Dive Brief:
-
Following reports of "higher system reboots," Intel told its customers — including original equipment manufacturers, cloud service providers, system manufacturers, software vendors and end users — to "stop deployment" of the current version of issued patches, according to a company announcement. This is the second time Intel has advised its customers to delay patches following the disclosure of the Meltdown and Spectre vulnerabilities.
-
Intel found the "root cause" of the reboots, and updated patches will be released following testing done by the company's "industry partners." Additional information is expected later this week.
- "I really don't want to see these garbage patches just mindlessly sent around," said Linux creator Linus Torvalds in an open email with an Amazon engineer, reports TechCrunch. Linux memory kernels were among those impacted by the flaws.
Dive Insight:
Intel's handling of the Meltdown and Spectre vulnerabilities only added to its mounting scrutiny. The company was quick to defend itself after third-party researchers discovered the chip flaws dating back about two decades.
Though Intel's chips were not the only ones at risk, its distribution of patches has been less than ideal. Intel CEO Brian Krzanich told customers that 90% of CPUs from the last five years were expected to have updates by Jan. 15.
That date has since passed, and the company is prolonging its own deadline for patches. Vendors, including Microsoft, have all issued their own patches. However, early on, Microsoft customers were also experiencing a "decrease in system performance." Ultimately the company chalked up the performance deficiencies on the size of workloads.
Still, patches do not resolve the entire issue of the flaws. All CPU hardware needs to be replaced to completely resolve security concerns, an issue that Intel has not yet publicly owned up to ... or apologized for.
