Microsoft issues emergency Windows update to disable Intel’s buggy Spectre fixes. Microsoft has been forced to issue a second out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some computer systems to spontaneously reboot. Intel then warned that its buggy firmware updates could lead to “data loss or corruption.”
Intel is advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1, and Windows 10 systems to disable protection against Spectre variant 2. Microsoft says its own testing has found that this update prevents the reboots that have been occurring.
Microsoft’s update can only be manually downloaded right now Microsoft has issued the update as part of its Windows Update catalog, which means you’ll need to download it manually for now. It’s worth applying it to systems that are experiencing the issues since Intel’s buggy firmware updates. Microsoft is also releasing a new registry key setting for impacted devices, allowing IT administrators to manually disable or enable the Spectre variant 2 protections.
Intel says it has identified the issues behind the unexpected reboots on its Broadwell and Haswell processors and is working toward releasing an update that addresses the exploits without causing random reboots and data loss. Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors are also affected, and Intel says it’s “actively working on developing solutions” for those platforms too.
It’s clear patching for Spectre variant 2 has been a mess based on how quickly the software updates needed to be built and distributed. Buggy Intel firmware updates, problems on some AMD machines, and two emergency Windows updates in a month is strong evidence that these patches weren’t tested widely enough before their release.
The update can be downloaded from the Microsoft Update Catalog website. The update leaves in place fixes for the other two vulnerabilities that make up Meltdown and Spectre. http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4078130
Microsoft has also provided an option to manually disable and enable the mitigation for Variant 2 via special registry key settings. Links to the registry setting instructions can be found on Microsoft’s support page. https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
Given that there are no known reports of attacks on Spectre Variant 2, it would seem the greatest risk to computer systems and data at this time is Intel’s buggy microcode fix.