Endpoint Security , Next-Generation Technologies & Secure Development , Open XDR

Microsoft Patch Nukes Bad Intel Firmware Fix

Fix for Spectre May Result in Lost or Corrupted Data
Microsoft Patch Nukes Bad Intel Firmware Fix
Microsoft's KB4078130 security update disables Intel's firmware fix for Spectre variant 2.

How bad does a third-party fix have to be for Microsoft to issue a rare, weekend update that helps IT administrators disable it?

See Also: Strengthening Defenses with ISO/IEC 27001 Standards: The Frontier of Canadian Cybersecurity

Intel issued a firmware fix for variant 2 of the trio of chip security vulnerabilities known as Meltdown and Spectre (see Expect More Cybersecurity 'Meltdowns').

Then on Saturday, Microsoft released a security update enabling users and IT administrators to disable Intel's mitigation for Spectre variant 2, a branch target injection flaw designated CVE-2017-5715.

"Intel noted that this microcode can cause 'higher than expected reboots and other unpredictable system behavior' and then noted that situations like this may result in 'data loss or corruption,'" Microsoft says in its security update (see Intel: Stop Installing Patches Due to Reboot Problems).

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft adds.

Intel says it's been working overtime with a number of other business partners -including Dell, HPE, HPI, Lenovo and Microsoft - to develop, test and distribute fixed firmware.

Pending the arrival of those fixes, however, Microsoft's out-of-band security update, designated KB4078130, will disable Intel's fix for CVE-2017-5715. Microsoft says its testing has found that applying its update eliminates the stability problems - and potential data loss and corruption - that Intel's firmware patch has been causing.

For "advanced users," Microsoft is also offering another option: the ability to manually enable or disable the fix for Spectre Variant 2 (CVE 2017-5715) "independently via registry setting changes." It has issued instructions aimed both at IT professionals working with endpoints as well as server administrators.

Disabling or not installing a fix for Spectre variant 2 should be considered a temporary strategy, Microsoft says. "As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE-2017-5715) has been used to attack customers," Microsoft says. "We recommend Windows customers, when appropriate, re-enable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device."

Intel's Patch Alert

Microsoft's move follows Intel last week warning users that many of the firmware updates it had released for Spectre were causing instability problems - including frequent rebooting. Many different generations of Intel chips were suffering such problems, including its latest processors, codenamed Ivy Bridge, Sandy Bridge, Skylake, Kaby Lake, Broadwell and Haswell.

Until Intel releases fixes, Navin Shenoy, executive vice president and general manager of Intel's Data Center Group, on Jan. 22 recommended that "OEMs, cloud service providers, system manufacturers, software vendors and end users" - in short, everyone - "stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior."

A five-page guide from Intel, most recently updated Thursday, details which firmware should be avoided and for which specific processors.

Intel has released a list of processors (partial list above) listing their working/non-working firmware updates.

Numerous Spectre, Meltdown Updates Required

Beyond Intel, some chips manufactured by AMD and ARM will also require firmware fixes to protect them from Spectre or Meltdown flaws (see Spectre Reversal: AMD Confirms Chips Have Flaws).

Apple, Cisco, Dell, Fujitsu, Google, IBM, Juniper, Oracle as well as Microsoft are among the many other vendors that must also update users' firmware and operating systems with Meltdown and Spectre protections.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.