The Meltdown and Spectre vulnerabilities, which leave every single Intel CPU made in the last 10 years open to attack, have been, for the most part, patched. But according to a new Intel document, a handful of processor types will never be patched for Spectre Variant 2, the vulnerability that affects nearly all modern CPUs and allows bad actors to potentially access some of your most sensitive data.
Photo: Alex Cranz (Gizmodo)
[referenced url=”https://gizmodo.com.au/2018/01/what-we-know-so-far-about-meltdown-and-spectre-the-devastating-vulnerabilities-in-modern-cpus/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/du2phy5psbh5o8xffpio.png” title=”What We Know So Far About Meltdown And Spectre, The Devastating Vulnerabilities In Modern CPUs” excerpt=”This week, news of massive security vulnerabilities afflicting every modern model of Intel processor went public, even as developers for practically every major platform frantically rushed to roll out fixes. Much more information has now become available about Meltdown and Spectre, a group of attack methods malicious parties could use to break into some of the most sensitive inner workings of any device using the affected CPUs.”]
Not patching a vulnerable CPU may seem like a poor decision on Intel’s side, but the chips that will remain unpatched are all eight to 10 years old and not likely found in many active systems. In fact, in the Microcode Revision Guide released on April 2, Intel claims that one decision to leave these CPUs unpatched was due to “Limited Commercially Available System Software support”. That’s a fancy way of saying computer makers no longer supported the systems that contained the CPUs.
The other reasons Intel cited for not patching affected CPUs were that characteristics within the microarchitecture of some of the chips made a practical implementation of the patch difficult, and because some of the chips were only used on “closed loop” systems that can’t be accessed via an external network
Of the CPUs Intel is refusing to patch, nearly all of them are used on servers – not in the laptops and desktop computers most of us use daily. The one exception are chips based on the Penryn microarchitecture. Those CPUs, when found in laptops and desktops, had names such as Core 2 Duo and Core 2 Quad and were used in computers made by Dell, Apple and every other major computer maker. But Penryn is now nearly 11 years old, and the number of people still using computers with Penryn inside is likely (and hopefully!) very small.
Still, if you are one of those people with an ancient Intel Core 2 Duo MacBook… it might be time to upgrade. Your system isn’t getting patched any time soon.