Intel's Spectre and Meltdown advice just changed over reboot issues

If you were about to install Intel's fix for Spectre and Meltdown, don't be so fast: the chip company is advising those with certain processors to avoid the security patches currently available. Intel began pushing out fixes along with the help of its system partners earlier this month, as it tried to deal with the twin security issues identified by Google Project Zero and others. However, that process hasn't been entirely smooth-running.

Initially, plenty of attention was paid to just what sort of performance hit users could expect as a result of the patches. Early fears of a significant slowdown seemed to be unfounded, though independent testing of both consumer and server processors from Intel's line-up did show some impact after the updates were installed. Others, though, ran into a more pressing problem.

Users of computers based on Intel Haswell or Broadwell processors reported a greater than typical number of unexpected restarts. It's been impacting both consumer and server systems, the chip-maker confirmed back on January 11, though at that point the advice was to continue applying whatever software updates were being released. Now, though, that's guidance has changed.

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior," Intel said today. The company began testing a new version of the fix over the weekend, but it seems it's not ready for public primetime quite yet. Instead, "we also ask that our industry partners focus efforts on testing early versions of the updated solution for Broadwell and Haswell we started rolling out this weekend, so we can accelerate its release," the company said.

Since leaving systems unpatched could mean they're more vulnerable to a Spectre or Meltdown hack, though, Intel also has an interim plan in the works. It's also working on a previous version of its patch which doesn't, apparently, lead to the reboot problem in Haswell and Broadwell systems. However, that was only possible by moving the so-called Variant 2 Spectre mitigations from the patch, leaving it protecting only against Variant 1 Spectre and Variant 3 Meltdown. That will be delivered by a BIOS update.

Clearly, it's not been a great month for Intel. Though Spectre and Meltdown don't affect the processor manufacturer uniquely, it seems to be having some of the most high-profile issues getting systems both patched and stably-so in the aftermath of the security flaws' announcement.

"I apologize for any disruption this change in guidance may cause," Navin Shenoy, executive VP at Intel and general manager of the company's Data Center Group, said today of the updated advice. "The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues."

As for when the modified BIOS patch will be released, that will depend on the OEM responsible for manufacturing your computer or server.

MORE Intel Microcode revision list [pdf link]