Earlier today we reported on a memory leak flaw in Intel Processors which puts the systems of certain Windows users at risk. Though Intel was quick to dismiss the reports, saying the bug is not exclusive to Intel chips but also impacted AMD, things have since escalated very quickly. Indeed, The Verge has learned Microsoft is set to issue an emergency Windows Update to address the latest Intel processor security concerns. Google has also disclosed the full details on these processor flaws today, confirming that AMD and ARM processors are also affected.
According to the report, the update is a "rare out of brand" security update and will be issued for all supported versions of Windows. The security update is set to automatically roll out to all Windows 10 desktops today at 5 PM ET, though we're not seeing it on any of our systems just yet. It's also set to become available on other Windows 7 and Windows 8 systems, though it will not appear automatically on these systems until Tuesday, January 16.
UPDATE: The emergency Windows Update is now rolling out. Check out our dedicated post here.
This update mainly relies on kernel fixes, and it may be required for anti-virus programs to be updated in order to work properly once this update is installed. In its previously released statement, Intel dismissed claims that fixes would slow down computers using impacted chipsets, adding that slowdowns from any security updates may be “workload-dependent.” Their full statement on this issue can be seen below:
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
With basically all modern Intel processors being impacted by this flaw, this is definitely a PR nightmare for Intel, and it's still unclear how the emergency Windows updates will affect performance on PCs with Intel chips. Even if the founder said today that these patches won't slow down systems, this is likely to impact consumer's trust in the company's premium chips moving into the rest of 2018.