Intel Says Recently Reported Security Flaw is Overblown (Updated)

Posted on January 3, 2018 by Paul Thurrott in Hardware, Windows 10 with 16 Comments

Intel Says Recently Reported Security Flaw is Overblown

Update: The Verge is reporting that Microsoft is releasing an “emergency” security patch for Windows ahead of Patch Tuesday to fix this issue. That’s not the wording Microsoft uses. –Paul

Update: Intel has downplayed the significance of this flaw (which is actually two flaws). –Paul

Intel has finally responded to widespread reports about an undisclosed security flaw in its processors. The flaw is not relegated to Intel chips and is not as serious as reported, the firm claims.

“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” an Intel statement explains. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Intel’s statement was forced by what it calls “inaccurate media reports” to discuss the flaw and resulting exploits; it had originally intended to reveal the issue next week when more software and firmware updates will be available.

Presumably, the processor giant is referring to crap like this post from The Register, which claims that Windows and Linux may have to be fundamentally “redesigned” to fix the flaw. But I’ve been told that Microsoft has already fixed Windows: If you’re in the Windows Insider program, you got the fix two builds ago, and mainstream users will be updated next week on Patch Tuesday as scheduled.

Intel’s statement is deliberately vague, but it does provide a few additional details.

First, this flaw does not impact only Intel chips, as has been reported in many places.

“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” the Intel statement notes. “Many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits.”

Second, Intel is working with its processor competitors on solutions that will help all of their customers.

“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings, and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively,” the statement notes.

And third, and perhaps most importantly, reports about “30 percent” performance declines after the fix are also erroneous.

“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

We should know more next week when Windows and other operating systems are patched.

 

Tagged with

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register