New Intel guidance confirms hundreds of older chips will not receive the latest Spectre microcode patch, while...
the newly announced Core i9 CPU will have the Spectre fix by default.
According to a new guidance report, the development of Intel microcode patches for Spectre and Meltdown will be "stopped" for approximately 12 different CPU families, covering more than 230 processor models. Intel said the reasons for halting progress on the patches were a combination of the "micro-architectural characteristics" of the CPUs preventing the implementation of a patch, limited software support for the devices and the likelihood of exposure potentially being lower for the affected systems.
Intel asserted that customers generally use the affected chips in "closed systems," which would not be at risk to the Meltdown and Spectre malware that has been seen in the wild.
The CPUs that aren't scheduled to receive the Spectre Intel microcode patch for variant 2 of the vulnerability are generally older -- most were released between 2007 and 2011 -- but the age of the chips doesn't appear to be a deciding factor. Previous patches for variant 2 of Spectre, which involves branch target injection, were pulled earlier this year after customers reported reboot issues. Five other Intel CPU families originally released in 2009 and 2010 -- Arrandale, Clarkdale, Lynnfield, Nehalem and Westmere -- do have Spectre patches in production, according to the guidance.
"We've now completed release of microcode updates for Intel microprocessor products launched in the last nine-plus years that required protection against the side-channel vulnerabilities discovered by Google Project Zero," an Intel spokesperson told SearchSecurity. "However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback."
Coffee Lake and future Spectre mitigations
In addition to working on the Spectre microcode patch for older CPUs, Intel has been ensuring new chips are protected, as well. On April 3, Intel announced the eighth generation of Core i9 CPUs, Coffee Lake, which will ship with Spectre mitigations.
The new Coffee Lake chips will ship with software and firmware updates to mitigate against Spectre and Meltdown, but a source close to Intel said these protections are similar to the previous microcode patches and are not to be confused with forthcoming CPUs that have hardware-level changes to protect against Spectre and Meltdown attacks.
Those CPUs are not due to be released until the second half of 2018 and will include hardware changes to mitigate variant 2 of Spectre. They will still require a Spectre microcode patch to protect against variant 1 of the vulnerability.