Major security flaw found in Intel processors

#14691
Assistanc3
Participant

Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715).

The update —KB4078130— targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions.

Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3.

Intel

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.

End-users should continue to apply updates recommended by their system and operating system providers.

After Intel’s announcement, Dell advised customers to “revert back to a previous BIOS versions” that did not include Spectre patches.

HP also took a similar step. After it previously made available BIOS updates containing Meltdown and Spectre (Variant 1 and Variant 2) patches, HP reissued BIOS updates this week that only contained Meltdown and Spectre Variant 1 patches, but not Variant 2.

Red Hat Enterprises also decided to revert Spectre Variant 2 patches last weekend, even before Intel’s formal announcement.

Intel is not the only major CPU maker having issues with Spectre Variant 2 patching. This bug also caused issues for devices with AMD processors, so much so that Microsoft paused the rollout of Windows updates for devices with AMD processors. Microsoft resumed these updates, but only after AMD worked with Microsoft to correct reported BSOD errors.

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-windows-out-of-band-update-that-disables-spectre-mitigations/