Dive Brief:
- Microsoft stopped issuing patches following the Meltdown and Spectre vulnerabilities because users with AMD devices are becoming "unbootable" with a blue screen after the Windows security updates, according to the company. Microsoft found that certain AMD chips don't "conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations."
- Microsoft is working with AMD to resolve issues presented by customers impacted by the Windows Update and Windows Server Update Services (WSUS). However, Microsoft instructed users to contact AMD directly for specific chip-related inquiries, according to a Microsoft spokesperson.
- The company acknowledged that customers with older versions of Windows, such as Windows 7 and 8, "will notice a decrease in system performance," according to a company statement. But users running Windows 10 on older hardware may also face the same decrease in performance.
Dive Insight:
Vendors impacted by the Meltdown and Spectre security flaws have been frantically issuing patches to vulnerable customers.
Meltdown and Spectre are said to grant access to bad actors to "otherwise protected kernel memory," allowing them to exploit personal information or release more malware onto a device, according to researchers. There is no way of knowing if someone's device has already been exploited.
The only way to eliminate all risk is to replace the CPU hardware. The patches distributed by vendors including Microsoft, Apple and Google are only to mitigate further risk.
Meltdown impacts nearly all modern Intel chips from the last two decades while Spectre affects other modern processors and smartphones. Chip manufacturers are under mass scrutiny as nearly every device with a chip is vulnerable.
However, Intel announced it would not be issuing a recall. CEO Brian Krzanich said the fix is much easier than "overblown" reports are saying, reports CNet. Prior to the exploits' disclosure, Krzanich sold of a portion of stock, raising concern over the timing.
The company maintains the decision was already arranged with an "automated schedule." But due to the size of the sold stock, the U.S. Securities and Exchange Commission is expected to look into it, reports Bloomberg.