Intel's Meltdown Damage Control Continues with Microcode Updates
In its recently updated "Microcode Revision Guidance" document (PDF), Intel shared details about the progress of its firmware patches to address potential Meltdown and Spectre attack scenarios.
The chipmaker has also "released production microcode to our OEM [original equipment manufacturer] customers" for processors using its Kaby Lake, Coffee Lake and additional Skylake technologies, according to an announcement. Intel is addressing sixth-, seventh- and eighth-generation processors now, plus Intel Core X. It's also addressing Xeon Scalable and Xeon D processors for datacenters.
Meltdown and Spectre are attack methods demonstrated publicly by researchers in January that affect most computer processors. Addressing these vulnerabilities involves applying a firmware (or microcode) patch to the CPU and also an operating system update to Windows and Linux systems.
Typically, the microcode patches from the chip vendors get tested by OEMs first before public release, but these releases haven't been without problems. For instance, there have been bricked AMD-based machines after Windows updates, and there have been reboot problems associated with Intel-based machines after some microcode updates were applied.
Intel's updated "Microcode Revision Guidance" perhaps will be helpful for IT pros. They need to check which microcode updates were approved for "production" use by the OEMs, which typically are computer makers such as Dell, HP, Toshiba and the like. In some cases, if their computer vendor isn't deemed to be an OEM (that is, it's just a PC builder that puts together computer parts), then they'll have to get approved microcode updates from the CPU makers, such as AMD, Intel, Nvidia and more. In that case, the key information to go by for Intel chip users is the "Production Status" column in Intel's guidance document.
The patches released so far typically have been for Meltdown attack scenarios. Spectre is considered to be a harder problem for the computer industry to fix, and the released patches may not be addressing it. While malware using the techniques hadn't been detected "in the wild" by researchers who disclosed the techniques back in January, AV-Test detected some malware samples earlier this month that could be using the techniques.
Organizations likely will have tracking burdens regarding the OS and microcode updates for Meltdown and Spectre. Microsoft recently added some Meltdown and Spectre update tracking capabilities into its Windows Analytics tool for organizations to that end, but using it involves permitting some "telemetry" information sharing. The updates, when applied, will have the effect of slowing down systems in some cases, depending on the workload.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.