Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Intel Gives Up Against Spectre

Apr 4, 2018 12:14PM PDT
Intel: We now won't ever patch Spectre variant 2 flaw in these chips
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
By Liam Tung | April 4, 2018 -- 10:49 GMT


" Intel is dropping plans to patch certain CPU families affected by the Meltdown and Spectre bugs, because it's impractical or they're not widely supported.

The chipmaker has spent the past few months releasing and re-releasing microcode updates to fix the Spectre variant 2 flaw. But while it's rolled out updates for all processors launched in the past five years, it has now revealed some older CPUs won't be patched at all.

Intel's latest Microcode Revision Guidance, dated April 2, applies a new 'stopped' status to several CPU product families for which it had been developing microcode updates. The product families include chips from Intel's Core, Celeron, Pentium, and Xeon-branded CPUs."
(more in article)

I'd like to remind everyone that Meltdown doesn't affect AMD cpu's and Linux has a fix against Spectre variants called "Retpoline" now built into it's latest distros and kernels, and Ubuntu has even backported it to an earlier version 14.


Security
Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed And won’t fix Meltdown nor Spectre for 10 product families covering 230-plus CPUs


In spite of the double speak and talk around the actual "why" for this, it comes to one simple fact. THEY CAN'T FIX IT, at least on the older processors. That simple.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

Discussion is locked

- Collapse -
I wonder
Apr 4, 2018 10:11PM PDT

How many users are even aware of this flaw.

How many users know to visit the mobo maker's site and update their bios.

I suspect it's not many.

- Collapse -
In less than a year though..
Apr 9, 2018 3:16PM PDT

...I expect it to become a significant problem for them. Now that the knowledge such an exploit can be accomplished, it's only a matter of time till someone, or a number of trouble makers, taking advantage of it.

- Collapse -
True
Apr 9, 2018 5:08PM PDT

Many or even most users know how to turn the machine on/off and point and click.

They don't have install media or backups or keep the machine patched.

If that's the way they want to run the machine that's their business.

I don't have much sympathy for them when they get whacked.