Intel won’t patch some of its older processors against Spectre vulnerability
Earlier this week, Intel published an updated microcode revision guidance to provide new details about it plans to patch its processors against the Spectre vulnerability. As spotted by Tom’s Hardware, the company said in the document that it has stopped developing microcode updates for some of its older CPU architectures released over the past 11 years.
The Intel CPU architectures that won’t receive any security patches include Penryn (launched in 2007), Bloomfield (2008), Clarksfield (2009), Jasper Forest (2010), and the “SoFIA” line of Atom processors (2015). Here is how the company explained the decision in the document:
After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
- Limited Commercially Available System Software support
- Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
In an additionnnal statement shared with Tom’s Guide yesterday, Intel reiterated that it won’t release microcode updates for these older platforms because of “limited ecosystem support and customer feedback.” However, the company claims that it has already released security updates for all of its processors released in the last 9+ years (with the exception of the SoFIA Atom chips mentioned above).
As one of the biggest CPU manufacturers worldwide, Intel has a huge responsibility in addressing the Meltdown and Spectre vulnerabilities that took the tech industry by storm earlier this year. It’s obviously quite complicated to distribute security updates for all PCs currently in use, and Microsoft recently gave Intel a hand by making some its firmware update available online. Intel is not completely done dealing with Spectre yet, but the company has already announced that its new Xeon and 8th Gen Core processors will have built-in protections against the Meltdown and Spectre vulnerabilities.Further reading: Intel, Spectre