Intel Will No Longer Issue Spectre Patch For Some Older Chips (Updated)

Updated, 4/4/2018, 7:00am PT: Added Intel's statement.

Intel hinted in a previous microcode update guidance that some older chip architectures going back about a decade, such as Penryn, Yorksfield, and Wolfdale, would receive updates to address the Spectre vulnerability. However, in a recent microcode revision guidance, the company changed its mind.

Old Chips Forgotten

Intel announced that Penryn (launched in 2007), Yorkfield (2007), Wolfdale (2007), Bloomfield (2008), Clarksfield (2009), Nehalem-based Jasper Forest (2010), and Intel Atom “SoFIA” (2015) will no longer receive the Spectre patches, as originally promised.

The company gave the following reasons for no longer providing the patches:

After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)Limited Commercially Available System Software supportBased on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

But What’s The Real Reason?

It’s no secret that patching Spectre variant 2 wasn’t easy, as we’ve seen both Intel and Microsoft first bungle and then disable patches for this flaw. However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago. That's likely what Intel means by “limited commercially available system software support.”

Even though Intel develops the microcode update for its own processors, the update can be delivered only through a BIOS or OS update. If neither motherboard manufacturers nor Microsoft are willing to deliver the patches, then there’s not much point for Intel to develop them.

With the exception of the Intel Atom “SoFIA” chip, most of the others are indeed quite old chips, so this decision shouldn’t have too much of a negative impact on PC users and companies that bought Intel chips.

Intel later followed up to our inquiry, stating the following:

We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • zdzichu
    What a <mod edit> reason. microcode_ctl can be invoked to update microcode during runtime, or the microcode can be appended to kernel to be updated first. Linux distributions routinely ship microcode updates, so hiding behing BIOS vendors or Microsoft is a load of irrelevant crap.
    Reply
  • Clamyboy74
    lazy
    Reply
  • quallen
    you still have to get the microcode to the computer. and Linux is an OS, so the OS distributor is shipping updates, so where back to square one that the vole doesn't want to play.
    Reply
  • 10tacle
    So basically my ten year old Wolfdale E8400 retro gaming PC is going to be hung out to dry. Way to go Intel. The more I hear stories like this, the more my next build will be AMD.
    Reply
  • nobspls
    10 year old AMDs were hung out to dry from day one.
    Reply
  • 10tacle
    ^^LOL not going to argue that. But making a promise and breaking it like Intel did is not cool. Not cool at all.
    Reply
  • Myrmidonas
    I have only one word for you Intel.....kalamata.
    Reply
  • 10tacle
    20853769 said:
    I have only one word for you Intel.....kalamata.

    Knowing how Apple loves to control things, that to me sounds like getting out of frying pan and jumping into the fire.
    Reply
  • vern72
    My Eaglelake gets no love...
    Reply
  • ElectrO_90
    My car was made prior to 2007, oh well, there is a huge design flaw... buy a new one - ain't my problem.
    Losing everything through a hack, can be like losing a limb in an accident. It will cripple you, and the people who made the product are and should be made responsible in making it safe.
    Reply