During his CES keynote on Monday, Intel CEO Brian Krzanich said that updates for Meltdown and Spectre for more than 90 percent of the company’s processors introduced in the past five years will be released by the end of the week, and the by the end of January.

trouble meltdown spectre security patches  - intel ceo keynote ces2018 - Troubles with Meltdown and Spectre security patches

“We believe the performance impact of these updates is highly workload-dependent. As a result, we expect some workloads may have a larger impact than others, so we will continue working with the industry to minimize the impact on those workloads over time,” he noted.

“As of now, we have not received any information that these exploits have been used to obtain customer . And we are working tirelessly on these issues to ensure it stays that way. The best thing you can do to make sure your remains safe is to apply any updates from your operating system vendor and system manufacturer as soon as they become available.”

On the same day, via an internal memo, he also told employees that Intel will gain a new internal group.

According to OregonLive, who got their hands on the memo, the Intel Product Assurance and Security group will be run by Intel human resources chief Leslie Culbertson. She will be joined by Josh Walden, the current head of Intel’s new technology group, and Steve Smith, Intel VP and general manager of its data center engineering group.

Krzanich continued to stress that the Meltdown and vulnerability were not just an Intel issue, but affected the whole chip-making industry. Nevertheless, the company has been hit with class-action lawsuits over the processor vulnerabilities in several US states.

Problems with patch implementation

Apple issued patched for Meltdown last week, and then on Monday it pushed out Spectre-mitigation via security updates for iOS 11, macOS High Sierra, Sierra, and OS X El Capitan (the contain security improvements to Safari and WebKit). For now, they seem stable.

Microsoft users, on the other hand, encountered some problems with the implementation of patches: namely, those who have incompatible antivirus software have not been offered the security update.

“The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot,” the company explained.

“To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, , to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January Windows operating system security update.”

In order to receive the update, their AV must set up a specific registry :

OPIS  - reg key microsoft - Troubles with Meltdown and Spectre security patches

will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the key or they do it themselves.

Vulnerability manager Kevin Beaumont has compiled and keeps updating a list of compatible AV solutions.

“For information about how to edit the registry, view the ‘Changing keys and values’ help topic in Registry Editor (Regedit.exe) or view the ‘Add and delete information in the registry’ and ‘Edit registry data’ help topics in Regedt32.exe,” Microsoft instructed, but also advised users to be careful when editing the registry.

Whether these and other security updates result in the slowdown of your computers and devices will depend on the machines and what you use them for. The Register has compiled a helpful overview of the consequences experienced by some services and users who implemented the Meltdown patches, but it will take some time to gauge the effect of Spectre patches.

Source link


Please enter your comment!
Please enter your name here