CHIPMAKER AMD has begun rolling out microcode updates for its processors affected by the Spectre vulnerability.
The microcode update fixes Variant 2 of the vulnerability, CVE-2017-5715, and has been supplied to PC and motherboard makers to include in forthcoming BIOS updates.
The updates released by AMD cover products released as far back as 2011, AMD claims, even offering a fix for the first microprocessors of the Bulldozer line.
As part of the same vulnerability patch, Microsoft has released an update in the form of KB4093112, which also includes special OS-level patches for AMD users with regard to the Spectre v2 vulnerability.
This patch is somewhat similar to the operating system-level updates that were released for Linux users earlier this year, and this time comes in Microsoft's Patch Tuesday release for April.
The KB4093112 update included in this patch release contains additional Spectre v2 mitigations which weren't originally included in the January 2018 Patch Tuesday roll out. AMD says these are necessary to completely alleviate the problems caused by Spectre v2.
"These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows," said AMD chief technology officer Mark Papermaster.
Last week, Intel warned that it won't be able to provide a fix for the second variant of the Spectre flaw for some of its older CPUs, including its Bloomfield Xeon, Clarksfield, Gulftown, and Yorkfield processor lines.
In new microcode revision guidance released by the chipmaker, Intel added a "stopped" status to its microcode updates relating to the Meltdown and Spectre flaws. This indicates that it won't be issuing patches to fully mitigate the vulnerabilities affecting a large number of its microprocessors still in use.
Intel said: "After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following: Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715); Limited Commercially Available System Software support; based on customer inputs, most of these products are implemented as "closed systems" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities." µ
Sadly that doesn't include offering you a beer
It's like the Hokey Cokey only for the stock market
FruityArmor and SandCat have already made use of the privilege escalation bug
A small village in Siberia will eat well tonight