Update: The Verge is reporting that Microsoft is releasing an “emergency” security patch for Windows ahead of Patch Tuesday to fix this issue. That’s not the wording Microsoft uses. –Paul
Update: Intel has downplayed the significance of this flaw (which is actually two flaws). –Paul
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
Intel has finally responded to widespread reports about an undisclosed security flaw in its processors. The flaw is not relegated to Intel chips and is not as serious as reported, the firm claims.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” an Intel statement explains. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
Intel’s statement was forced by what it calls “inaccurate media reports” to discuss the flaw and resulting exploits; it had originally intended to reveal the issue next week when more software and firmware updates will be available.
Presumably, the processor giant is referring to crap like this post from The Register, which claims that Windows and Linux may have to be fundamentally “redesigned” to fix the flaw. But I’ve been told that Microsoft has already fixed Windows: If you’re in the Windows Insider program, you got the fix two builds ago, and mainstream users will be updated next week on Patch Tuesday as scheduled.
Intel’s statement is deliberately vague, but it does provide a few additional details.
First, this flaw does not impact only Intel chips, as has been reported in many places.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” the Intel statement notes. “Many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits.”
Second, Intel is working with its processor competitors on solutions that will help all of their customers.
“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings, and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively,” the statement notes.
And third, and perhaps most importantly, reports about “30 percent” performance declines after the fix are also erroneous.
“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
We should know more next week when Windows and other operating systems are patched.
skane2600
<p>If there were really a 30% performance hit, I'd be inclined to take my chances and not install updates. Since I had to drop back to Windows 7, I could avoid them. Hopefully Intel is correct about the performance not being degraded too badly.</p>