If you were worried about the reports you've heard of Athlon processors crashing after the Windows updates pushed to mitigate Spectre and Meltdown or about the performance hits these may cause certain workloads, consider the poor sysadmin that listened to Intel's keynote speech at CES. Brian Krzanich has promised patches for 90% of the affected processors by the end of the week, with the remainder by the end of this month. Such a quick response is wonderful from a security standpoint but one wonders how much stability and compatibility testing could have been done in just a few days. The acronym for the Intel Product Assurance and Security team may be very appropriate for some companies. Let us hope it does indeed go smoothly.
"Krzanich has promised that the firm will patch "90 per cent" of affected processors made in the past five years by the end of this week, adding that the remaining 10 per cent would see fixes by the end of the month."
Here is some more Tech News from around the web:
- Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key @ Slashdot
- Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines @ Ars Technica
- With WPA3, Wi-Fi Security is About To Get a Lot Tougher @ Slashdot
- Take notebooks: About those new Thinkpads… @ The Register
- Intel reveals 49 qubit quantum chip bringing it neck and neck with Google and IBM @ The Inquirer
- Micron, Intel consciously uncouple 3D NAND development @ The Register
I thought they’ve had more
I thought they’ve had more than a few days, weren’t they notified of Meltdown and Spectre back in June and assumedly been working on ways to mitigate the vulnerabilities since then.
The original date for
The original date for publicly announcing Meltdown and Spectre was set for the 2018-01-09. That got pushed forward because partial details of the Meltdown explot were leaked early, which has turned what was intended to be a coordinated release of details and patches into a scramble to get everything ready early.
I’m not applying any
I’m not applying any Meltdown/Spectre patches until I hear from my laptops’ 4 differet OEMs concerning firmware updates. And my laptops all have Intel processors ranging from the Intel Arrandale(mobile variant of first generation Nehalem microarchitecture) core i3, SandyBridge mobile core i5 and i7, up to Ivybridge core i7QM mobile variant.
So what about those laptop OEMs and firmware Updates. So that’s Toshiba(Core i3 laptop), ASUS(Core i5 SB laptop) Samsung(core i7 SB laptop), and HP(core i7 IB laptop).
Intel needs to list the exact make and model/stepping of their respective CPU variants and let the end users know if these CPU SKUs will require a firmware update from the OEM.
Without the firmware the patches will probably not be applied by Windows and that’s not something that Microsoft can directy control. The gaming MBs have better firmware support but the OEM laptop record of proper firmare/driver support is very sorely lacking.
ivy bridge and older CPUs are
ivy bridge and older CPUs are older than the 5 year window promised.
The 3632QM(in my newest
The 3632QM(in my newest laptop) was released 30 September 2012 so just over 5 years but Intel was still releasing Ivy Bridge variants up to around 10 September 2013 and 9 January 2014(for servers) according to Wikipedia. So how is that 5 years going to be calculated and there will be many millions of systems still using older core i series processrs and that will need to be updated or there will be a whole lot of compromised systems online.
Intel can release microcode fixes till the cows come home it’s still going to require the laptop’s OEM to push out the new firmware with the Intel microcode fix included.
My newest laptop just got the Jan-2018 Windows update with whatever fix was pushed out by MS and there is currently no new firmware updates from this year from the laptop’s OEM and the most recent firmware update from last year is dated Jul 19, 2017 which has already been installed.
It Looks like the Meltdown/Spectre Windows patches are included along with all the other windows 7 patches for the OS(windows 7 security only quality update). So no putting off any updates as that’s all in one update, and then I always install the IE 11 Cummulative patch from the MS/Windows update catalog also. And any other patches I have not bothered to do since MS started cramming all the KBs into one update. So no .Net updating or other non security updating too keep the spyware out of my windows 7 systems.
“made in the past five years
“made in the past five years by the end of this week” what about the older Intel core i series SKUs that are more than 5 years old?
So essentially Intel is
So essentially Intel is saying…
“Sorry, not sorry, about knowingly including this ‘bug’ into our CPU’s to increase performance over the competition and if you have a chip that is five years old or more you’re screwed because we, Intel, want you to buy a new computer and/or processor.”
I’ve looked at the list
I’ve looked at the list motherboard ASUS are updating and they are basically ignoring everything older than 3 years: https://www.asus.com/News/V5urzYAT6myCC1o2
It’s a shame that the manufacturers are seeing this whole disaster as an excuse to force their customers into buying their newer products.
For Dell
For Dell Servers
http://www.dell.com/support/article/ca/en/cadhs1/sln308588/microprocessor-side-channel-vulnerabilities–cve-2017-5715–cve-2017-5753–cve-2017-5754—impact-on-dell-emc-products–dell-enterprise-servers–storage-and-networking-?lang=en
For Dell Clients (Laptop/Desktop)
http://www.dell.com/support/article/ca/en/cabsdt1/sln308587/microprocessor-side-channel-vulnerabilities–cve-2017-5715–cve-2017-5753–cve-2017-5754—impact-on-dell-products?lang=en
There you go
They’re going back 10 years, for servers, and about 7-8 for client machines.
It’s time for a big class
It’s time for a big class action Lawsuit to force Intel to fix all of its core i series generation CPUs and force Intel/Laptop OEMs to fund the necessary laptop BIOS/UEFI firmware/microcode updates. There are still one hell of a lot of SandyBridge CPU SKUs sold and still in service but Intel/OEMs need to be forced to go all the way back to the first generation core i series Arrandale(Mobile variant of Nehalem)/Nehalem desktop and server SKUs and newer Intel Generations.
There must be millions of SandyBridge(Very Popular At One Time) based systems still in use that really need the patching and firmware/microcode updates.
I’m on Windows 7, and will be on Linux come 2020, so I hope that there will be increased focus from the Linux OS laptop OEM’s to make use of AMD’s APUs for some Linux Laptop offerings, Do You Hear Me System76/Other linux Laptop OEMs!
2018 for the Meltdown/Spectre issue and Windows 7 going EOL in 2020 should tell the Linux laptop OEMs that AMD’s Raven Ridge APUs may just net more sales on up to 2020 and after as many die hard Windows 7(AND NEVER NEWEWER) folks will be wanting AMD’s Raven Ridge APUs from the Linux OS Based Laptop makers.
Lisa Su, Now is the Time for AMD to partner with a Linux OS based laptop OEM and begin supporting that market for AMD’s Raven Ridge APUs. The Next 2 years can be Great for AMD/Linux based OEM Laptop offerings from AMD/Linux Laptop OEM Partners.