Microsoft Steps In to Correct Errant Intel Patch on Windows

Posted on January 29, 2018 by Paul Thurrott in Hardware, Windows, Windows 10 with 10 Comments

Microsoft Steps In to Correct Errant Intel Patch on Windows

Last week, Intel confirmed what many PC users had suspected: Its first firmware patch for the recently-revealed Spectre and Meltdown vulnerabilities was so buggy that PC makers stopped deploying it. And over the weekend, Microsoft stepped in too, issuing a software update for Windows users that reverses the Intel-created patch.

Right. It’s a fix for a fix.

“We have received reports from a few customers of higher system reboots after applying firmware updates,” an Intel advisory notes. “Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.”

I’m reasonably sure that I’ve experienced problems from this patch: My HP desktop PC, which did get a BIOS firmware update in the wake of Spectre and Meltdown, no longer reboots properly. But the HP Spectre 13 laptop that I’m currently reviewing never received this update, and HP has halted it, and the firm is waiting for a more reliable version.

I’m not aware of any PC makers that are actively patching the errant fix. And I’d imagine that many are simply waiting for the improved version from Intel so that they can deploy that to their customers.

But Microsoft isn’t waiting. Over the weekend, it issued an out-of-band security update to address this problem.

“Our own experience is that system instability [caused by the Intel patch] can in some circumstances cause data loss or corruption,” a Microsoft support note explains. “We understand that Intel is continuing to investigate the potential impact of the current microcode version … While Intel tests, updates and deploys new microcode, we are making available an out of band update that specifically disables only the mitigation against Spectre variant 2 [which is the buggy patch].”

The update was made available to those who had installed the Intel patch on Windows 7 (Service Pack 1 or higher), Windows 8.1, and Windows 10 (all versions), on both client and server. You can also install it manually from the Microsoft Update Catalog, which ironically is styled like Windows XP. Microsoft also provides a manual workaround for those who wish to tackle this problem themselves: Check out the support note for details.

“There are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715) has been used to attack customers,” Microsoft concludes. “We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.”

I’m sure the next Intel patch will work great. Cough.


Tagged with ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (10)

10 responses to “Microsoft Steps In to Correct Errant Intel Patch on Windows”

  1. Engineerasaurus

    This appears to just add the flexibility to enable/disable the mitigations with registry key values. This takes the W10/W7 patch behaviour to be the same as that which was already being used in the server patches (W2008R2/etc.).

  2. PincasX

    There is a saying “It’s one thing to step on your own dick, it is another to jump up and down on it while yelling ‘Hey! Look at me.” Intel appears to have chosen the latter in this situation. Their handing of this has been abysmal.

  3. Igor Engelen

    One of the last patches on server OSes you had to set reg keys to enable the mitigation, on client OSes this was done by default. This fix just reverts the registry entries.

  4. Tony Barrett

    My opinion of this whole Meltdown/Spectre thing is that, in general is poses an insignificantly tiny risk to the average user. What it does pose though is a very high profile problem for Intel, and they're not dealing with it very well at all. The whole situation has been blown completely out of all proportion - yes, it's a real bug, and yes, it affects pretty much every Intel CPU in the last 10 years (and AMD with Spectre to an even lesser extent), but it's more about accountability and massive companies like Intel and Microsoft who probably realize the very low risk, but can't be seen to be doing nothing, and these are two companies who have been in each others pockets forever.

    Intel screwed up, big time, and now they're floundering about struggling to deal with it. What they really want is for everyone to buy new CPU's when the announce their 'free from Meltdown/Spectre bugs' processors later in the year, but that ain't gonna happen. Confidence is hard won and easily lost. Intel haven't had a very good 6 months, yet they're big enough and rich enough to ride it out, take it on the chin, and move on. Hopefully.

    The press love a good story though, and they're not letting this one go. That's part of the problem. It's reported day in and day out in all the tech and national press, TV news etc. You'd have thought the world was about to end. It isn't, believe me. Not yet anyway.

  5. Waethorn

    So predictive computing has become a liability. "AI" is just bullshit: there's always a Real Human pulling the strings and pushing buttons behind it. So when is the computing industry going to give up on this whole endeavour and just give people what they want: fast computing that works on the user's terms and just does what it's told?

    Oh and BTW: Raspberry Pi's ARM chips don't use branch prediction. Time to scale up those processors into higher-wattage versions with active cooling and we don't have to deal with any of this garbage.

    The only thing predictable about predictability is that it's inherently unpredictable.