OEMs and system builders recall Intel’s Spectre Firmware updates

OEMs and system builders recall Intel's Spectre Firmware updates

OEMs and system builders recall Intel’s Spectre Firmware updates

Spectre and Meltdown are huge problems, requiring some significant software and CPU microcode updates to address, especially from Intel. While the company has already released patches that are designed to address Spectre variant 2 (CVE-2017-5715), updated BIOS files have now been withdrawn by most OEMs and system builders due to reboot issues and other unexpected behaviours. 

Meltdown (CVE-2017-5754) and Spectre Variant 1 (CVE-2017-5753) can both be addressed by software, with Spectre Variant 2 being the only exploit of the three to require CPU microcode updates on Intel platforms, leaving Intel-based systems insecure until these patches are released. Right now it looks like Intel rushed their Spectre Microcode updates to market, resulting in unforeseen issues, issues that are crushing the confidence that OEMs have in the company.  

Dell, Acer and ASRock have already removed their Spectre fixing firmware updates from their websites, preventing their users from downloading and installing these potentially buggy updates. New firmware updates will be released in time; after Intel are able to resolve their current issues. Dell released the following statement. 


      Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel.

  

Acer has taken a less cautious approach, removing updates for only their Intel Core 4th and 5th Generation products, which are otherwise known as Haswell and Broadwell, stating system instability issues as the reason for their removal. 

 

     At this time, we do not recommend updating your BIOS if your system has a Core i CPU from the 4th (Haswell) or 5th (Broadwell) generation, as it may cause system instability.

 

OEMs and system builders recall Intel's Spectre Firmware updates  

In the whole CPU market, Intel is easily the worst affected by Spectre. Being hit by all three variants of the exploit and requiring the most extensive number of software and microcode fixes to secure pretty much every system that they have released for the past decade. Contrast this to AMD who have been found to be immune to Meltdown and have not been affected by Spectre Variant 2, the version that requires microcode fixes, with AMD claiming a “near-zero” risk of being affected. 

You can join the discussion on OEMs and system builders recalling Intel’s botched Spectre Microcode updates on the OC3D Forums.Â