By Navin Shenoy
Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.
Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.
Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.
This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.
Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.
Navin Shenoy is executive vice president and general manager of the Data Center Group at Intel Corporation.
1Source: United States Computer Emergency Response Team (US-CERT) – https://www.us-cert.gov/ncas/alerts/TA15-119A