Intel Promises Some Meltdown, Spectre Fixes This Year

On a call with investors yesterday (Jan. 25), Intel CEO Brian Krzanich promised that the company would release CPUs with fixes for at least some of the Meltdown and Spectre vulnerabilities disclosed earlier this month. He claimed these will come by the end of the year, but didn't specify which CPUs would feature the fixes, or exactly which vulnerabilities would be patched.

"Our near-term focus is on delivering high-quality mitigations to protect our customers’ infrastructure from these exploits," Krzanich told investors. "We’re working to create silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year."

We don't yet know which chips Krzanich is talking about. Could it be in an upcoming Kaby Lake refresh? Or will it be in the upcoming Coffee Lake? Or is it even in Cannon Lake, the 10nm version of Kaby Lake?

Additionally, there's no information on whether or not Intel will re-release existing CPUs without the Spectre and Meltdown vulnerabilities.

The Meltdown threat may be Intel's top priority, as it tends to affect Intel's CPUs more than those of competitors like AMD and ARM. It's also easier to fix than the Spectre vulnerabilities, which will require chips to undergo a wholesale redesign, and which may not be permanently fixed for at least a few years. 

That raises the question of how seriously changed Intel's upcoming chips will be, and if performance will be affected. Several reports have found substantial slowdowns after applying the existing software and firmware patches.

It's also somewhat of a surprise to see a fix promised so soon. If that's the case, Intel would likely have been needing to be redesigning their chips for awhile. The company was privately alerted to the Spectre and Meltdown flaws in June 2017.

A hardware fix would definitely be the best option for anyone affected. After the existence of the Spectre and Meltdown vulnerabilities was prematurely disclosed by journalists, then confirmed by researchers at Google's Project Zero, Intel and OS vendors started issuing the patches they'd been holding for later. Intel itself gave firmware fixes to PC vendors to distribute to end users, then abruptly this week asked PC vendors to pull those fixes, as they were making some computers constantly reboot.

A new chip that isn't susceptible to Spectre or Meltdown could give consumers confidence about buying new machines, as just about every mainstream CPU released in the last 20 years — and today — is affected by at least one of the vulnerabilities.

In a related story, the French tech site LeMagIT said it had a copy of a secret Intel memo dated Nov. 29, 2017, notifying OEM partners of the Meltdown and Spectre flaws. As LeMagIT noted, Nov. 29 is also the day on which Krzanich sold 266,000 Intel shares.

Windows 10 Security and Networking