While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on its progress for distributing Meltdown-Spectre microcode updates.
Intel announced that it stopped production of patches for the following processor families:
- Bloomfield/Bloomfield Xeon (i.e. Core Extreme Edition i7-975, Xeon W3520)
- Clarksfield (i.e. Core Extreme i7-920XM)
- Gulftown (i.e. Core i7-970, Xeon W3690)
- Harpertown Xeon (i.e. Xeon L5408, Xeon X5450)
- Jasper Forest (i.e. Celeron P1053)
- Penryn (i.e. Core 2 Extreme X9000, Core 2 Quad, Core 2 Duo)
- SoFIA 3GR (i.e. Atom x3-C3200RK)
- Wolfdale/Wolfdale Xeon (i.e. Core 2 Duo E7200, Pentium E5200)
- Yorkfield/Yorkfield Xeon (i.e. Core 2 Extreme, QX9650, Xeon E3110, Xeon X5260)
In total, there are over 200 individual processor SKUs from the above production families [full list here] that won't be receiving updates because of Intel's decision to stop development. As for Intel's reasoning for abandoning these processors, it states the following:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
- Limited Commercially Available System Software support
- Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
Given that most of these chips are over a decade old, it's not exactly the end of the world that they won't be receiving microcode updates. And Intel's second bullet point with regards to limited commercial software support roughly translates into "We can't convince major motherboard manufacturers, system OEMs, and software companies like Microsoft to help us distribute microcode updates for decade-old products". Can’t say that we disagree with that assessment…