Microsoft issues emergency Windows update to disable Spectre vulnerability patch
Microsoft Corp. has taken the rare step of issuing an emergency Windows update to disable a previous patch issued to tackle one of the two Spectre vulnerabilities in Intel Corp. chips.
The patch, known as KB4078130, for all versions of Windows from version 7 (SP1) onwards, reverses a patch Microsoft issued Jan. 3. It withdrew that patch Jan. 9 after it was discovered that the code used in the patch caused some personal computers to fail to boot up.
Intel itself admitted the issue Jan. 18, saying that the faulty patch caused PCs to reboot unexpectedly and disrupt user activity. Intel followed up with a formal notice Jan. 23, telling its hardware and software partners to stop distributing the security patch.
“While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today” that specifically disables only the mitigation against one vulnerability, called Branch target injection, Microsoft said. “In our testing, this update has been found to prevent the described behavior in devices that have affected microcode.”
Although some critics have slammed Intel for its fumbled response to both the Meltdown and the Spectre vulnerabilities, some argue that placing blame is not that simple.
“I know patching and repatching is a pain for organizations,” Jeff Williams, co-founder and chief technology officer at Contrast Security Inc., told SiliconANGLE. “And I’m not saying that Intel is blameless here. But people always jump to the conclusion that any vulnerability means negligence. These attacks are truly novel and tricky to fix.”
Williams added that part of the problem is that consumers want new technologies such as phones, apps and software faster and faster. “We wouldn’t like it if companies engineered everything like NASA – it would take decades, cost many times more, and execute slowly,” he said. “We are all complicit. We have all reaped the benefits of an ecosystem that prioritizes speed to market over security. So instead of throwing bombs, how about we encourage collaboration and openness around the best ways to solve this new attack?”
Image: Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU