Like every major tech company, Microsoft has been pushing out updates to help mitigate the unprecedented vulnerabilities known as Meltdown and Spectre. But some Windows users found that the update rendered their PCs unusable, and now Microsoft has paused the update in some cases until it can fix the problem.
Image Source: Microsoft/Graz University of Technology/Natascha Eibl
Last week, complaints started appearing on Microsoft discussion boards with users saying they encountered a boot failure after updating. Multiple outlets claimed the update was "bricking" PCs. That wasn't exactly the case, but some unfortunate people with AMD processors did find themselves having to perform a reinstall.
Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.
Microsoft did not go into detail on which devices are causing issues and the statement refers all device-specific questions to AMD. We reached out to AMD to request a list of affected devices and but had not heard back at time of writing.
Intel has received the bulk of the criticism surrounding this particular security Armageddon. Most of its processors manufactured after 1995 include the Meltdown and Spectre vulnerabilities. Researchers at Google's Project Zero explained last week that Meltdown is the scariest of the two issues and is primarily a problem for Intel. The vulnerability takes advantage of a technique called speculative execution, which improves CPU performance by predicting future calculations that it might need to make. Intel heavily relies on this process. Meltdown gives a bad actor the opportunity to access the memory sitting between the operating system and the programs it runs. Spectre, on the other hand, is only an issue inside web browsers, but it's also a problem for some AMD and ARM processors, as well as Intel.
While Google and Amazon have reported that they have seen "negligible impact" on performance from security fixes, it seems that initial fears that patches will harm performance are a reality. This is an architectural issue and it can't simply be fixed with a patch. Microsoft and others are just distributing a workaround that should help with protection but doesn't solve the issue.
Intel's CEO Brian Krzanich made his previously scheduled appearance at CES on Monday night local time and confirmed that in rare cases, processors could see up to a 30 per cent hit in performance. According to Bloomberg, he told attendees, "we believe the performance impact of these updates is highly workload-dependent."
Also, in case you were wondering, the NSA has officially denied that it was previously aware of the vulnerabilities. Sure, guys.