- Intel now says users should avoid installing and partners should stop distributing the patch it issued to protect against the Meltdown and Spectre attacks.
- The company had already acknowledged that the patch could lead to unexpected reboots, but had previously publicly advised users to install it anyway.
- The company has found the root cause of the problem – at least for some of its chips – and is working on a new patch.
- Intel is offering mixed messages – telling users to keep their computer systems up-to-date, but to avoid this fix.
- Consumers who have been trained to install any and all security updates may find it difficult to figure out how to avoid installing this particular patch.
When it comes to protecting computers from the Spectre and Meldown attacks, Intel issued some new advice Monday: customers and companies should avoid installing and its partners should stop distributing the fix it issued to address them.
Unfortunately for consumers, that may be easier said than done.
Intel previously acknowledged that the software patch it issued appeared to be causing some customers’ computers to reboot more frequently than normal. Intel said Monday it had identified the root cause of the reboot problem and is working on a new patch. In the meantime, the company said users shouldn’t install the old one.
“I apologise for any disruption this change in guidance may cause,” Navin Shenoy, executive vice president of Intel’s Data Center Group, said in a blog post. “The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.”
Intel’s announcement is likely to cause confusion for many consumers. At least for Windows users, patches such as the one Intel issued typically come through the Windows Update feature, not from Intel itself. It can be difficult to comb through those updates to weed out and avoid particular ones. And many consumers have been trained to just automatically install all security updates that come along.
Indeed, in virtually the next breath after telling users not to install this particular patch, Shenoy advised users to keep their computers updated – a decidedly mixed message at best.
“We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date,” he said.
The Spectre and Meldown attacks are made possible by an underlying vulnerability that affects nearly every computer chip and the vast majority of every PC, tablet and smartphone made over the last 20 years. The attacks, which became public earlier this month, could allow a malicious actor to exploit that vulnerability and get access to the secret data that’s on a computer, including passwords. Intel chips are particularly vulnerable to the Meltdown attack.
The rebooting problem was reported early on
Ever since Intel started issuing its patch for the vulnerability on January 3, some PC users have reported that their machines were rebooting more frequently that normal. The following week, Intel, in a blog post, acknowledged it was aware of the issues with the patch, noting that they seemed to particularly affect its fourth-generation Haswell and fifth-generation Broadwell chips, and said it was looking into the problem.
At the time, the company publicly advised users to continue to update their PCs with the fix. But quietly, the company told some users they should “delay” installing it, according to the Wall Street Journal.
Now the chip maker is giving that advice to everyone.
Intel has identified the root cause of the rebooting problem for Haswell and Broadwell chip models, Shenoy said. It’s testing a new patch with partners, he said.
There are still several Intel chip models that are reportedly experiencing rebooting issues, including its second-generation Sandy Bridge, third-generation Ivy Bridge, sixth-generation Skylake, and seventh-generation Kaby Lake models. A spokesperson for Intel told Business Insider that the company is working on the Haswell and Broadwell chips first, and will subsequently work on fixes for other models.
You can find a full list of Intel chips that are affected by the Spectre and Meltdown bugs here.
Unfortunately, there isn’t much those who are affected with the rebooting issues can do until Intel releases the new patch. Business Insider will report when the company announces it.
While you may not want to update your PC via the usual Windows Update feature quite yet, you should update individual software, apps, and programs, including your web browser.