Intel security flaw patch has its own issues
SAN FRANCISCO – Intel is halting some patches to the broad chip flaws it discovered this month after evidence that fixes resulted in problems with the computer systems.
It’s the latest stumble after researchers discovered a design flaw that affects hundreds of millions of PCs, Macs and smartphones and comes ahead of Intel’s earnings report.
The patches “may introduce higherthan-expected reboots and other unpredictable system behavior,” Navin Shenoy, general manager for Intel’s data center group, wrote in a blog post Monday.
Intel and other tech companies have been scrambling since Jan. 3, when researchers disclosed a design flaw in chips made by Intel and others that could allow an attacker to view hidden information such as passwords.
Dubbed Spectre and Meltdown, the two flaws potentially affected most chips used in computers going back as far as 20 years.
The good news for consumers is that making use of the flaw requires physical access to their computer, so it’s not much of an issue for most people. But for large companies and cloud providers whose CPU chips are accessed by multiple systems or users, it is a problem.
While there’s no short-term fix for now, Mark Hung, an Intel analyst with technology research firm Gartner, says eventually there will be one.
“Unfortunately, if they’re going to have a secure patch it’s definitely going to affect speed, there’s just no two ways about it,” he said.
Long term, it might be a benefit for Intel simply because once it has new chips that don’t contain the flaw on the market, it could see a bump in sales as companies scramble to replace their work. On the other hand, “at that point it may be part of the natural replacement cycle,” so sales won’t rise as much as they might have, Hung said.
More than a third of organizations that had begun patching the flaw experienced at least one issue, according to a survey by Spiceworks, a Texasbased company that makes software that allows businesses to catalog the software they have installed.
Issues included system slowdowns and performance degradation, systems freezing, problems booting up, system crashes and in 15% of cases, the “blue screens of death” on PCs, Spiceworks reported.
Organizations that installed the patches noticed a 12% slowdown, on average, of their devices, Spiceworks found. The work is also time- and money-intensive. Spiceworks found that 29% of companies with more than 1,000 employees expected to spend more than 80 hours dealing with the flaws, 18% said they expected to spend more than $50,000, and 15% said more than 20 people would be involved in the fixes.
The news comes as Intel gets ready to report its fourth quarter earnings Thursday. Questions about the vulnerabilities and the trouble they’re causing are expected to dominate discussion of the company’s earnings and outlook. However, Wall Street still had strong expectations for the company, anticipating solid increases in its datacenter revenue in the fourth quarter.