On Tuesday, Intel took to its press room to give a short update on the status of a new Spectre/Meltdown patch for its processors. Just a couple weeks ago, the company asked its OEM partners to halt delivery of its first firmware patch that caused PCs to randomly reboot and bluescreen.
Intel seems to consider that this latest update will both solve the security problems and eliminate additional issues. But, do you trust it?
If you look at other companies, like Microsoft for example, its difficult to patch everything without introducing new problems. Microsoft has a rolling list of issues it introduces each month while attempting to plug security holes and feature bugs.
As other companies know and Intel is just learning: Patching is hard.
In Intel’s Tuesday update, the company seems to also be hedging its bets that it can securely plug the Spectre/Meltdown holes. After the company states that it has sent microcode to OEMs already, it also says this…
…This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!