INFRA
INFRA
INFRA
Intel announces it won’t be patching Spectre vulnerabilities in older chips
Intel Corp. has said in a microcode revision guidance that it will not be issuing patches for older chips against the Spectre v2 vulnerability that was first revealed in early January, potentially exposing millions of Intel users to hacking.
In its guidance issued Monday, which added a “stopped” status to Intel’s “Production Status” for its Meltdown and Spectre fixes, Intel claimed that the processors affected are mostly implemented as closed systems and therefore are not at risk from the Spectre exploit.
“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons,” the company said.
The reasoning for not patching the vulnerability were claimed to include microarchitectural characteristics that preclude a practical implementation of features mitigating Variant 2; limited Commercially Available System Software support; and based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
Central processing units manufactured by Intel that won’t be getting a Spectre patch include Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield and Yorkfield Xeon along with older chips such as Core CPUs and Pentiums.
According to Tom’s Hardware, the patches for it need to be delivered as an operating system or BIOS update, and that requires the support of Microsoft and motherboard OEMs to distribute. “However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago,” Tom’s Hardware noted.
The fact that the chips not being patched are old is also said to be key to Intel’s thinking, since it’s unlikely the affected chips are used in high-security environments. Although that argument does apply to nearly every chip Intel won’t be patching, there is one exception: the Atom SoFIA processor Intel released in 2015.
Image: Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
