Leading chip-maker Intel, which is under fire for flaws in processor design that rendered millions of computer and mobile devices vulnerable to security threats like Spectre and Meltdown, the company has issued a new updated Microcode Revision Guidance (MRG) report with a list of chipsets, which won't get security software patch. 

In the new update, Intel has admitted that it won't be able to fix the Spectre v2 flaw in as many as 230 older chipset variants used in thousands of branded computers across the world.

Why Intel won't patch the bug in those processors anymore?

Based on an internal study and customer feedback, Intel has decided to stop releasing the microcodes to patch the security loopholes in devices [listed below] due to the following factors.

  • Flawed micro-architectural characteristics in some chips prohibit any practical implementation of features to mitigate the Variant 2 (CVE-2017-5715) of the Spectre vulnerability
  • Limited commercially available system software support
  • Based on customer inputs, most of these products are implemented as "closed systems" and therefore are less likely to be exposed to these vulnerabilities

"We've now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback," Intel spokesperson said to International Business Times, India Edition.

On the bright side, the impact of the Intel's move will be very limited, as affected devices were manufactured and sold between 2007 and 2011, and some might not even be in use right now.

Also, Intel is very much committed to fix devices (more than 9 years old) affected by Spectre and Meltdown vulnerabilities. It has promised to update its MRG report with support details for more devices soon.

Intel, Spectre variant 2, software patch
[Representational Image] Intel won’t be able to fix the Spectre v2 flaw in 130 older chipset variants found in thousands of computers across the world. In Picture: A man types on a computer keyboardREUTERS/Kacper Pempel/Illustration/File Phot

List of Intel chips not eligible for software patch for Spectre v2 vulnerabilities:

Products name Public name CPU-ID Platform ID Prodcution status PreMitigation Production MCU
Bloomfield
  • Intel® Core™ Processor Extreme Edition i7-975
  • Intel® Core™ Processor i7-920, 930, 950, 960
 106A4 03 Stopped 0x13
Bloomfield
  • Intel® Core™ Processor Extreme Edition i7-965
  • Intel® Core™ Processor i7-920, 940
 106A5 03 Stopped 0x1B
Bloomfield Intel® Xeon® Processor W3520, W3530, W3540, W3550, W3565, W3570, W3580 106A5 03 Stopped 0x1B
Clarksfield
  • Intel® Core™ Extreme Processor i7-920XM, 940XM
  • Intel® Core™ Processor i7-720QM, 740QM, 820QM, 840QM
 106E5 13 Stopped 0x08
Gulftown
  • Intel® Core™ i7-970, 980
  • Intel® Core™ Processor Extreme Edition i7-980X, 990X
  • Intel® Xeon® Processor W3690
 206C2 03 Stopped 0x1E
Harpertown Xeon C0
  • Intel® Xeon® Processor L5408, L5410, L5420
  • Intel® Xeon® Processor E5405,E5410,E5420,E5430, E5440, E5450, E5462, E5472
  • Intel® Xeon® Processor X5450, X5460, X5470, X5472, X5482
 10676 40 Stopped 0x612
Harpertown Xeon E0
  • Intel® Xeon® Processor L5408, L5410, L5420, L5430
  • Intel® Xeon® Processor E5405,E5410,E5420,E5430, E5440, E5450, E5462, E5472
  • Intel® Xeon® Processor X5450, X5460, X5470, X5492
 1067A 44 Stopped 0xA0E
Jasper Forest
  • Intel® Celeron® Processor P1053
  • Intel® Xeon® Processor EC3528, EC3529, EC5509, EC5539, EC5549, LC3518, LC3528, LC5518, LC5528
 106E4 09 Stopped 0x4
Penryn/QC
  • Intel® Core™2 Extreme Processor X9000, X9100
  • Intel® Core™2 Quad Processor Q9000, Q9100
  • Intel® Core™2 Duo Processor T6400, T6500, T6670, T8100, T8300, T9300, T9400, T9500, T9550, T9600, T9800, T9900, SU9300, SU9400, SU9600, SP9300, SP9400, SP9600, SL9380, SL9400, SL9600, SL9300, P7350, P7370, P7450, P7550, P7570, P8400, P8600, P8700, P8800, P9500, P9600, P9700
  • Intel® Core™2 Solo Processor SU3500, ULV SU3500, ULV SU3300
  • Intel® Pentium® Processor T4200, T4300, T4400, T4500
  • Intel® Celeron® Processor 900, 925, SU2300, T3100, T3300, T3500, ULV 763
  • Intel® Celeron® M Processor ULV 722, ULV 723, ULV 743
 1067A B1 Stopped 0xA0E
SoFIA 3GR Intel® Atom® Processor x3-C3200RK, x3-C3230RK 506D1 02 Stopped ------
Wolfdale C0, M0 I Intel® Core™ 2 Duo Processor E7200, E7300, E8190, E8200, E8300, E8400, E8500 10676 91 Stopped 0x612
Wolfdale E0, R0
  • Intel® Core™ 2 Duo Processor E7400, E7500, E8400, E8500, E8600
  • Intel® Pentium® Processor E5200, E5300, E5400, E5500, E5700, E5800, E6300, E6500, E6500K, E6600, E6700, E6800
  • Intel® Celeron® Processor E3200, E3300, E3400, E3500
 1067A B1 Stopped 0xA0E
Wolfdale Xeon C0 Intel® Xeon® Processor E3110, E5205, E5220, L5240, X5260, X5272 10676 04 Stopped 0x612
Wolfdale Xeon E0 Intel® Xeon® Processor E3110, E3120, E5205, E5220, L3110, L5215, L5240, X5260, X5270, X5272 1067A 44 Stopped 0xA0E
Yorkfield
  • Intel® Core™2 Extreme Processor QX9650, QX9770, QX9775
  • Intel® Core™2 Quad Processor Q8200, Q8200S, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650
 10677 10 Stopped 0x70D
Yorkfield Xeon Intel® Xeon® Processor L3360, X3320, X3330, X3350, X3360, X3370, X3380 10677 10 Stopped 0x70D

For more information on chipsets eligible for Intel security updates, check here.

Here's how Spectre and Meltdown bugs make devices vulnerable 

In January 2018, cybersecurity experts of Google Project Zero team discovered two deadly vulnerabilities—Spectre and Meltdown—in computers and mobile devices powered by Intel, AMD, ARM Holdings and other chipsets.

The Spectre and Meltdown take advantage of "speculative execution," a technique used by almost all modern processors (CPUs) to optimize performance.

For those unaware, the CPU, in its bid to increase the performance, predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory such as passwords, encryption keys, or sensitive information, including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Tests conducted by Google Project Zero research team, also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

As of now, most of the computer makers Microsoft, Apple, and others -- in association with chip-makers Intel, AMD and ARM Holdings-- have released the software patch for most of their products.

Stay tuned. Follow us @IBTimesIN_Tech on Twitter for the latest news on cybersecurity.

Also Read