Intel advises users to stop installing Spectre microcode patches

The Meltdown and Spectre security flaws are certainly scary, but there are reasons to be leery of the various updates intended to mitigate them. Even if you aren't affected by the performance hit these updates can produce (leading some folks to refer to the patches as "SpecDown"), you could be at risk of suffering random reboots. Fortunately, Intel's now identified the cause of those restarts, at least for Haswell and Broadwell machines.

Unfortunately, identifying the root cause means a new round of patches is in the works for Haswell and Broadwell systems. The company says it has a new patch nearly ready for systems with those CPUs that offers mitigation against the Spectre vulnerability and comes without risk of random restarts. Newer Intel platforms could still experience stability problems with today's appropriate microcode patches installed, though, and owing to the stability issues that have cropped up, Intel recommends that all users of Haswell and newer platforms should stop installing the most recent microcode or firmware updates already in the wild in anticipation of a fixed fix.

Intel will be supplying the patched patches for Haswell and Broadwell CPUs to OEMs and component vendors, not directly to end users. It will be up to those companies to get the patches into the hands of us regular folks in the form of firmware updates. Intel says it will share details on exact timing of the updates' release later this week. The company didn't say anything about a timeline for patches for pre- or post-Haswell and Broadwell CPUs, though. Folks with those chips will have longer yet to wait.

Comments closed
    • boomshine
    • 2 years ago

    Can someone confirm if the advice from Intel stopping patches is for physically installed OS only or even the VMs?

      • just brew it!
      • 2 years ago

      You need to be careful to distinguish between microcode patches and OS kernel patches. Microcode patches are only relevant for the host OS, but OS patches should be installed on both host and guest.

    • just brew it!
    • 2 years ago

    Looks like the Linux kernel folks are still thrashing around too. Noticed the following comment in the changelog for a kernel Ubuntu just pushed out:

    [quote<]Extend post microcode reload to support IBPB feature -- repair missmerge[/quote<]

    • quaz0r
    • 2 years ago

    so…have we decided to stop berating and name-calling the end user now?

      • tootercomputer
      • 2 years ago

      How is end user expected to sort all of this out? I’m a PC enthusiast, not a cpu microcode engineer. TR had an article a week or so ago about the mobo makers moving forward with their own patches. Great, so I went ahead and updated my mobo bios. Now Intel is saying, Nooo, don’t do it. And we the end users are caught in the middle. This is incredible.

      No, it’s time for berating. The industry leaders need to lead. And I would love to see editors from tech sites like TR yell a little more.

        • quaz0r
        • 2 years ago

        exactly

    • tootercomputer
    • 2 years ago

    I just updated the bios in my gigabyte z170l the bios was specifically for “cpu microcode.”

    This is a goddam mess. Where is the leadership?

    • NeelyCam
    • 2 years ago

    Sooo…. Any Atom CPUs affected?

    Lol

    • RtFusion
    • 2 years ago

    The one thing that comes to mind with this:

    [url<]https://www.youtube.com/watch?v=LukyMYp2noo[/url<]

    • Unknown-Error
    • 2 years ago

    Huh?

    • webkido13
    • 2 years ago

    Just finished patching 700 Dell systems at work with new firmware. Now the whole process starts over. And that’s after the two rounds of Intel ME Firmware Updates. Incredibly frustrating (and time consuming).

      • willmore
      • 2 years ago

      If only your OS did that for you.

    • Laykun
    • 2 years ago

    Yes, but who will patch the patch for the patch? It’s only a matter of time.

      • SkyWarrior
      • 2 years ago

      Mother of patchworks…

      • Redocbew
      • 2 years ago

      Those responsible for sacking the people who have just been sacked have been sacked.

      • willmore
      • 2 years ago

      Reminds me of the Trace Buster, Buster, Buster, Buster.

      • Goofus Maximus
      • 2 years ago

      Heh! All cases will be made of patchwork quilting from now on…

    • ronch
    • 2 years ago

    In other news, AMD advises everyone to stop buying CPUs from Intel.

      • Klimax
      • 2 years ago

      o do they have their updates for Specter out?

        • EndlessWaves
        • 2 years ago

        Do Intel?

          • Klimax
          • 2 years ago

          Had, has and will have… But IIRC AMD does. No idea how widely applied though. (Aka my original post wasn’t exactly right)

      • K-L-Waster
      • 2 years ago

      The press release showed surprisingly little difference in wording from it’s pre-Meltdown releases….

    • puppetworx
    • 2 years ago

    Just as well I was under the impression there would be no Haswell fix then.

      • Voldenuit
      • 2 years ago

      Intel released microcode updates for Haswell in the first round.

      It’s the motherboard makers who’ve been dragging their heels on updating BIOSes for their Z87 and Z97 boards.

    • spiketheaardvark
    • 2 years ago

    Suddenly I don’t feel left out with sandybridge not getting a patch.

      • davidbowser
      • 2 years ago

      Same. I acknowledge that pretty much every old PC I own won’t get patched.

      The good news:
      [list<] [*<]I get to plan for a fancy new (and hopefully BIOS patched) Ryzen or Epyc build in 2018 [/*<][*<]It gives me an excuse to go through a "justify or recycle" process in my basement. [/*<] [/list<]

    • shank15217
    • 2 years ago

    This is why businesses should buy AMD based systems every other hardware update cycle. This is why monopolies are bad. Choice is a good thing when security is concerned.

      • just brew it!
      • 2 years ago

      Unfortunately, AMD’s performance/watt just hasn’t been there the past couple of generations. When you’re deploying hundreds (or thousands) of systems, or setting up massive data centers, electricity costs matter!

      Hopefully Ryzen/Threadripper/Epyc see some significant uptake among corporate users now that AMD’s back in the game. It’s going to be an uphill battle for them to win back market share in the enterprise space though.

        • NovusBogus
        • 2 years ago

        Yup, Bulldozer and its follow-ons were a total dumpster fire. Only the most hardcore of fanboys can manage to put lipstick on that particular pig. But Ryzen and its follow-ons appear to be at least decent, so hopefully they’ll gain back some market share.

        That said, let’s not forget that they get pwned by Spectre as much as anyone else.

          • just brew it!
          • 2 years ago

          [quote<]That said, let's not forget that they get pwned by Spectre as much as anyone else.[/quote<] Hence my "slightly less broken" quip elsewhere in the comments for this story...

          • cygnus1
          • 2 years ago

          Currently AMD is still pretty adamant that the performance hindering fixes aren’t necessary on their CPUs.

          [url<]https://www.servethehome.com/intel-offers-enterprise-meltdown-spectre-benchmarks-gift-amd/[/url<]

            • just brew it!
            • 2 years ago

            AMD only claims that they are immune to Meltdown; they do [i<]not[/i<] claim immunity from Spectre. So any performance hits due to Spectre mitigation are likely to affect AMD as well.

            • cygnus1
            • 2 years ago

            We won’t know for sure where the performance dust settles for at least another month I’m thinking, but so far it’s looking good for AMD. And yeah, for Spectre, they are in fact claiming partial immunity. Partial because it’s not just 1 single vulnerability. For 1 of the 3 Spectre variants, GPZ Variant 3, AMD straight up claims immunity. For GPZ Variant 2, they’re claiming near immunity and making that microcode update optional, not suggesting at all that it is required. And GPZ Variant 1 is contained in the OS patches. [url<]https://www.amd.com/en/corporate/speculative-execution?sf178974629=1[/url<] At this point though, it's hard to call it a major win for AMD, but it could very well be. I mean, we don't even have working/approved-to-install microcode updates for Intel. But, for the buggy updates that were released though, their performance drop is enough to make AMD extremely competitive against them (against Xeon Scalable) in the datacenter.

            • Redocbew
            • 2 years ago

            We should start taking bets on what the next wrong interpretation of that press release is going to be.

            • cygnus1
            • 2 years ago

            How is that interpretation wrong?

            • Redocbew
            • 2 years ago

            There’s two variants of Spectre and one of Meltdown. It says directly on that page “GPZ Variant 3 (Rogue Data Cache Load [i<]or Meltdown[/i<])" Even claiming total immunity to Meltdown I think is a mistake due to the nature of these exploits, but I suppose chances are good that it'll be a while before another exploit in speculative execution is found, and that's their prerogative if AMD wants to ignore the possibility until it happens.

            • cygnus1
            • 2 years ago

            Oh shoot, I did skim right over that [i<]"or Meltdown"[/i<]. Thanks for pointing that out. I do agree that AMD claiming immunity to either vulnerability is way too early. Saying it's "too difficult to exploit" means it's possible and just makes it a challenge to right types of people. So unless they can show a clear architecture difference that 100% makes the exploit impossible, anyone with any kind of actual security responsibility has to run the patches.

        • ronch
        • 2 years ago

        Totally agree with the power consumption. I’m ok with deploying 2 or 3 FX-powered computers but 10 of them will start to make me worry about my power bill, let alone hundreds or thousands of them. This is even truer in places where electricity is expensive.

        • Krogoth
        • 2 years ago

        Epycs are going to do very well in the enterprise space for those planning an upgrade. AMD just needs to release Ryzen-based APUs to gain traction in regular SMB systems.

        • DoomGuy64
        • 2 years ago

        Bristol Ridge isn’t [i<]bad[/i<]. My company upgraded to them for basic office work, and it's better than the old i3+hdd systems. Ryzen may be better, but Bristol Ridge isn't going to catch on fire, run like a 486, or make a major dent in overall electricity either. Especially the E series.

    • wownwow
    • 2 years ago

    Intel Inside = Patch-Buffet Inside, an unlimited time offer for lifetime enjoyment πŸ˜€

    According to the Intel CPU design, the White House (Kernel) need to relocated for the security issue (Meltdown)!

    According to Intel CEO, relocating the White House is the intended design!

    It’s so amazing that the company can continue selling the INTENDED faulty CPU chips designed basing on the specifications with the INTENDED flaw of not checking and not correctly handling the privilege levels, amazing!

    • crystall
    • 2 years ago

    And this my friend is what we call a SNAFU.

    • hansmuff
    • 2 years ago

    Every one of my PUBG matches crashed after the ASUS Hero IX 1203 BIOS update. Same settings as the old BIOS, everything the same.

    I know PUBG is possibly the poorest indicator of any sort of stability, but after reverting to the 1009 BIOS I’ve had zero crashes.

    4 crashes in a row on new BIOS (each one about 5-10 minutes into the match), then revert and then no more crashes, all on the same day, tell me something wasn’t quite right.

    • tipoo
    • 2 years ago

    It’s a good thing this isn’t a mess or anything.

      • Wirko
      • 2 years ago

      Try to say this 12 times in a row. Sounds like a pig trying to oink after having eaten all the tumbleweed in the yard.

    • btb
    • 2 years ago

    Thanks to Intel and bitcoin miners, my previously anticipated 2018 CPU/GFX upgrade is now put on hold. I’m not going to pay full price for a new broken Intel CPU(if they want to sell me on their 8×00 series, they better start giving huge discounts), and even if I wanted to spend the money on a new GFX card instead, its impossible to locate a 1080 or 1080 TI Founders Edition anywhere in Denmark, they are sold out everywhere. So I guess my trusty Haswell+770GTX will have to do until 2019ish!

      • K-L-Waster
      • 2 years ago

      I hope that forecast turns out to be pessimistic. But you may be right….

        • brucethemoose
        • 2 years ago

        AMD/Nvidia will just ramp up supply if the cryptocraze goes on that long, right? And the Ryzen refresh wouldn’t be a bad choice either.

      • just brew it!
      • 2 years ago

      [quote<]I'm not going to pay full price for a new broken Intel CPU[/quote<] You could buy a new, slightly less broken AMD CPU instead... πŸ˜‰

        • CScottG
        • 2 years ago

        LOL.

        ..up-vote!

        • Klimax
        • 2 years ago

        Considering, Meltdown is easiest to kill, not that much of “advantage”.

          • just brew it!
          • 2 years ago

          I believe the Meltdown mitigation has a larger performance hit though… at least for workloads that do a lot of syscalls.

      • SHOES
      • 2 years ago

      It’s not going to get better anytime soon.. one way to get around it is to buy a pre-built system most of them still offer a decent alternatives to overpaying for a graphics card..

      • DoomGuy64
      • 2 years ago

      It’ll do until you get hit with the exploit, sure. Especially when working patches are being left up to OEMs who’ve EOL’d your hardware, and AMD is already immune to Meltdown and will have patched Spectre far before any Haswell gets theirs. Ignore Ryzen at your own peril, because it is a good chip, and the whole platform is a much better value.

      Second, considering how well Kepler has aged, as even the 780 was quickly outclassed by midrange cards like the 960, I can’t see why anyone would be using it today unless not playing any modern games. It hasn’t been relevant in 2017, let alone 2019. That’s a long time of not playing new games, or tolerating massively reduced settings. I get the whole avoiding new cards because of miners, but damn, consider a used 970 at least. Going from a 770 to a 1080 is also a bit WTF, since you are claiming the 770 will last you until 2019. No way you need a 1080 if that 770 is still “usable” for you. You only need a 1060, unless planning a massive total upgrade with a 4k monitor (need the Ti there, and this build is overrated and a waste of money), or VR which still isn’t mainstream or fleshed out. The 1070Ti is also perfect for 1440p 144hz, and makes the 1080 not worth buying.

      Sticking with a Haswell+770GTX system at this point in time, just screams of die hard brand bigotry. Especially when holding out for patched Intel CPUs and 1080Ti’s. This sense makes none. Upgrade to something more reasonable, like Rzyen with a 1060, 580, or 1070Ti.

      “Get off my lawn, you [s<]racial[/s<] [i<]alternative brand epithet[/i<], [s<]white[/s<] [i<]Intel/Nv Power![/i<]" Intel/Nv fanboys are the narrow minded bigots of the PC world now. Time to open your mind and update that worldview, because the grass is greener over here. Otherwise, enjoy wasting money or tolerating reduced settings and having your system compromised. Your loss.

        • K-L-Waster
        • 2 years ago

        I was expecting a “Can I get an amen brothers and sisters?!” at the end of that….

    • mtruchado
    • 2 years ago

    In the other news almost every single laptop presented in Las Vegas CES is equipped using one affected intel CPU

    • chuckula
    • 2 years ago

    By never installing them in the first place I’m ahead of the curve!

      • derFunkenstein
      • 2 years ago

      You’d be REALLY ahead of the curve if you were finished installing them before the bulletin was published.

    • smilingcrow
    • 2 years ago

    Considering how long ago Intel were informed about this it’s a shame they haven’t responded in a better way.

    When I first read about these threats it did seem as if this was going to run and run so this isn’t a surprise.
    This has to be the largest technical issue that has arisen in my 25 years or so of PC building.

      • Klimax
      • 2 years ago

      For software update it usually is, but microcode is bit different case. (More like update to lower kernel / HAL)

      I’d be curious what issue causes these problems.

      BTW: According to ex-Intel engineer HW fix should be far easier because both M/S are logic bugs and improper validation:
      [url<]https://www.moesif.com/blog/technical/cpu-arch/What-Is-The-Actual-Vulnerability-Behind-Meltdown/[/url<] (Note: It was posted right after public disclosure!)

    • Wilko
    • 2 years ago

    My Skylake i7 6700k with 64 bit Windows 7 Pro desktop at home hasn’t shown any problems since I updated everything last week. InSpectre says it’s all set. I suppose I’m okay without any fixed fixes or patched patches for now?

    An old Lenovo Thinkpad running Windows 8.1 doesn’t seem to be getting any BIOS updates in the foreseeable future, and a newish Acer laptop I have is still waiting for an update for Spectre.

    • JosiahBradley
    • 2 years ago

    It took me 4 hours to figure out how to patch my system and at work we were about to roll out thousands of BIOS updates. Get your stuff together Intel.

    • MadManOriginal
    • 2 years ago

    I’m about to build an i5-8600K system. So does this mean I should avoid any recent BIOS update that mentions update CPU microcode, if it’s from prior to the last few days? I usually do a BIOS update first thing, but if the update in the wild can cause issues maybe I shouldn’t.

      • Questar
      • 2 years ago

      I would sit tight and not update anything yet.

      • ikjadoon
      • 2 years ago

      For what it’s worth, Coffee Lake has not been specifically identified as having random reboots. But it could be the limited quantity and Intel hasn’t deemed it sufficient for them to claim their newest generation also suffers from the same random reboots as the last, you know, seven generations.

      FWIW, my i5-8600K build hasn’t had any issues, but it’s a work production machine and not gaming, πŸ™

        • Kevsteele
        • 2 years ago

        I’ve got an i7-8700k system, updated with the firmware fixes (Asus had them out on Jan. 4th for their Z370 boards), and I haven’t experienced any random reboots.

        Things seem okay with the system, and the few benchmarks I’ve run show about a 1-2% performance loss (margin of error stuff). Hopefully, I haven’t jinxed things by posting this. πŸ˜‰

      • NeelyCam
      • 2 years ago

      If it works, don’t fix it.

      Security is overrated anyways… you don’t have anything to hide, right?

Pin It on Pinterest

Share This