Microsoft Stops Issuing Spectre & Meltdown Patches…. And Intel Told The Chinese About These Flaws Ahead Of The US

It seems that Microsoft has joined Intel, HP and Dell in stopping people from installing the mitigations for Spectre and Meltdown according to Bleeping Computer via an emergency patch that appeared over the weekend.

Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update — KB4078130 — targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused “higher than expected reboots and other unpredictable system behavior” that led to “data loss or corruption.”

HP, Dell, and Red Hat took previous steps during the past week.

So, that is pretty bad. But here’s something that’s worse. It appears that Intel might have told the Chinese about these chip flaws before it told the US Government. Here’s why that’s bad:

Intel Corporation initially warned a handful of customers, including several Chinese technology firms, about security flaws within its processor chips, while at the same time not telling the U.S. government, The Wall Street Journal reported Sunday. 

Security experts told the newspaper that the decision could have allowed Chinese tech companies to flag the vulnerabilities to Beijing, giving the Chinese government opportunity to exploit them. 

Now that’s really bad. Clearly the response to these chip flaws has been sub-optimal to say the least. Thus I am fully expecting more bad news to appear on this front in the coming days.

Advertisements

One Response to “Microsoft Stops Issuing Spectre & Meltdown Patches…. And Intel Told The Chinese About These Flaws Ahead Of The US”

  1. […] only a matter of time before someone tried to exploit them. That makes the screw ups in trying to patch these holes, along with the non-action by some companies in not patching these holes a big issue. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: