Microsoft has been forced to issue a second out-of-band security update this month to address issues related to Intel Specter firmware updates. Intel warned last week that its own security updates have had errors, which caused some systems to restart spontaneously. Intel then buried a warning in its latest financial results that its flaws in firmware updates could lead to "data loss or corruption."
Intel has been advising PC manufacturers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1 and Windows 10 to disable protection against the Specter 2 variant. Microsoft says that its own tests have found that this update prevents them from restarting. . .
Microsoft has issued the update as part of its Windows update catalog, which means you'll have to download it manually for now. It's worth applying to systems that are experiencing problems from defective Intel firmware updates. Microsoft is also releasing a new registry key configuration for affected devices, allowing IT administrators to manually disable or enable the protections of the Specter variant 2.
Intel says it has identified the problems behind the unexpected reboots in the Broadwell and Haswell processors and is working to launch an update that fixes the exploits without causing random reboots and data loss. The Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake processors are also affected, and Intel says it is also "actively working on the development of solutions" for those platforms.
It is clear that the patch for the Specter variant 2 has been a disaster, driven by the speed with which software updates must be built and distributed. Buggy firmware updates, problems on some AMD machines and the two Windows emergency updates in a month are strong evidence that these patches were not tested long enough before launch. We hope that the updates currently in development are not "complete and complete".
