Credit to Author: Woody Leonhard| Date: Fri, 12 Jan 2018 05:18:00 -0800
The headlong race to cover the Meltdown/Spectre debacle has claimed another victim. In a surprising move, Intel has raised a red flag about some of its firmware patches. What should you do? Wait.
Yesterday, Intel executive VP Navin Shenoy posted on the company blog:
We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.
Shenoy went on to emphasize that Intel was working directly with its big customers — but that normal Intel customers “should continue to apply updates recommended by their system and operating system providers.”
I’m trying to look up the term condescending, but never mind.
Robert McMillan at The Wall Street Journal picked up on the story late last night (paywall):
Intel is quietly advising some customers to hold off installing patches that address new security flaws affecting virtually all of its processors. It turns out the patches had bugs of their own.
Then Reuters got in on the act:
Intel has identified three issues in updates released over the past week for “microcode,” or firmware, the [Wall Street Journal] reported, citing a confidential document the company had shared with some customers that it had reviewed.
Intel’s been riding out the Meltdown/Spectre storm with some aplomb, publishing a performance hit table (see screenshot below) that says Skylake, Kaby Lake, and Coffee Lake processors (6th, 7th and 8th generation) take a 7 to 8 percent performance hit with the new Meltdown-free firmware.
There’s no mention in the official speedtest about the 2-year-old Broadwell chip.
Where does that leave “normal” Windows users with 2016 or earlier processors? In a holding pattern. Again (pardon me if I sound like a broken record) there are NO Meltdown/Spectre exploits in the wild (although one highly credible researcher, Alex Ionescu, claims he has a working proof of concept for Windows — which he won’t release for a few more weeks).
As for Microsoft Surface owners — Microsoft falling into the “recommended by their system and operating system providers” bucket mentioned by Intel — we don’t know what’s going to happen. Microsoft hasn’t responded to Intel’s admission. We don’t know when (or if) it will update its Surface firmware patches.
All we know is that Microsoft has made no commitment to providing a Meltdown/Spectre patch for Surface Pro 2, Surface Pro (original), or Surface 3 (non-Pro) PCs.
Tell me again how many billions Microsoft has made from Surface?
Join us for sackcloth and ashes on the AskWoody Forum.