UPDATED 22:54 EST / APRIL 03 2018

INFRA

Intel announces it won’t be patching Spectre vulnerabilities in older chips

Intel Corp. has said in a microcode revision guidance that it will not be issuing patches for older chips against the Spectre v2 vulnerability that was first revealed in early January, potentially exposing millions of Intel users to hacking.

In its guidance issued Monday, which added a “stopped” status to Intel’s “Production Status” for its Meltdown and Spectre fixes, Intel claimed that the processors affected are mostly implemented as closed systems and therefore are not at risk from the Spectre exploit.

“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons,” the company said.

The reasoning for not patching the vulnerability were claimed to include microarchitectural characteristics that preclude a practical implementation of features mitigating Variant 2; limited Commercially Available System Software support; and based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Central processing units manufactured by Intel that won’t be getting a Spectre patch include Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield and Yorkfield Xeon along with older chips such as Core CPUs and Pentiums.

According to Tom’s Hardware, the patches for it need to be delivered as an operating system or BIOS update, and that requires the support of Microsoft and motherboard OEMs to distribute. “However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago,” Tom’s Hardware noted.

The fact that the chips not being patched are old is also said to be key to Intel’s thinking, since it’s unlikely the affected chips are used in high-security environments. Although that argument does apply to nearly every chip Intel won’t be patching, there is one exception: the Atom SoFIA processor Intel released in 2015.

Image: Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU