Patch for Spectre, Meltdown causing problems in older chips

Intel said Thursday its patches for vulnerable processors are causing some computers using its older chips to reboot more often.

It’s the latest buggy update since the Spectre and Meltdown revelations, two flaws affecting computer processors, were revealed last week.

Intel may need to issue another update to fix the problem, Navin Shenoy, manager of its data center group, said.

Virtually all computer and mobile chips were affected by the Spectre flaw, and software makers, device manufacturers, and chipmakers themselves are working to secure consumers.

But fixes are not happening smoothly. Microsoft’s fixes initially didn’t work with some third-party software, and the Wall Street Journal reported on Thursday Intel asked some of its cloud customers to hold off on installing patches.

Microsoft said this week security patches will slow down most computers, though it varies based on the age of a computer and its operating system. Intel CEO Brian Krzanich said at a conference on Monday that the effect on performance depends a great deal on the work the processors are being asked to do.

According to Jake Williams, founder of Rendition InfoSec, businesses will suffer the most as a result of these chip flaws. Williams says people will be dealing with these vulnerabilities for years to come.

“I expect that as a pen tester and hacker that we’ll still see and be able to exploit this a decade from now in a lot of environments,” he told CNN Tech.

Pen testers are paid to legally attack computer systems to look for flaws.

Part of the issue lies in technical debt accumulated by large organizations. Many firms have old, outdated machines and software that need to be fixed, but they often don’t get updated in a timely manner.

For recent chip flaws, once the patches are applied, developers have to rewrite code to support the patch.

In the most basic terms, Williams explained, vulnerable processors are like an old, broken bridge. Intel’s patch effectively builds a new bridge right next to the broken one, but developers still have to tell the cars to cross the new bridge instead of the old one.

Compounding future issues is that it’s also likely these two major processor flaws are not the only ones security researchers will discover.

The authors of a technical paper that identified the Spectre vulnerability, say more work will be required to examine the security of processors because the very design of computer building blocks may be insecure, and there are likely vulnerabilities they didn’t find.

As operating systems continue to become more locked down, researchers will spend time looking at the nuts and bolts of computers to find vulnerabilities, rather than holes in software like Windows or macOS.

Williams expects security experts to double down on this field of research. Despite these flaws existing for over two decades, researchers independently discovered them at the same time.

“Now that there’s all this blood in the water, I expect more researchers to look at these microprocessor vulnerabilities,” Williams said.