back to article If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

For the second time of asking, Intel has issued microcode updates to computer makers that it prays says will mitigate the Spectre variant two design flaw impacting generations of x86 CPUs spewed out over previous decades. Yep, old Chipzilla has turned up at the scene of the metaphorical IT industry earthquake with a dustpan …

  1. Anonymous Coward
    Anonymous Coward

    Accountability is only for the poors. Pay a week's worth of profit at most and move on with a sore wrist.

    1. sisk

      I would imagine that the damages are going to be pretty hefty even by Intel's standards given the fact that pretty much every organization in the world and everyone except for Luddites and a few older AMD fanboys fit into at least some of the classes in the class action lawsuits levied at Intel. This is not going to be a week's worth of profit. If the courts do their job properly then Intel is in for a rough few years.

      I don't think the damages will be enough to drag them under. Nor would I want that. If nothing else the sudden dissolution of Intel would leave the type of power vacuum that can destabilize entire industries. But you can bet that the damages will be enough to actually hurt.

      1. Nate Amsden

        I don't expect the damages to be much, for flaws that took over a decade to discover(widely at least maybe 3 letter agencies were using it long before), I don't fault Intel, or AMD or the others for these things(yes I know Meltdown seems to be specific to Intel). Even more on Spectre since it affects many different CPU brands.

        In a world where we constantly see root exploits and other security issues that are far worse than just being able to read random bits of memory(yes those root exploits often get fixed but there are always new ones being discovered), I don't see a reason to have a knee jerk reaction.

        But hey, it gives people reason to write more articles and get more ad impressions.

        1. Jim Mitchell

          What grounds are the lawsuits alleging? On the Spectre issues are, the processor is working as the Architecture says it does. Hard to claim damages there. Meltdown is different.

        2. Anonymous Coward
          Anonymous Coward

          Nate wrote: I don't see a reason to have a knee jerk reaction.

          You may not, but Intel's CEO apparently did, selling all the Intel shares he was allowed to, after the news hit the fan internally but before outsiders were informed. Widely reported at the start of 2018, but transactions took place (and were initially reported) in 2017:

          1. Nate Amsden

            Re: Nate wrote: I don't see a reason to have a knee jerk reaction.

            I remember reading about that, though I still think that is more likely a coincidence than anything. The CEO would have to be pretty stupid to do something like that. I expect that behavior from penny stock type companies.

            Also looking at the stock price over the past year the stock really hasn't moved much since early November, down less than $1 from November 2. The stock hit a new 52-week high in late January (maybe earnings? I don't follow stocks) before going back down again.

            So this thing really hasn't done anything to Intel's stock price, showing there wasn't much incentive to sell based on that news.

        3. jasonbrown1965

          Haul out the Gestetners!

          "But hey, it gives people reason to write more articles and get more ad impressions."

          Such worldly cynicism! You may be right of course.

          Those dastardly fear-mongers at the Reg should probably wait until everyone's chips are smoking puddles of silicon goo before hauling out the Olivettis and Gestetnering a few million pages of (literally) purple prose.

          Or, even better, step away completely from a watchdog profession with one of the worst ROIs on the planet, and even worse profit prospects, and leave y'all to the tender mercies of our new global robber digi-barons, and their 'hyper efficient and extremely productive' minions.

  2. Ugotta B. Kiddingme

    Thanks Paul

    for the Sean Lock reference. That was rather amusing. Definitely must look up more of his Stand Up bits.

  3. Anonymous Coward
    Anonymous Coward

    New intel chip

    Haskell CPU, never heard of it, perhaps that should have read 'Taskhell' for 1150 socket mobos and others..

    All's well that ends well eh!

    1. Anonymous Coward
      Anonymous Coward

      Re: New intel chip

      I, for one, would buy a Haskell CPU. Though I do think the lazy evaluation idea is a bit over the top.

  4. The Alphabet

    I've already seen a windows update reboot itself into forcing a BIOS update this week. That's going to go well when half the office uses Windows 10 laptops.

    1. DCdave

      BIOS update

      "I've already seen a windows update reboot itself into forcing a BIOS update this week."

      A BIOS update, in a Microsoft update? Some misunderstanding, I think.

      1. Bodge99

        Re: BIOS update

        Not the first time this has happened... A while ago, a few Bay Trail tablets were borked by a firmware update performed by a windows update. In this particular case, the hardware ID pulled from the firmware was incorrect. i.e. a poorly modified firmware derived from a "parent" firmware..

      2. This post has been deleted by its author

  5. lham

    Hang on, Section 5.4 Recompilation

    Reading through the whitepaper on Retpoline linked by the article, in section 5.4, it says that this mitigation requires that all code in a program or OS kernel is compiled with a retpoline-enabled compiler. From what I can tell, this was added to the latest version of gcc back in January, and I assume the Intel compiler around the same time. So, to take advantage of this mitigation, you need to rebuild all your code with the latest compiler available, otherwise ".. retpoline is not a practical mitigation for environments where full recompilation itself is not practical. Other mitigations may be appropriate in those environments."

  6. martinusher Silver badge

    Its not just the chip

    You may have noticed that companies like Cisco regard these bugs as unimportant. The chip architecture might have a vulnerability but its really not the architecture but rather the combination of the architecture and the software we run on it that causes the problem. Intel could quite rightly argue that the problem is really software vendors making assumptions about the relative security of memory areas that is the real problem.

    But then, who cares about architectural subtlety when there's money to be made? (Personally, I'd just ramp down all these attempts to make inefficient software go fast and just give everyone 80186 chips to run their Javascript on.....Enjoy, folks!)

    1. This post has been deleted by its author

    2. Richard 12 Silver badge

      Re: Its not just the chip

      If there's a way for an attacker to run code capable of exploiting Spectre on a Cisco device, the attacker has already won and doesn't need to bother with Spectre.

      That's why they aren't worried.

      These vulnerabilities are privilege escalation - a process can get hold of data it is not supposed to have.

      If the arch is intended to be that no untrusted process can run at all, then the chances are that an attacker getting their code to run is already Game Over.

      1. Nate Amsden

        Re: Its not just the chip

        side note - you know Cisco has a pretty big server business right ? (but yes I get your statement regarding most of their locked down network gear).

  7. Anonymous Coward

    So do you Spectre me to Talk?

    No Mr Bond, I expect you to [redesign your silicone] die!

    /Dad jokes.

    1. Sorry that handle is already taken. Silver badge

      Re: So do you Spectre me to Talk?



      1. Alister

        Re: So do you Spectre me to Talk?



        1. Anonymous Coward
          Anonymous Coward


          You must be new here ;)

      2. John Brown (no body) Silver badge

        Re: So do you Spectre me to Talk?



        Some of the Bond girls may disagree!

  8. Anonymous Coward
    Anonymous Coward mention of the performance hit

    20% - 30% depending on application?

    1. Anonymous Coward
      Anonymous Coward

      Re: mention of the performance hit

      That is meltdown spectre is far less severe, it terms of performance hit and ease of exploit

  9. Bill2357

    Intel's "patches" doesn't matter to most.

    Because Dell Asus etc won't make new "BIOS" updates for most products they make. Most Only update the BIOS for computers build in last 1 to 3 years. Maybe ~5 years for Business types like Dell Latitude. Many "White Box" MoBo's from Asus et al are same thing but many "old" MoBo's are still in stock at Newegg months to years after makers mostly stopped supporting them. IOW You bought a MoBo 2 years ago but the Manufacturer sees many MoBo as 4-5 years old.

    So Don't hold your breath thinking you will get this patch later.

    Even then Most Dell etc owners never upgraded the BIOS. Not even most Enterprise owner like NHS, Big Banks, etc.

    1. Richard 12 Silver badge

      Re: Intel's "patches" doesn't matter to most.

      Dell will, because of the support they sell.

      If a business has a support agreement with Dell and Dell refuse to provide the patches, that business will sue.

      Dell will make it public on their website as well, because it'd cost them a fortune to send a repair tech to every single business machine.

      Same goes for the other brands that sell support contracts.

      Any that don't... Well, good luck.

  10. John Smith 19 Gold badge

    The real question is why didn't Intel find this bug in development.


    Because it's development process is s**t?

    Does anyone doubt there will be more of these?

    1. phuzz Silver badge

      Re: The real question is why didn't Intel find this bug in development.

      Intel's development process must be as shit as AMD and ARM then, because both of those companies have equal problems with Spectre.

      Perhaps designing CPUs is hard?

      1. James Hughes 1

        Re: The real question is why didn't Intel find this bug in development.

        It's not that the development process is shit, it is indeed that CPU development is very hard indeed.

        Combine that with some very clever people who can figure out utterly obscure exploits such as these, and this sort of thing can happen.

        As someone above said, it's taken about 10 years to figure out this exploit. If Intel/ARM/AMD had spent an extra 10 years figuring it out before releasing the chips, well, nobody would be in business.

  11. Neill Mitchell


    Yes, let's patch the brand new processors first and leave the older, much more abundant ones until last.

    Great priority call.

    1. Anonymous Coward
      Anonymous Coward

      Re: Timetable

      $$$$ always, always

  12. TrumpSlurp the Troll

    I'd give that a few minutes if I were you

    Wait for the, er, dust to settle first.

  13. Anonymous Coward

    All's well that end's well

    Flashed the BIOS on my HP Elitebook today, seems fine.

    1. jasonbrown1965

      Re: All's well that end's well

      Did the same on an Acer, also fine.

      Yes, it's a cheap piece of junk, any objectors may sue my non-profit ass.

  14. Anonymous Coward
    Anonymous Coward

    Still waiting

    For the BIOS/uEFI/microcode patch on my dinosauroid Sony SVF142C (Sandy Bridge) WEEE bin-fished laptop.

    8GB RAM, 2C4T CPU, (or should that be 2g1c? as it sounds a bit like "scat"), 1TB recycled HDD, 10 :-(

    It passed the self-tests I threw at it so what the heck. SPECTRE fail.

    I named this beast "Alice" because it seems to exhibit quantum-like effects such as random BSODs when plugging in certain wonky USB devices, flaky touchpad which randomly resizes webpages and inexplicable power drain issues that I just can't explain.

    "Bob" aka the Tosh laptop was also working but he is currently cooling his cement overshoes in BOFH Hell waiting for parts.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like