracking when it comes to certain of its CPUs.

In a revision notice published on Monday, the chipmaker now lists 16 microcode updates as "stopped", meaning that while patches have previously been released, Intel will no longer issue them. The company has also recommended admins and/or users stop using the updates as the mitigation for Spectre v2 contained within them causes stability issues.

The reasons Intel gave for stopping these updates vary, from the possibility that patching Variant 2 of Spectre is just too difficult based on the design of the chip in question, to limited availability of software support and the fact that some of the affected chips are powering 'closed systems' they're not connected to anything that could allow hackers to exploit them, so the risk is so small that administrators can avoid the fuss of implementing such a tricky update.

The affected chips cover a broad range of families, many of which were released around a decade ago and some of which have ceased production in the meantime, so it's hard to say how many systems will actually remain at risk due to this change. Affected chip families that won't be getting an update include Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Hapertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield and Yorkfield Xeon. Intel's notice doesn't list which of these chip families it believes are too difficult to patch, and which present a low risk. 

On the other side of the coin, however, Intel has rolled back a previously issued "stopped" notice on four other patches as "subsequent testing by Intel has determined that these were unaffected by the stability issues and have been re-released without modification" - these are Skylake H/S, Skylake U/Y, Skylake U23e and Skylake Xeon E3.

A full list of the affected systems, plus what their patch status is, can be found here.

In a statement, the company said:"We've now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback."

Intel has a messy history of patching Meltdown and Spectre, botching an initial run of Skylake patches that resulted in performance slowdowns and rebooting issues, which it eventually rolled back and replaced with another set of patches in February. The vendor faces more than 30 lawsuits relating to the chip vulnerabilities.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022