Microsoft released an emergency Windows update that disables Intel’s buggy Spectre fixes

Microsoft released an emergency Windows update that disables Intel's buggy Spectre fixes

Microsoft released an emergency Windows update that disables Intel’s buggy Spectre fixes

Intel’s Spectre variant 2 microcode updates have caused nothing but problems for the industry, forcing Microsoft to release an optional Windows update that allows Intel users to disable Spectre Variant 2 updates on their systems, preventing Intel’s updates from, causing system instability. 

This update is available on Windows 7, 8.1 and 10, though please note that this software patch is optional and should only be used by those who use affected Intel systems. If you haven’t installed a Spectre Variant 2 BIOS update, you do not require this Windows update. 

Microsoft is issuing this update as a temporary measure until Intel can resolve their firmware issues, though this update will also add registry options that can enable or disable Spectre Variant 2 mitigations. These options will be available for both client and server operating systems. 

      Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22nd Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.

While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”

 

These problems have been caused by Intel’s rush to release Spectre Microcode updates, allowing bugs to slip through the cracks and that has created a lot of issues for Intel in both the client and server markets. Security conscious users updated their firmware as soon as it became available, only to be greeted with data loss, random reboots and other issues. Thankfully not all systems are exhibiting these problems, though enough users have been affected for Intel to pull their existing patches and for OEMs to do the same.  

 

Microsoft released an emergency Windows update that disables Intel's buggy Spectre fixes  

Intel has stated that they have found the “root cause” of their Spectre patch issues, though at this time the company has issued no timeframe for the release of new microcode updates. 

You can join the discussion on Microsoft’s optional Windows patches that turn off Intel’s buggy Spectre 2 mitigations on the OC3D Forums.