OEMs and system builders recall Intel’s Spectre Firmware updates
OEMs and system builders recall Intel’s Spectre Firmware updates
Meltdown (CVE-2017-5754) and Spectre Variant 1 (CVE-2017-5753) can both be addressed by software, with Spectre Variant 2 being the only exploit of the three to require CPU microcode updates on Intel platforms, leaving Intel-based systems insecure until these patches are released. Right now it looks like Intel rushed their Spectre Microcode updates to market, resulting in unforeseen issues, issues that are crushing the confidence that OEMs have in the company. Â
Dell, Acer and ASRock have already removed their Spectre fixing firmware updates from their websites, preventing their users from downloading and installing these potentially buggy updates. New firmware updates will be released in time; after Intel are able to resolve their current issues. Dell released the following statement.Â
   Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel.
 Â
Acer has taken a less cautious approach, removing updates for only their Intel Core 4th and 5th Generation products, which are otherwise known as Haswell and Broadwell, stating system instability issues as the reason for their removal.Â
Â
   At this time, we do not recommend updating your BIOS if your system has a Core i CPU from the 4th (Haswell) or 5th (Broadwell) generation, as it may cause system instability.
Â
In the whole CPU market, Intel is easily the worst affected by Spectre. Being hit by all three variants of the exploit and requiring the most extensive number of software and microcode fixes to secure pretty much every system that they have released for the past decade. Contrast this to AMD who have been found to be immune to Meltdown and have not been affected by Spectre Variant 2, the version that requires microcode fixes, with AMD claiming a “near-zero” risk of being affected.Â
You can join the discussion on OEMs and system builders recalling Intel’s botched Spectre Microcode updates on the OC3D Forums.Â