Intel updated its patching guidance for Spectre this week in an attempt to continue the process of fixing the critical security flaw which has taken long. Prior to this time Intel had said it planned to patch all affected chips, today the company made it clear that some product lines won’t receive updates, this is because most of the product lines are old and not widely used and they include: Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Wolfdale line, and the Yorkfield line.
Intel stated that it has stopped production of these fixes for three reasons which are:
-Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
-Limited Commercially Available System Software support
-Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
One would expect that most companies have upgraded some of these older systems which have been around since the year 1998. But at the very least one of these chips, the SoFIA 3G, is from the year 2015 and as such is not that old. It appears as if Intel cannot figure out how to fix its entire product portfolio and is instead recommending users to upgrade their processor it they desire protection.
The company has struggled continually in the attempt to patch Spectre. Earlier this year, it recommended that users should stop distributing these patches because they caused constant reboots. Later, it adjusted the fixes and resumed the suspended rollout. We are currently in the month of April and yet the company is yet to fix a security flaw it discovered about a year ago, all it has done is continue to work on patches, that doesn’t denote that the company is doing well.