Microsoft disables 'buggy' Intel patch


Microsoft is aware that some of the updates might not be rolled out right away and have issued a set of instructions on how to manually disable the Spectre Variant 2 using the registry keys.

The update is for Windows 7, Windows 8.1, and Windows 10 systems, and installing it will disable the protection against the Spectre variant 2 until Intel can find a solution to the problems of their firmware upgrades. "We understand that Intel is continuing to investigate the potential effect of the current microcode version, and we encourage customers to review their guidance on an ongoing basis to inform their decisions".

The update (KB4078130) disables the mitigation against CVE-2017-5715 - branch target injection vulnerability only.

This latest move was made after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behaviour" that led to "data loss or corruption".

Intel had issued its software patch to address a security issue affecting millions of its processors worldwide.

More news: Bruno Mars wins best album, song at 2018 Grammy Awards
More news: United States stocks open higher after earnings reports
More news: Nafta negotiators open key round of talks amid upbeat signs

On 22 January, Intel told customers not to install one of the security updates it had issued, as the software patch was causing more problems.

Microsoft's update is meant to prevent that behaviour.

As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers.

On 3 January, Intel announced that a design flaw in its microprocessors left systems vulnerable.

In other developments related to Spectre and Meltdown, which also affect many CPUs made by ARM and AMD, The Wall Street Journal reported yesterday that Intel's initial disclosures about the vulnerabilities were made to "a small group of customers, including Chinese technology companies, but left out the USA government".