Service Provider Cloud

Intel: We've Patched Most Chips for 'Spectre' & 'Meltdown'

Intel will have patches issued by next week to protect more than 90% of its processors introduced in the last five years, in the wake of disclosure of serious security vulnerabilities affecting nearly every computer user in the world.

In a statement Thursday, Intel Corp. (Nasdaq: INTC) says it is rapidly rolling out updates for personal computers and servers based on its processors "that render those systems immune" to the Spectre and Meltdown security vulnerabilities reported this week. Those vulnerabilities can allow attackers to gain access to a computer's memory, reaping passwords and other confidential information. The vulnerabilities affect virtually every Intel-based system in the world. (See New Intel Vulnerability Hits Almost Everyone.)

More specifically, Meltdown affects virtually every Intel processor made since 1995, and Spectre affects Intel, AMD and ARM processors, according to a statement from researchers.

"Intel has already issued updates for the majority of processor products introduced within the past five years," Intel says. "By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services." (See Intel Chip Vulnerability Sends Cloud Providers Into Patching Overdrive.)

But can Spectre be so easily beaten? The research paper describing the vulnerability suggest a permanent fix is a major undertaking: "While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak."

However, Intel stands by its fix. "With regard to Intel’s products, all the issues disclosed by researchers can be mitigated either by software or firmware updates. That includes both Meltdown and Spectre," a company spokesperson said in an email statement.

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

Intel also pushed back on claims that the patches would slow system performance by 20% to 30%. "Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact," the company said.

We've asked infrastructure suppliers on how their products and customers are impacted, and mostly they still seem to be figuring it out. VMware Inc. (NYSE: VMW) has patches available for its vSphere ESXi, Workstation Pro and Fusion Pro products.

Microsoft Corp. (Nasdaq: MSFT) has patches available for Windows desktops and servers, as well as SQL Server, and says it has "already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder."

Cisco Systems Inc. (Nasdaq: CSCO) issued a statement Thursday afternoon, saying most of its products are not vulnerable. "Although the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable," the company said. Only Cisco devices that allow customers to "execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable," said Cisco.

Also, Cisco products that can be deployed as virtual machines or containers could be targeted by attacks "if the hosting environment is vulnerable. Cisco recommends customers to harden their virtual environment and to ensure that all security updates are installed," the company said, adding that it plans to release software updates to address the vulnerability.

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

Page 1 / 2   >   >>
mhhfive 1/11/2018 | 1:40:45 PM
Re: issued.. but deployed? Founders? Ugh. Wow. That sounds like a cult.... 
Ariella 1/11/2018 | 12:52:27 PM
Re: issued.. but deployed? @mhhf1ve I suspected that Gen x just got its name b/c there was no name -- as in find X in algebra. But I like to ascertain things by looking them up and found  that Time ran an article on the subject: http://time.com/4131982/generations-names-millennials-founders/:

The next cohort — Generation X — gained the perception of being a slacker generation and more realist than their predecessors, and the moniker first came about from a Robert Capa photo essay from the 1950s. But it was popularized as a name for this group thanks to a 1965 book called Generation X as well as 1991 Douglas Coupland book called Generation X: Tales for an Accelerated Culture.

The naming of Gen X began a rather lazy era of alphabetic generational names. Gen Y was soon used for those born between 1980 and 2000. In 1991, however, the term "millennials" was used in the book Generations, and the name eventually became widely accepted, helping Neil Howe become a preeminent expert on generations—and leading to half a dozen books written by Howe on millennials alone.

For this latest generation, Gen Z and Founders are just two of many names in the running for this post-millennial group, including iGen, Homelanders, Plurals, Posts, ReGen, and now, Founders. All of them attempt to reflect some aspect of what defines those roughly 14 years and younger today, whether it's their diversity, their reliance on social media, or their desire to fix what they see as a society disrupted. It just might take a generation to know which name will win out.
mhhfive 1/11/2018 | 12:00:48 PM
Re: issued.. but deployed? Congrats.. that's a big milestone. (Who names these generations, anyway? Millenials and Baby Boomers make some sense, but X, Z?)
Ariella 1/10/2018 | 9:32:58 AM
Re: issued.. but deployed? @mhhf1ve yes. We're not coming up to Gen Z entering college soon. I have one of those -- set to finish high school next year.
mhhfive 1/10/2018 | 9:27:48 AM
Re: issued.. but deployed? This discussion reminds me to lookup the Beloit Mindset list -- which just informed me that the last of the millennials are just entering college. As well as a bundle of other tidbits that make me feel old.

It's a good read still: https://www.beloit.edu/mindset/
Ariella 1/10/2018 | 8:53:31 AM
Re: issued.. but deployed? @mhhf1ve the site admits that there aren't completely clear boundaries between certain generations, so it just went with that as the earliest year. I'd probably have gone for 1980 just to have the decades clearly demarcated. 
mhhfive 1/9/2018 | 9:06:38 PM
Re: issued.. but deployed? Wow. I can't believe Millenials were born in 1977?? That doesn't seem right to me, but I guess the boundaries aren't exact.... 
Ariella 1/9/2018 | 5:43:53 PM
Re: issued.. but deployed? @mhhf1ve You're right; it was founded in 1975,  and the Millenial genration was born only from 2 years after, according to this: http://genhq.com/generational_birth_years/. But if we go by the year in which it went public -- 1986-- then it would make the cut.
mhhfive 1/9/2018 | 4:48:24 PM
Re: issued.. but deployed? No way. Msft is at least 40yo, no? That's not a millennial. That's like Gen X or something.
Ariella 1/9/2018 | 3:36:31 PM
Re: issued.. but deployed? @mhhf1ve Well, Microsoft may count as a Millenial and so expect praise for doing just what its job description entails.

Page 1 / 2   >   >>
Sign In