Video: Meltdown-Spectre attack variants discovered

Intel is dropping plans to patch certain CPU families affected by the Meltdown and Spectre bugs, because it’s impractical or they’re not widely supported.

The chipmaker has spent the past few months releasing and re-releasing microcode updates to fix the Spectre variant 2 flaw. But while it’s rolled out updates for all processors launched in the past five years, it has now revealed some older CPUs won’t be patched at all.

Intel’s latest Microcode Revision Guidance, dated April 2, applies a new ‘stopped’ status to several CPU product families for which it had been developing microcode updates. The product families include chips from Intel’s Core, Celeron, Pentium, and Xeon-branded CPUs.

Most of the chips are older, with some starting production in 2008, and are probably less widely used today than the already patched Kaby Lake, Skylake, and Coffee Lake CPUs.

Intel says it stopped developing the Spectre variant 2 mitigations for at least one of three main reasons, including that it was impractical, the CPU was not widely supported, or that customers indicated the CPUs are running on closed systems.

“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating variant 2 CVE-2017-5715.

[SOURCE]