Intel Releases Fixed Spectre Patch For Skylake CPUs

Intel announced that it has released to its hardware partners a fixed version of its previously bugged Spectre-mitigating patch for Skylake CPUs.

After about two weeks since its last update on the issue, Intel would like us all to know that it hasn’t forgotten about fixing the faulty BIOS updates that were distributed en masse to patch the Spectre Variant 2 vulnerability in its CPUs. If this sounds sarcastic, it’s because it’s hard not to be after reading Intel’s latest progress update on its efforts. Yes, briefly mentioned in there is the statement that Intel has released a fixed microcode update to system OEMs for Skylake CPUs, but the other 65% is just to teach us all the importance of patching our systems because “as many as 85 percent of all targeted attacks can be prevented with – among other things – regular system updates.” That statement would be more relevant if the updates didn’t cause said systems to randomly reboot.

Sarcasm aside, at least Intel has made progress on the issue. The company’s last update said that progress had been made on root-causing the issue on Haswell platforms, but evidently that hasn’t borne fruit yet. Not only has Spectre 2 not yet been patched for a huge number of users, but a possibly equally huge number of users are currently stuck with the effects of Intel’s previous, buggy patch. Earlier, we reported that examples of Meltdown and Spectre exploits have already been spotted on the net, so what was once consolation in there being no evidence of Spectre-based exploits might be disappearing.

Intel’s microcode updates are given to system OEMs that distribute them to users in the form of system BIOS updates. Intel previously said that it had made available an interim patch without the Spectre Variant 2-related elements that was the cause of the random-reboots. We haven’t seen any system OEM release a BIOS update based on it, however. To help those with systems affected by the random-reboot issue in the meantime, Microsoft released a Windows-based kill-switch that is capable of nullifying Intel’s bugged patch.