Replace: This story has been up to date at 12:04 PM to incorporate Intel’s rationalization of the brand new microcode.
In case your PC contains an Intel processor, it is going to seemingly obtain a mysterious new replace initially pushed out by the corporate on Friday.
Three issues about this launch are considerably regarding. First, Intel launched the brand new CPU microcode as an “out of band” or unscheduled launch. Second, it covers nearly every part Intel has available on the market at this time — courting all the best way again to the 2017 Eighth-gen Core (“Coffee Lake”) chips. (The code itself is on the Intel GitHub web page, itemizing all the affected processors as much as and together with Intel’s most up-to-date Thirteenth-gen Core chips. Intel Xeons are affected, too.) Lastly, the secretive and sudden nature of this patch raises eyebrows.
You don’t want to try to obtain and set up this code; motherboard distributors and even Microsoft itself will incorporate the safety launch inside updates for their very own merchandise. (Microsoft points its personal {hardware} drivers, particularly for the Floor notebooks and tablets it produces.) You’ll be able to most likely count on that the brand new code will present up in a Home windows replace or a BIOS replace from the board producer itself.
Like Microsoft, Intel usually publishes vulnerability info on what’s often known as “Patch Tuesday,” or the primary Tuesday of the month. (For instance, Intel launched info noting that its Sensible Campus Android app could possibly be used as a handheld Denial of Service (DOS) mechanism. Enjoyable!) The truth that this code launch wasn’t scheduled on that day signifies that Intel wasn’t conscious of the vulnerability then, and felt it was important sufficient to launch a patch on Friday fairly than ready for subsequent month.
So what’s all of the fuss about? We don’t know, though Intel did reply.
“Microcode 20230512 update released on May 12, 2023 does not contain any security updates and the note, [INTEL-SA-NA], is meant to convey that there are no applicable (Not Applicable) security updates in the package,” an Intel spokeswoman mentioned in an e mail. “The microcode update includes functional updates only (also documented in product erratum).”
So whereas we nonetheless don’t know what the microcode truly fixes, Intel’s response offers us a greater concept that the microcode isn’t truly a repeat of the Meltdown and Spectre bugs of 2018. That’s a aid.
