Intel says its patches will make PCs 'immune' to Meltdown and Spectre exploits

By Dan Thorp-Lancaster
published

Intel now says its patches will make PCs "immune" to the recently disclosed Meltdown and Spectre exploits.

Intel has issued a new statement in response to the rapidly evolving situation around the Meltdown and Spectre processor exploits that security researchers disclosed yesterday. In its statement, Intel says that it is in the process of issuing updates to Intel-based systems that will make them "immune" to both exploits.

From Intel:

Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Further, Intel says that it expects to have patches issued for more than 90 percent of processors introduced in the past five years by the end of next week. This is in addition to patches and updates issued by other companies and manufacturers, including and emergency patch already issued by Microsoft for Windows users.

Intel has been seen as the hardest hit by news of the exploits. Prior to the disclosure from security researchers, reporting suggested that there was a single exploit that only impacted Intel processors. Later, it as revealed that there were actually two related exploits which, between them, impacted most modern processors from Intel, AMD, and ARM, to some extent.

According to information from researchers, Meltdown, which only impacts Intel processors, appears to be the easiest to deal with, with patches in the wild for Linux, Windows, and macOS. Spectre, which applies to Intel, ARM, and AMD processors, appears to be much harder to fix (though, it is harder to exploit), but steps are being taken to mitigate its effects.

For its part, AMD said in a statement to Fortune that its chips are affected, but it believes that there is a "near zero risk to AMD processors at this time."

There's still a fair amount of confusion around Meltdown and Spectre as information continues to come out. That includes questions around a potential performance impact caused by fixes for the exploits, a claim that first apppeared in The Register ahead of the exploits' disclosure and has since been downplayed by Intel. As for Intel's claims that its patches will make its chips "immune" to both Meltdown and Spectre, we'll have to wait and see.

Dan Thorp-Lancaster
Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

12 Comments
  • Will it slow the machines down?
  • That's yet to be seen. Microsoft patch didn't slow down performance much. Intel & MS should collaborate on this issue immediately...
  • It depends completely on what you do. There have been reports of some tools (Postgres, a database tool) running about 30% slower. As soon as that number started floating around I saw a lot of finger  pointing towards Microsoft, claiming that they were slowing machines. Supposedly Postgres is running slower, but I have only seen the benchmarks of that specific tool slowing 30% on Linux. That does not mean that I don't believe it will also slow on Windows, but it is not something specific to Windows. But in the general case most benchmarks have shown a 1% or  2% slowdown which is statistically insignificant and could be attributed to different background processes, etc. But none of what I have seen have claimed that web browsing, watching movies, etc. have had a noticable slowdown.
  • For Windows 10, the most significant reduction was in 4K read performance by 23% after the patch.
  • Microsoft have stated that the only time you will see a significant performance drop is with a heavy workload, so most users won't notice anything different. My Surface Pro 4 performs just as fast as it did before.
  • Thanks for keeping us informed Dan. 👍
  • Immune to Spectre, really now?? Isn;t the recommendation to replace the CPU itself lol as it's in the simplest based on how the processors work (architecture) and therein is the biggest paradox of all... as there aren't any on the market place that have "re-tooled" architecture to prevent the exploit. However from Intel's prospective, this is a PR nightmare for them as they have been hit with a double whammy therefore they are on damage control.
  • Many/most devices do not have replaceable CPUs.  Think laptops and tablets.  Besides, it would not be a free replacement anyway.   Patching the OS will be just fine for everyone except gaming geeks.   These things are always way overblown in the initial reports.  The first reports of the “Krack” WiFi  thing had all kinds of absurd claims, like “every WiFi router in use needs to be replaced”.  It was The End Of The World for WiFi. Uh huh, sure.   All that was needed was OSes patched and router firmware updated.   You never hear about it now.   All fixed.   The same will happen with this.   It will be fixed, without a 30% performance hit for 99.99% of use cases.
  • @naddy6969. You are conflating both the Melt Down and Spectre flaw, the Melt down patch on intel processors has a performance hit of circa 30% and is deemed workload dependent. At present this all PR control, can you imagine the backlash if it was maintained that CPU's would have to be replaced? The spectre flaw is an architectural flaw and it was deemed it cannot be properly addressed without "retooling" the entire processor architecture therefore impacting intel (twice), AMD and ARM based SOCs / CPUs. Therefore to mitigate the issue completely in current devices you would have to replace the CPU or SOC, I am more than aware that is impractical for many current devices. If you want to more detail see here: http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html Here is an extract: "AMD claims that is has zero vulnerability to Variant 3 (Meltdown), stating that the patches that are currently being issued for Meltdown do not apply to its processors due to "architectural differences." This is excellent news for AMD, as it therefore has no exposure to the current round of potentially performance-sapping patches. That bodes very well for the company as it reenters the data center with a competitive line of EPYC processors. The Ryzen desktop processors are also not susceptible to Meltdown. Linus Torvalds has also granted AMD an exemption to the performance penalties incurred by the Linux patch for Meltdown. AMD is vulnerable to Variant 1, which is a Spectre exploit. As noted above, many contend that Spectre is not likely to see an effective patch any time soon, and some researchers claim the vulnerability exists in every modern processor architecture in existence. They also claim that fixing the issues could require a redesign of fundamental processor architectures. AMD said it has a patch that can mitigate Variant 1 with minimal performance impact and further stated that it has a "near zero risk of exploitation" from Variant 2, which is also a Spectre exploit." Source link: https://www.kb.cert.org/vuls/id/584653 Note: the source link has been revised, initially it stated that to fully remove the flaw, the CPU would have to be replaced. Screen capture of initial findings (not my twitter handle): https://twitter.com/reason42/status/948912244418637824 Although this is more of an opinion piece, it's linked as an additional level of fact checking: https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/ Relevant extract: " CERT in its January 3 vulnerability note for one of the two Spectre CVEs said the solution is replace CPU hardware, noting, "Underlying vulnerability is caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware." That passage was deleted from a subsequent revision of the vulnerability notification. " They may be overblown in initial reports but I would rather trust initial assessment made by the people who found the flaw, as more than often than not the first reaction is always the correct one.
  • Unless you replace the processor with one that is pre-1995 then your processor will still be vulnerable so, replacing your CPU is not really an option.
  • Immune to the currently known Spectre exploits. Because the underlying vulnerability is a hardware problem, every new exploit will require a new patch.
  • My biggest concern with this is mobile devices. Apple has already admitted hat all Pads and iPhones are vulnerable. ANyone know about W10M/8.1M