INFRA
INFRA
INFRA
Microsoft issues emergency Windows update to disable Spectre vulnerability patch
Microsoft Corp. has taken the rare step of issuing an emergency Windows update to disable a previous patch issued to tackle one of the two Spectre vulnerabilities in Intel Corp. chips.
The patch, known as KB4078130, for all versions of Windows from version 7 (SP1) onwards, reverses a patch Microsoft issued Jan. 3. It withdrew that patch Jan. 9 after it was discovered that the code used in the patch caused some personal computers to fail to boot up.
Intel itself admitted the issue Jan. 18, saying that the faulty patch caused PCs to reboot unexpectedly and disrupt user activity. Intel followed up with a formal notice Jan. 23, telling its hardware and software partners to stop distributing the security patch.
“While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today” that specifically disables only the mitigation against one vulnerability, called Branch target injection, Microsoft said. “In our testing, this update has been found to prevent the described behavior in devices that have affected microcode.”
Although some critics have slammed Intel for its fumbled response to both the Meltdown and the Spectre vulnerabilities, some argue that placing blame is not that simple.
“I know patching and repatching is a pain for organizations,” Jeff Williams, co-founder and chief technology officer at Contrast Security Inc., told SiliconANGLE. “And I’m not saying that Intel is blameless here. But people always jump to the conclusion that any vulnerability means negligence. These attacks are truly novel and tricky to fix.”
Williams added that part of the problem is that consumers want new technologies such as phones, apps and software faster and faster. “We wouldn’t like it if companies engineered everything like NASA – it would take decades, cost many times more, and execute slowly,” he said. “We are all complicit. We have all reaped the benefits of an ecosystem that prioritizes speed to market over security. So instead of throwing bombs, how about we encourage collaboration and openness around the best ways to solve this new attack?”
Image: Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
_de_Chom%C3%B3n.jpg){kind=link}