Intel reports that it has developed a stable microcode update to address the Spectre flaw for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.
Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.
In initial disclosures about critical security flaws discovered in its processors, Intel Corp. notified a small group of customers, including Chinese technology companies, but left out the U.S. government, according to people familiar with the matter and some of the companies involved.
Intel CEO Brian Krzanich opened his fourth-quarter earnings call with comments on the newly discovered Spectre and Meltdown security flaws in nearly all of Intel’s processors.
He said that the company was working “around the clock with our customers and partners” to address the flaws, and he was “acutely aware that we have more to do” beyond issuing software fixes to deal with the problems.
Intel is now advising its customers and partners to halt the installation of patches for its Broadwell and Haswell microprocessor systems in the wake of recent reports of reboot problems.
Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, today said in a post that Intel soon will be issuing a fix for the patch. In the meantime, he says customers should refrain from applying the problematic patches.
2018 greeted CIOs around the planet in quite rude fashion, following the revelation of two 20-year-old undiscovered security flaws in the chips that run their clouds and data centers last week. The patches required to fix the flaws haven’t affected everyone equally, but customers who now find themselves with workloads that run 10 percent to 20 percent slower than they did a month ago can’t be pleased.
Someone is going to have to pay for this.
Intel Corp on Thursday said that recently-issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.
In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue.
In an open letter released on Thursday, Intel chief Brian Krzanich outlined the company's response to the Meltdown and Spectre vulnerabilities while reassuring customers that his company views security as "an ongoing priority."
Seeking to make peace with members of the global technology industry in the wake of one of the most serious security lapses in recent memory, Krzanich wrote that the chip giant has adopted a three-pronged approach to security that includes renewed commitments to transparency and communication.
Intel CEO Brian Krzanich used the opening of his Consumer Electronics Show keynote in Las Vegas on Jan. 8 to publicly comment on the recently disclosed Meltdown and Spectre security vulnerabilities that impact the majority of the world's CPUs.
Jan. 9 was originally intended to be the day that the Meltdown and Spectre CPU flaws were to be publicly disclosed, but media speculation led to a Jan. 3 disclosure of the critical flaws.
Three class action complaints have been filed against Intel over the Meltdown and Spectre CPU security flaws that were discovered by researchers earlier this year and widely publicized earlier this week.