Intel Warns Its Patches for Chip Flaws Are Buggy
January 11 2018 - 7:42PM
Dow Jones News
By Robert McMillan
Intel is quietly advising some customers to hold off installing
patches that address new security flaws affecting virtually all of
its processors. It turns out the patches had bugs of their own.
The glitch underscores the complexity of Intel's challenge as it
scrambles to fix the unprecedented vulnerabilities, which were
disclosed more than a week ago.
In a confidential document shared with some customers Wednesday
and reviewed by The Wall Street Journal, Intel said it identified
three issues in updates released over the past week for
"microcode," or firmware -- software that is installed directly on
the processor. The updates are separate from patches produced by
operating system companies such as Microsoft Corp.
Intel advises customers to "delay additional deployments of
these microcode updates," the company said in a technical advisory.
"Intel will provide frequent updates."
The document is being shared with computer makers and large
cloud providers after a few reports that the updates appeared to
cause some computers to reboot, said Stephen Smith, general manager
of Intel's data-center group.
The bugs are "unrelated to security," he said, adding they
affect a range of Intel's older PC and server chips, including
Broadwell processors introduced in 2015 and Haswell chips that date
back to 2013.
Intel advises consumers to use firmware updates available from
their computer makers, but is advising computer makers and cloud
providers to hold off from using the Intel firmware updates, Mr.
Smith said.
Given Intel's chips are used so widely, some customers likely
are using the chips in ways Intel didn't anticipate in testing its
patches, said Paul Kocher, an independent security researcher who
discovered some of the major Intel security flaws reported last
week. "It doesn't surprise me a lot that there would be some
hiccups," he said.
One Intel partner familiar with the document said it is
problematic the company is only notifying select customers they
should hold off on the patches. The public has "been given the
microcode update but has not been given the important technical
information that Intel recommends that you don't use this," the
partner said.
Mr. Smith said that Intel plans to provide an update on the
issue to the company's website.
The major security flaws disclosed last week, called Meltdown
and Spectre, give hackers a way to steal secrets such as passwords
or other sensitive information from many of the world's computer
systems. The flaws ensnared many chip companies, including SoftBank
Group Corp.'s ARM Holdings, Advanced Micro Devices Inc. and Nvidia
Corp.
Intel, which dominates the market for PC and server chips, said
last week it expected to soon have microcode updates issued for 90%
of the processors it produced during the past five years.
The fixes for these problems, however, have caused some
performance slowdowns, particularly on older Intel systems. "With
Windows 8 and Windows 7 on older silicon...we expect most users to
notice a decrease in system performance," Microsoft said Tuesday in
a blog post.
Due to the deep nature of the flaws, tech giants' updates
haven't always gone as planned. On Tuesday, Microsoft temporarily
paused sending software updates to some devices with AMD processors
after discovering some machines were rendered unusable. Some Ubuntu
Linux users reported problems Wednesday with an update to their
operating system.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
January 11, 2018 19:27 ET (00:27 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Intel (NASDAQ:INTC)
Historical Stock Chart
From Aug 2024 to Sep 2024
Intel (NASDAQ:INTC)
Historical Stock Chart
From Sep 2023 to Sep 2024