Security Issue Update: Progress Continues on Firmware Updates

By Navin Shenoy

Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.

More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.

Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.

Navin Shenoy is executive vice president and general manager of the Data Center Group at Intel Corporation.

1Source: United States Computer Emergency Response Team (US-CERT) – https://www.us-cert.gov/ncas/alerts/TA15-119A

About Intel
Intel (NASDAQ: INTC) expands the boundaries of technology to make the most amazing experiences possible. Information about Intel can be found at newsroom.intel.com and intel.com.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.