Intel Issues Updated Spectre Firmware Fixes For Newer Processors

Intel has issued a firmware fix to help its Kaby Lake, Coffee Lake and Skylake processors address the Spectre security flaw.

Intel has issued updated microcode to help protect its newer processors from Spectre security exploits.

The Santa Clara, Calif.-based company’s new microcode updates – which impact its newer chip platforms, such as Kaby Lake, Coffee Lake, and Skylake – have been released to OEM customers and partners.

“This represents our 6th, 7th and 8th Generation Intel Core product lines as well as our latest Intel Core X-series processor family. It also includes our recently announced Intel Xeon Scalable and Intel Xeon D processors for data center systems,” said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, in a statement.

Spectre and Meltdown, which account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users’ protected data.

While Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, Spectre tricks other applications into accessing arbitrary locations in their memory. The security flaws, which were first disclosed by Google Project Zero in early January, impact an array of processors on the market, including those from Intel, ARM and AMD.

The company initially released patches addressing the Spectre and Meltdown vulnerabilities in January, but later yanked its patches for the Variant 2 flaw – both for client compute and data center chips – after acknowledging that they caused “higher than expected reboots and other unpredictable system behavior.”

And while Intel last week announced it was re-issuing fixes for several Skylake-based platforms, the company had not given further details for its other newer processors – including Kaby Lake and Coffee Lake – until Tuesday.

In addition to its newer Skylake, Kaby Lake and Cannon Lake platforms, Intel said in the post that it has “now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it.” The chip giant also updated its scheduling around microcode updates for Spectre and Meltdown, showing that it is currently in the beta phase of production for updating certain models of its Ivy Bridge, Sandy Bridge, Haswell, and Gladden platforms.

Intel has been looking to step up its security game on the heels of Google Project Zero’s discovery of Meltdown and Spectre. Last week the company launched a new bug bounty program focused specifically on side channel vulnerabilities similar to Spectre and Meltdown, with potential awards for disclosures totaling up to $250,000. Also last week, Intel released a new whitepaper detailing Google’s software fix for Spectre, called Retpoline.

“The new microcode will be made available in most cases through OEM firmware updates. I continue to encourage people to always keep their systems up-to-date,” said Shenoy in the statement.

Suggested articles