Emergency Windows Update Removes Intel’s Buggy Spectre Patch

Emergency Windows Update Removes Intel’s Buggy Spectre Patch

The fallout from the Spectre and Meltdown CPU vulnerabilities continue to send ripples through the technology industry, and Intel is suffering more than most. Its chips were vulnerable to all three variants of these attacks, and its fixes have been heavily criticized for introducing new bugs and doing a poor job of protecting users. Now, Microsoft has issued a rare out-of-cycle patch for Windows systems that removes Intel’s Spectre patch. That has to be embarrassing for Intel.

When we talk about the attack “variants” we’re referring to specific vulnerabilities. Variant 3 is Meltdown, and Variant 1 and Variant 2 are Spectre. Of these three, Variant 2 (CVE-2017-5715) is proving to be quite difficult to pin down for Intel. This Spectre variant is what’s known as a branch target injection, which could allow an attacker to execute arbitrary code on a system. Needless to say, that’s a very bad thing.

When Spectre was originally discovered, researchers feared the only way to mitigate it would be to disable CPU’s “speculative execution” features, which allow CPUs to work ahead and do calculations that may be needed in the future. This would come with a big performance hit. Google managed to work out an alternative called “Retpoline,” but Intel went its own way.

According to Microsoft, the Intel patch for Spectre Variant 2 has been causing unexpected system glitches, corrupted data, and unexpected reboots. It’s shocking Intel’s patch could be this bad considering it was given advance notice of the defects months ago and had plenty of time to develop the fix. Intel also ran into problems with the Linux patches, which Linus Torvalds called “complete and utter garbage” last week. It even made the patches optional on Linux systems in apparent acknowledgment of how shabby they were.

Emergency Windows Update Removes Intel’s Buggy Spectre Patch

So, where does this leave Intel and users of Intel-based Windows systems? Technically, users are not protected from Spectre Variant 2 right now. The good news is there are no attacks using Spectre in the wild right now. With that in mind, Intel decided that the buggy patch was a greater threat to users than being hit with nonexistent Spectre malware.

If you already took the Spectre update, the new version should be rolling out to your system soon. It’s also available for manual installation from Microsoft’s website. Intel will have to work out a new patch for Spectre. It’s already told hardware vendors to stop distributing the code it put out previously.

Continue reading

Software Bug Delays Ingenuity Helicopter’s 4th Mars Flight
Software Bug Delays Ingenuity Helicopter’s 4th Mars Flight

This appears to be the same issue that caused the delay in Ingenuity's first flight timeline. NASA says it's planning to try this one again today, and we should know in a few hours whether or not it was successful.

Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse
Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse

You might want to keep an eye on your USB ports for the next few days. A security researcher has disclosed a disturbingly easy way to gain admin privileges in Windows 10 without a password, and for once, it's not Microsoft's fault.

Intel Expands its Bug Bounty Program, Says its CPUs are Safer than AMD’s
Intel Expands its Bug Bounty Program, Says its CPUs are Safer than AMD’s

Intel is calling all hackers, and offers an update on the number of vulnerabilities found in its hardware and software last year, with a comparison to AMD.

Minor Software Bug Delays NASA’s Psyche Asteroid Mission by a Year
Minor Software Bug Delays NASA’s Psyche Asteroid Mission by a Year

The motion of the planets is working against NASA here, so even a small delay means Psyche won't be able to launch in 2022 at all, and that puts the science phase of the mission toward the end of the decade.