Microsoft Pauses Meltdown Patches For Some AMD Processors, Blames AMD

Like every major tech company, Microsoft has been pushing out updates to help mitigate the unprecedented vulnerabilities known as Meltdown and Spectre. But some Windows users found that the update rendered their PCs unusable, and now Microsoft has paused the update in some cases until it can fix the problem.

Image Source: Microsoft/Graz University of Technology/Natascha Eibl

Last week, complaints started appearing on Microsoft discussion boards with users saying they encountered a boot failure after updating. Multiple outlets claimed the update was "bricking" PCs. That wasn't exactly the case, but some unfortunate people with AMD processors did find themselves having to perform a reinstall.

The Verge points out that Microsoft has issued a statement on its blog addressing the problem. It reads in part:

Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

Microsoft did not go into detail on which devices are causing issues and the statement refers all device-specific questions to AMD. We reached out to AMD to request a list of affected devices and but had not heard back at time of writing.

Intel has received the bulk of the criticism surrounding this particular security Armageddon. Most of its processors manufactured after 1995 include the Meltdown and Spectre vulnerabilities. Researchers at Google's Project Zero explained last week that Meltdown is the scariest of the two issues and is primarily a problem for Intel. The vulnerability takes advantage of a technique called speculative execution, which improves CPU performance by predicting future calculations that it might need to make. Intel heavily relies on this process. Meltdown gives a bad actor the opportunity to access the memory sitting between the operating system and the programs it runs. Spectre, on the other hand, is only an issue inside web browsers, but it's also a problem for some AMD and ARM processors, as well as Intel.

Microsoft, Google, Amazon and Apple have all rolled out patches for their services in the last week. In its statement regarding the latest update, Apple said Spectre's techniques "are extremely difficult to exploit, even by an app running locally on a Mac or iOS device", but "they can be potentially exploited in JavaScript running in a web browser".

While Microsoft is getting this all worked out, you should be careful with Javascript ads and popups in the browser. And if you've already downloaded the updates and encountered boot problems, Microsoft has troubleshooting help for Windows 10, Windows 8.1 and Windows 7. If you're still running Vista, for the love of God, stop running Vista.

While Google and Amazon have reported that they have seen "negligible impact" on performance from security fixes, it seems that initial fears that patches will harm performance are a reality. This is an architectural issue and it can't simply be fixed with a patch. Microsoft and others are just distributing a workaround that should help with protection but doesn't solve the issue.

Intel's CEO Brian Krzanich made his previously scheduled appearance at CES on Monday night local time and confirmed that in rare cases, processors could see up to a 30 per cent hit in performance. According to Bloomberg, he told attendees, "we believe the performance impact of these updates is highly workload-dependent."

Also, in case you were wondering, the NSA has officially denied that it was previously aware of the vulnerabilities. Sure, guys.

[Microsoft via The Verge]



    Ermm, Spectre is not just an issue inside web browsers - any application is capable of exploiting Spectre. The point about web browsers is that remote code exploits are also possible using JavaScript through web browsers, this this becomes a significantly greater risk for those meandering about the web.

    Ok so when are they going to own the constant bricking of non tested forced updates which has nothing to do with anything but themselves? IT industry is a consequence free joke.

    But hey, letting Windows update any time it wants and trying to stop the user controlling the updates is a good thing, right?

    #facepalm Microsoft screwed up guys, no two ways about it. AMD has stated both openly and in the Linux kernel mailing lists that their processors are completely unaffected by Meltdown. They handle kernel security by assuming that user space code on the system won't behave and from what I understand have a completely separate memory area just for the kernel.

    You guys really need to up your research game. You'll find that unless Microsoft ignored AMD's commit to the Linux Kernel that was literally "if manufacturer not AMD set insecure flag" the issue is actually to do with Microsofts handling of Spectre which AMD isn't as vulnerable to because you still wouldn't be able to get access to kernel memory but... I'm guessing Microsoft assumed that you could soooo.

Join the discussion!