Microsoft issues emergency Windows update to disable Intel's shoddy Spectre variant 2 mitigation
The computer industry is in utter chaos right now. Despite a slight increase in PC sales for Q4 2018, the market is still extremely unhealthy. Not to mention, pretty much all existing hardware is fundamentally flawed thanks to both Spectre and Meltdown vulnerabilities. At least major companies such as Intel, AMD, and Microsoft are working together to mitigate these risks, right? Wrong. These patches have proven to be problematic -- for instance, some AMD computers were rendered unbootable. Ugh, what a failure.
To make matters even worse, Intel's Spectre variant 2 mitigation is causing instability (random reboots) on some Windows computers. Microsoft has apparently had enough of Intel's shoddy patches, and as a result, it has issued an emergency update to disable the Spectre variant 2 mitigation on Windows 7, Windows 8.1, and Windows 10.
"Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) -- specifically Intel noted that this microcode can cause 'higher than expected reboots and other unpredictable system behavior' and then noted that situations like this may result in 'data loss or corruption.' Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22nd Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions," says Microsoft.
The Windows-maker further says, "While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 -- 'Branch target injection vulnerability.' In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 -- 'Branch target injection vulnerability'."
I know what you are thinking -- doesn't disabling this mitigation make the computer less secure? The answer to that is yes. Absolutely. With that said, people need their computers to perform reliably -- especially in business. A computer that is continually rebooting at random is an exercise in frustration. Not to mention, there are no known Spectre exploits in the wild anyway -- any risk is arguably quite low.