Tech —

Meltdown and Spectre: Good news for AMD users, (more) bad news for Intel

Windows patches are fixed, but microcode updates are causing even more trouble.

Core M Broadwell (left) vs. Core M Skylake (right).
Enlarge / Core M Broadwell (left) vs. Core M Skylake (right).
Andrew Cunningham

The good news: Microsoft suspended shipping its Spectre and Meltdown Windows patches to owners of AMD systems after some users found that they left their systems unbootable. Microsoft partially lifted the restriction last week, sending the update to newer AMD systems but still leaving the oldest machines unpatched.

Now the company has an update that works on those systems, too. If you're unfortunate enough to have installed the previous, bad update and now have a system that crashes on startup, you'll still have to roll back the bad update before you can install the new one. We've read reports that this is indeed possible, but unfortunately, Microsoft only offers generic guidance on troubleshooting blue screen of death crashes, not any specific steps to fix this specific issue.

The bad news: Intel has previously warned that the microcode update it issued to provide some processor-based mitigation for some kinds of Spectre attack was causing machines with Haswell and Broadwell processors to reboot. It turns out that the problems are more widespread than previously reported: the chip company is now saying that Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake systems are affected, too.

Intel says that it has reproduced the reboot issues and is working on identifying the root cause. It intends to ship a beta microcode to system builders next week.

What this means is that if you're lucky enough to have a system that is still being supported with firmware updates from its manufacturer—because let's be honest: good luck getting any firmware updates for any consumer PC or motherboard that's more than about 18 months old—you probably shouldn't install the firmware anyway. Unless, that is, you're in a high risk category such as a cloud host or VPS provider, in which case you'll just have to install it anyway, because the consequences of not upgrading are probably worse than the consequences of upgrading.

Channel Ars Technica