Intel Recommends Users Stop Deploying Spectre and Meltdown Patches
Microprocessor manufacturer Intel today announced that users and enterprises should outright stop installing the security update patches intended to correct the Meltdown and Spectre flaws inherent in their microprocessors. The deployment halt comes from ever-increasing reports of substantial slowdowns and forced reboots on servers and endpoints that installed the patches.
Intel said through their spokesperson Navin Shenoy that they are aware of the issue causing higher-than-expected reboots and are working to deploy functional patches. Some customers have reported slowdowns of as much as 20% during busy periods; Intel’s own investigations revealed possible slowdowns between 2% and 25%. They have uncovered the effects that forced them to advise against the patches, and apologized for “any disruption” while they work to solve this issue.
The news has created an uproar among cybersecurity professionals, OS designers, and other tech observers. Linux creator Linus Torvalds called Intel out in an expletive-ladened forum post, calling the patches “complete and utter garbage.” IDC analyst Mario Morales stated to Reuters that Intel has not resolved the issue and may not even understand what is happening with the flaws. Director of Strategic Relationships and Marketing for Plixer Bob Noel said the patching halt “leaves end users vulnerable with no available options other than to wait for a stable fix.”
In response to these criticisms, Intel made another statement: “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.”
This update is part of our ongoing coverage on the haunting of those phantasmal threats Meltdown and Spectre. Both threats are backdoors that use microprocessors’ natural processes to access normally-secured memory banks and obtain valuable data. Neither has been exploited outside of laboratory conditions, but experts are increasingly concerned of the possibility of a zero-day attack if proper patches aren’t deployed in time.