Intel won’t patch new Spectre-like chip vulnerabilities for another 12 days

Patches for all operating systems and virtual machines may not be ready until later this year - report

Processor

Intel won't patch a new series of Spectre-related flaws in its chips for another 12 days, it is reported.

Fixes for the flaws, known as 'Spectre Next Generation', were scheduled for 7 May, but the chip manufacturer is allegedly having issues getting the updates ready in time, needing another two weeks to do so. This pushes the release date back to 21 May.

This is according to a report in German IT publication Heise, which suggests the patches could take even longer to arrive.

The flaws were originally reported earlier this month and are caused by the same design issue responsible for the original Spectre vulnerabilities. Around eight flaws have been discovered but technical details about them are yet to be published. Each flaw has a CVE number and each requires a patch to fix the issue.

Advertisement
Advertisement - Article continues below

Spectre Next Generation flaws affect Core i processors and their Xeon derivatives as far back as 2010, Heise reports. These are common Intel processors found in desktops, laptops and servers.

The flaws also reportedly affect Atom-based Pentium, Celeron and Atom processors dating back to 2013 as well as those powering tablets, smartphones and embedded devices.

One of the most troublesome flaws affects Core i and Xeon chips, allowing hackers to attack systems and virtual machines from a compromised VM. These flaws may not be fixed until the middle of August.

As well as microcode patches from Intel, fixes for the operating system will also be necessary, the publication said.

An Intel spokeswoman said in a statement sent to IT Pro: "Protecting our customers' data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalise mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/mobile-phones/354222/samsung-sails-past-apples-market-share-despite-smartphone-market-slump
Mobile Phones

Samsung sails past Apple's market share despite smartphone market slump

28 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019