Intel has found itself on the wrong side of a security vulnerability and the company can’t seem to figure out how to properly get out of this hole beside continuing to dig down. After the company released vague and understated statements regarding the impact of these vulnerabilities, the company has now released a microcode update that is causing more issues than it fixes.
Microsoft has released an out-of-band Windows update that disables Intel’s fix. Why is Microsoft doing this? Intel’s update that was intended to make your device more secure is resulting in unexpected reboots and more alarming, data loss or corruption.
While Intel is testing and updating their code, Microsoft has released an update, KB4078130, that disables the mitigation against CVE-2017-5715 – “Branch target injection vulnerability”. Microsoft says that this update will prevent the reboots and data corruption and it covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10.
Microsoft has found itself in the middle of a security disaster and is being forced to work-over Intel’s sloppiness. Intel, which has been slow to release relevant information like the performance impact of patching your system, has continued to trip over its own feet while putting Microsoft in the middle of a problem that it cannot effectively handle on its own.
For the end user, if their computer randomly reboots or their data is lost because of the Intel patch, who are they going to blame? We all know the answer here is Microsoft when in reality, it’s Intel’s fault but to the average user, Microsoft will always be the culprit.
As of January 25th, there have been no known reports of these vulnerabilities being used to attack users but that doesn’t mean that this will be the case going forward. The clock is ticking for Intel to figure out an effective way to patch their vulnerability before attacks using this vulnerability become weaponized and used against companies and governments.