Microsoft Releases Windows Update To Disable Intel's Flawed Spectre Mitigation
The two most worrisome vulnerabilities in computers to have surfaced in recent months are Spectre and Meltdown, which were first first disclosed earlier this month. These flaws collectively affect processors from Intel, AMD, and ARM. The problem for some people, including Linus Torvalds, was that Intel's initial response was lackluster. After Intel finally got around to giving PC users a fix for the Meltdown and Spectre flaws, the updates caused unexpected rebooting of some machines -- a new bug that Intel eventually confirmed.
Microsoft has decided to step in and help users who are fighting these unexpected reboots with an out-of-phase patch released on Saturday specifically to address the reboot issues with the Intel microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection).
Microsoft points out in its support document about the patch that Intel has noted that this microcode can cause "higher than expected reboots and other unpredictable system behavior." Intel noted that in some situations this reboot could case data loss or corruption. The chipmaker asked that users stop applying the issued fix on January 22.
Microsoft wrote, "While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – 'Branch target injection vulnerability.' In our testing this update has been found to prevent the behavior described."
That "behavior described" Microsoft talks about is the reboot and potential data corruption issues. The update will work on Windows 7 SP1, Windows 8.1, and all versions of Windows 10 for client and server. The update can be downloaded from the Microsoft Update Catalog, while advanced users can manually disable the mitigation causing the issues independently via registry setting changes. There are a pair of Knowledge Base articles that walk users through this manual process here and here.
Microsoft can’t throw rocks at Intel with too much force since its own Spectre and Meltdown patches bricked some AMD PCs, however, Microsoft blamed AMD for that issue. Some PC makers have warned users to not download and apply the updates, including Dell.