Intel Won’t Patch Older CPUs to Resolve Spectre Flaws

Intel Won’t Patch Older CPUs to Resolve Spectre Flaws

When Spectre and Meltdown hit just after New Years, it kicked off a flurry of responses from companies like Intel, AMD, ARM, and Microsoft. Patching the flaws, which exploit flaws in branch prediction and speculative execution, has taken several months, with some high-profile failures: Intel had to yank Spectre patches for certain older systems after it became clear they were causing frequent reboots. Fixes resumed rolling out some weeks later, with plans to patch chips as far back as 2007. Those plans have now been canceled.

Previously, we expected Intel would patch Bloomfield (45nm, Core i7), Clarksfield (45nm mobile Core i7), Jasper Forest (45nm Xeon), Penryn (45nm mobile Core 2 Duo), Yorkfield (45nm Core 2 Quad), and Wolfdale (45nm desktop Core 2 Duo). Intel’s SoFIA line of processors, some of which are still sold today, was also set to be updated as well. None of those updates, however, are going to happen.

According to Tom’s Hardware, Intel’s reasoning was as follows:

After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:

THG suggests that the second reason is probably the most important and we’d agree. “Limited commercially available system software support” likely translates into “We couldn’t convince our motherboard partners (or possibly Microsoft) to distribute updates for us.”

The Jasper Forest update shown here is now canceled.
The Jasper Forest update shown here is now canceled.

It’s not clear how much of a security risk this practically represents. On the one hand, chips from 10-11 years ago aren’t all that likely to be in common use. On the other, the media PC downstairs is still using a Core i7-920. I’ve got family members, plural, with hardware still in daily use that’s this old. It’s not hard to see why. With the minimum requirements for Windows having barely budged in the past decade, there’s no reason a rig from 2008 can’t still be humming along.

It’d be really useful to know how much of this shift was because the exploits can’t really be triggered, versus how much of it is the result of Intel not wanting to pony up the cash to persuade motherboard vendors and/or Microsoft to work with it on patching up older systems. If the CPUs are practically difficult to impact, than not pushing updates is no big deal. If they are, then Intel is potentially leaving millions of systems worldwide unprotected.

Either way, it may be a good time to start considering an upgrade.

Continue reading

Intel Launches AMD Radeon-Powered CPUs
Intel Launches AMD Radeon-Powered CPUs

Intel's new Radeon+Kaby Lake hybrid CPUs are headed for store shelves. Here's how the SKUs break down and what you need to know.

NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space
NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space

NASA reports the probe grabbed so much regolith from the asteroid that it's leaking out of the collector. The team is now working to determine how best to keep the precious cargo from escaping.

Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference
Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference

Intel's Raja Koduri will speak at a Samsung foundry event this week — and that's not something that would happen if Intel didn't have something to say.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.