Published: Tue, January 30, 2018
Sci-tech | By Jackie Newman

Kills Intel's Faulty Spectre Fix to Protect Against Data Loss

Kills Intel's Faulty Spectre Fix to Protect Against Data Loss

The update is now offered only as an out-of-band update that must be manually downloaded and installed, and it has no effect other than to disable the use of this particular Spectre mitigation. Microsoft additionally claimed the Intel fix could, in come cases, cause a loss of data or file corruption.

Intel had confirmed two security flaws - and - in its chips that were vulnerable to hacking. This time, the update is not to fix anything, but to actually remove the buggy Intel fix for the Spectre variant 2 chip vulnerability (CVE-2017-5715). The update will work on Windows 7 SP1, Windows 8.1, and all versions of Windows 10 for client and server.

Upon announcing its patches on Friday and Saturday, Microsoft said affected customers will also need to deploy processor microcode, or firmware, updates through their device manufacturers.

The Journal has reported that the company notified some of its customers about the security flaws found in its processors, named Spectre and Meltdown. Big names like Apple, Amazon, Google and Microsoft were ready relatively quickly, but most everyone else was left racing to fix or mitigate the flaws.

IKEA founder Kamprad dies at 91
The European Commission announced previous year that it launched an investigation into IKEA's tax deals in the Netherlands. But Kamprad lived modestly, buying his clothes at thrift shops, driving an ageing Volvo, and bringing a lunch box to work.

Today's update i.e KB4078130 is available for all supported versions of Windows operating system and it can be only downloaded from Microsoft's Update Catalog.

The confusion around Meltdown and Spectre flaws appears to be getting even more confusing for the end user. The update is now available from the Microsoft Update Catalog website and while it disables Intel's microcode fixes it does leave the fixes for the other two Meltdown and Spectre vulnerabilities intact.

In the rush to issue patches there have been multiple instances of Spectre- and Meltdown-related updates causing problems of their own.

It is a "near certainty" that Beijing was aware of information exchanged between Intel and its Chinese tech partners because local authorities routinely monitor all such communications, said Jake Williams, president of security firm Rendition Infosec and a former National Security Agency staffer. The date of the planned announcement, however, came months after a member of Google's Project Zero security team first detected the flaws in June of previous year - a delay that would allow the companies to come up with a fix to such flaws. Avoiding data loss or corruption is a priority, and with the Intel "fix", they are both a real possibility.

Like this: