This site may earn affiliate commissions from the links on this page. Terms of use.

SpectreMeltdownFeature

When Spectre and Meltdown hit but after New Years, it kicked off a flurry of responses from companies like Intel, AMD, ARM, and Microsoft. Patching the flaws, which exploit flaws in co-operative prediction and speculative execution, has taken several months, with some high-profile failures: Intel had to yank Spectre patches for certain older systems after it became articulate they were causing frequent reboots. Fixes resumed rolling out some weeks after, with plans to patch chips as far dorsum as 2007. Those plans accept now been canceled.

Previously, nosotros expected Intel would patch Bloomfield (45nm, Core i7), Clarksfield (45nm mobile Core i7), Jasper Forest (45nm Xeon), Penryn (45nm mobile Cadre 2 Duo), Yorkfield (45nm Core 2 Quad), and Wolfdale (45nm desktop Cadre 2 Duo). Intel's SoFIA line of processors, some of which are still sold today, was as well set to be updated besides. None of those updates, however, are going to happen.

According to Tom's Hardware, Intel's reasoning was as follows:

After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has adamant to not release microcode updates for these products for one or more reasons including, only not limited to the following:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
  • Limited Commercially Available Organization Software support
  • Based on client inputs, well-nigh of these products are implemented as "airtight systems" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

THG suggests that the second reason is probably the nigh of import and nosotros'd agree. "Limited commercially available system software support" likely translates into "Nosotros couldn't convince our motherboard partners (or peradventure Microsoft) to distribute updates for us."

Microcode-Update

The Jasper Woods update shown here is now canceled.

It'due south not clear how much of a security hazard this practically represents. On the one manus, chips from 10-11 years ago aren't all that likely to be in common use. On the other, the media PC downstairs is still using a Core i7-920. I've got family members, plural, with hardware still in daily use that's this old. Information technology's not hard to see why. With the minimum requirements for Windows having barely budged in the past decade, there's no reason a rig from 2008 can't still be humming along.

Information technology'd be really useful to know how much of this shift was considering the exploits can't really be triggered, versus how much of it is the result of Intel non wanting to pony up the cash to persuade motherboard vendors and/or Microsoft to piece of work with it on patching upwards older systems. If the CPUs are practically difficult to touch on, than non pushing updates is no big deal. If they are, and then Intel is potentially leaving millions of systems worldwide unprotected.

Either mode, information technology may be a practiced time to beginning considering an upgrade.