Upon announcements of Meltdown and Spectre vulnerabilities, people have rushed to take advantage of released patches for these two flaws. A brief reminder: Meltdown and Spectre vulnerabilities were detected in mostly all modern CPU’s. If exploited, flaws could give hackers the opportunities to steal digital data, stored in a vulnerable device. While these problems were labeled as high-risk, researchers indicated that fixing them might have some unwanted side-effects.
Intel’s patches for Meltdown and Spectre flaws cause reboot issues
Soon enough, companies started releasing the necessary patches. However, an anticipated outcome awaited: updates caused reboot issues on systems, running the Broadwell and Haswell microprocessors. Therefore, owners of computers, containing these microprocessors, should not install patches for the Meltdown and Spectre vulnerabilities until further notice. In addition to triggering issues during reboot, updates could also cause other disturbing side-effects.
Problems with Intel’s updates, fixing Meltdown and Spectre vulnerabilities, were noticed several weeks back. The company worked hard to diagnose the issue and to fix it, but it was easier said that done. In addition to having the obligation to fix these essential patches, Intel also received some harsh criticism from other companies like Linux. However, the situation appears to have calmed down a bit as Intel co-operates with a number of other companies to fix its patches.
Dell EMC is one of the manufacturers that took the advise of Intel. Currently, Dell EMC no longer offers its firmware BIOS update in its support page. Instead, people who have updated their computers are advised to return to previous BIOS version.
Bug-free patches take time
While waiting for a permanent fix does not seem too bad, it is frightening that computer owners are left vulnerable to the hackers attacks, attempting to exploit Spectre and Meltdown vulnerabilities.
However, this is not the first time when fixing the latter flaws comes with a price. Just recently, Microsoft experienced a similar situation when their patches prevented AMD systems from booting.
Besides reboot issues, patches have also been noticed to cause slowdowns, automatic restarts, or even blue screens of death. Researchers explain that fixing Meltdown vulnerability is less complex that finding a solution for Spectre. David Kennedy from TrustedSec stated that he and his colleges had never encountered such an expansive bug. Researchers elaborated that many influential companies are confused and unsure about how they should proceed.
While fixing Meltdown and Spectre vulnerabilities is definitely a priority, it might be that patches need some testing before being released to the public. People might have been mislead by the quick releases of fixes and hoped that side-effects would only be theoretical. However, as it has been reported, creating a permanent and somewhat bug-free patch takes time and research.
Source: zdnet.com.
