Intel Meltdown, Spectre Updates Roll Out for Older CPUs, Including Ivy, Sandy Bridge

Intel Meltdown, Spectre Updates Roll Out for Older CPUs, Including Ivy, Sandy Bridge

Intel has released a new set of updates for the Meltdown and Spectre bugs that we first learned about in early January. It’s critically important to patch and update systems to avoid exposure to these flaws.

Intel’s strategy has been to fix its newest systems first, followed by the earlier models. The fix rollout hasn’t been smooth; Intel had to pull back an entire set of updates and fixes at one point because they caused frequent reboot issues. Those problems have been resolved to the best of our knowledge, and anyone with an Intel CPU from any generation should be updating as soon as possible.

Intel has been steadily updating its microcode document as new fixes roll out. This time around, we’ve got patches for the Ivy Bridge and Sandy Bridge families, plus various server variants of both chips, as well as some Haswell cores that weren’t previously covered. The chips that still need to be patched are all older than Sandy Bridge, including Intel’s 32nm Westmere parts (the first six-core CPUs based on Nehalem), the quad-core Nehalem architecture (Bloomfield, Lynnfield), and several mobile 32nm chips like Arrandale and Clarkdale.

Intel Meltdown, Spectre Updates Roll Out for Older CPUs, Including Ivy, Sandy Bridge

In addition to patching up the entire Nehalem family tree, Intel will also be delivering patches for some older Core 2 Quad and Core 2 Duo processors, though these patches are still in the early stages of production. The company has taken heat for how it handled the unveil and rollout, but at least as far as the technical side of things, Intel seems to have the problem well in-hand with fixes dropping on a regular basis.

That’s a good thing, seeing as Spectre can be used to break the protections Intel offers with SGX (Software Guard Extensions). This latest research paper doesn’t identify a new attack in addition to the two Spectre variants, it just (“just”) illustrates how those two flaws can be used to crack into other secure repositories to give would-be thieves access to yet more information. That’s part of what makes Spectre and Meltdown serious. They’re not just flaws in and of themselves; they’re flaws that can be exploited to exfiltrate data out of other supposedly secure repositories.

If your motherboard manufacturer hasn’t issued any updates for your system, keep an eye on Windows Update. Microsoft has been delivering microcode updates for Intel systems, including through KB4090007. That update only runs through the end of February; it’s not clear if MS will create a new update to patch up Haswell and previous processors, or if it’ll keep the same KB number but roll up the latest changes. The performance impact of these patches on Sandy and Ivy Bridge still hasn’t been tested; newer CPUs have seen modest declines on the order of 5-7 percent, with a few outliers as high as 13 percent

Continue reading

AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects
AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects

It has been difficult to buy high-end PC components for nearly six months. There are a number of reasons for this, including pandemic-related impacts, the related surge in demand for all computing hardware, and supply shortages. A lot of eyeballs have been trained on foundries like TSMC, to the point that national governments have put…

AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs
AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs

AMD has disclosed a potential security vulnerability on its Zen 3 CPUs with similarities to the Spectre attack from several years ago, but the company believes the risk is minimal.

Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist
Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist

Researchers are claiming to have found a new type of Spectre attack that bypasses all existing protections, but that framing isn't well supported.

LG Announces Monitor with Crazy 16:18 Aspect Ratio
LG Announces Monitor with Crazy 16:18 Aspect Ratio

LG's new panel eschews the ultrawide Zeitgeist for a monitor that's basically a really big square.