Gunnar Assmy - Fotolia

Risk & Repeat: Meltdown and Spectre mitigation efforts stumble

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Meltdown and Spectre mitigations efforts and why they're struggling with bad updates and miscommunication.

Cracks are starting to show in the Meltdown and Spectre mitigation efforts.

Since the critical microprocessor vulnerabilities were disclosed at the start of the month, chipmakers and software vendors alike have combined their efforts to push out patches and microcode updates.

However, Meltdown and Spectre mitigations have stumbled; Intel last week was forced to halt its updates after reports of "higher than expected reboots" for systems running Broadwell and Haswell chips. This led to Microsoft issuing an out-of-band patch to mitigate the Intel update that was causing the reboot issues.

In addition, the Meltdown and Spectre mitigation efforts have included questionable disclosure decisions and communications. For example, confidential Intel documents show the chipmaker didn't notify OEM customers of variant 2 of the Spectre vulnerability until Nov. 29. And Intel isn't alone; after initially saying that variant 2 posed "near zero risk" to customers, AMD was forced to reverse course and announce microcode updates for the Spectre flaw.

Do the issues with the Meltdown and Spectre responses show that vendors weren't prepared? Or are they evidence that the vulnerabilities are much more serious than previously thought? SearchSecurity editors Rob Wright and Peter Loshin are joined by Senior Reporter Michael Heller to discuss those questions and more on this episode of the Risk & Repeat podcast.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How should vendors have better handled the Meltdown and Spectre response?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close