Second Spectre, Meltdown Patches For Intel Haswell And Broadwell Released
Intel is resuming its rollout of patches for the Spectre and Meltdown exploits, especially for machines that have automatically rebooted in the initial update.
The first patch release for the Spectre and Meltdown exploits were done in the first week of January and it did not go well with some machines running with Broadwell and Haswell CPUs. It was because Intel's January patch has caused some laptops to restart automatically after installing the firmware.
On a company blog post dated Jan. 22, executive vice president and general manager Navin Shenoy asked the community to avoid the firmware update, saying, users, manufacturers, cloud service providers, and others should "stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior."
The semiconductor manufacturing company also asked their customers to wait for further announcements regarding developments on the firmware updates.
Now, Intel has released a pdf document detailing the progress of the patch for the Spectre and Meltdown exploits. According to their microcode revision guidance, Broadwell and Haswell CPUs are ready to receive the patch for Spectre and Meltdown.
Specifically, patches for Broadwell CPUs with CPUIDs 50662, 50663, 50664, 40671, 406F1, 306D4, and 40671 are in production status, which means Intel has completed the validation and is allowing customers to use the microcode updates. For Haswell CPUs, those with CPUIDs 306C3, 40661, 306F2, 40651, and 306C3 are ready to receive the firmware update.
There are only two CPUs from the Haswell and Broadwell generation that have firmware updates still under beta status: Broadwell Server EX CPUID 406F1 and Haswell Server EX CPUID 306F4.
Updating to the latest CPU firmware is crucial because Spectre and Meltdown exploit attacks a device or a machine on a deeper level. These exploits are different yet related in some aspects.
The Spectre exploit takes advantage of the CPUs speculative execution, which is an optimization technique employed by Intel and other chip manufacturers in order to make processers work faster.
And because cache versions of highly sensitive data are retained during the CPUs execution of computing commands, hackers can illegally trick the CPU to check and reveal the cache version of a data, be it a password, secret files, bank account details, among others. This gives them a leeway to copy personal data.
Meltdown, meanwhile, breaks down the isolation or wall between a computer program and the computer kernel via the memory used by the kernel. This also gives attackers an opportunity to steal sensitive data stored in the memory.