Intel announced that it started issuing updates to about 90% of its personal computer and server CPUs from the past five years or newer, through the makers of those devices. The updates include patches for the recently discovered Meltdown and Spectre CPU flaws.
Meltdown And Spectre
Google Project Zero security researchers recently announced that all of the world’s CPUs have two major vulnerabilities in them, which they named Meltdown and Spectre. The Meltdown name comes from the bug essentially “melting” the security barriers that were supposed to be enforced by hardware. Spectre comes from the root cause of the flaw, which is speculative execution. The former only affects Intel, while the later affects all CPU makers, including Intel, AMD, and ARM.
Patches Against Meltdown And Spectre
Intel announced that it has already started issuing updates to five-year-old CPUs or newer, which should include the Ivy Bridge generation, which came out in 2012, and later. However, we know from the researchers who discovered Meltdown that the bug affects Intel CPUs at least as old as 2011, and potentially all the CPUs Intel has built since 1995, with a few exceptions.
This could mean that a significant portion of the Intel CPUs out there will be left vulnerable to attacks, as most people refresh their computers after five years.
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
The Google researchers also said that Spectre affects virtually all CPUs, including those from Intel, AMD, and ARM.
Intel added that the patches should reach 90% of the Intel CPUs from the past five years by the end of the week. The company also noted that cloud providers, operating system vendors, and device manufacturers have already updated their products and services. The company didn’t mention which Windows versions will receive the patch, but we have to presume it’s at least Windows 7 and later.
Intel also acknowledged that the patch will slow down its chips in some instances, but the slowdown will be workload-dependent. Regular consumers shouldn’t be impacted by the bug fixes too much, presumably, unless they run virtual machines or other I/O-intensive tasks on their computers. However, Intel also mentioned that the performance penalty on some workloads will be reduced over time.