comscore
News

Spectre vulnerability: Intel won't patch older chips

Intel is not going to patch these chips for the Spectre flaw, raising new security concerns.

  • Published: April 5, 2018 10:06 AM IST
meltdown spectre main

The chip-related security flaw, Spectre, which was identified last year is still being patched. The vulnerability has reportedly existed for over 20 years in modern processor architectures and now, Intel has decided to not issue the security patch for older chips.

This week, Intel updated its patching guidance for Spectre. The chipmaker had earlier said that it will issue patches for the critical flaw to all the affected chips. However, it has now clarified that some product lines will not receive the patch. These include the Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Wolfdale line, and the Yorkfield line.

In its statement, Intel says it is not issuing the patch for older chips because of the following reasons:

– Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715).
– Limited Commercially Available System Software support
– Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Of these, the SoFIA 3GR is a fairly recent chip from 2015 and is not very old. It is known that patching the major security flaw has been quite a challenge for Intel and Microsoft. Now, as the company states, owing to the limited commercially-available system software support, the decision has been taken not to update older chips.

Intel seems to ask consumers to upgrade their systems if they want protection from the security flaw. As Tom’s Hardware explains, Intel develops the microcode update for its own processors which can be delivered only through a BIOS or OS update. However, if motherboard manufacturers or Microsoft are unwilling to deliver the patches, then Intel has no choice but to not develop the updates.

Watch: Bitcoin: Everything you need to know

In a statement to the publication, Intel explained it has “completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”

  • Published Date: April 5, 2018 10:06 AM IST