As part of its quest to ensure “transparency” after initially insisting that the fixes for design flaws in its chips wouldn’t cause problems, Intel acknowledged late Wednesday that those fixes were causing additional problems.
Crisis PR textbooks will be written about Intel’s response to the Meltdown and Spectre flaws, which compromise the security of nearly every Intel-powered computer built over the last 20 years. After it was forced to acknowledge the flaws ahead of schedule, Intel insisted in a Jan. 4th press release that “Industry Testing Shows Recently Released Security Updates Not Impacting Performance in Real-World Deployments.”
Last week, it acknowledged that wasn’t entirely true for server customers, and Wednesday it acknowledged that the patches are affecting its newest Skylake-series processors, which were released last year. Servers running the patches are experiencing “more frequent reboots” than they should be, Intel’s Navin Shenoy said in a blog post.
“We have reproduced these issues internally and are making progress toward identifying the root cause,” Shenoy said. New microcode will be released in beta next week, he said, after Intel starting telling select customers last week to avoid its initial patches.
Intel also reported new performance data based on its testing. Systems running Skylake processors for online transaction processing — a rather large segment of the computing world — can expect to see a four percent decrease in performance thanks to the patches. For workloads that need to write data to a storage component, the performance hit from the patches can be as high as 18 percent depending on CPU utilization. And in some storage-related cases, the impact can be as high as 25 percent.
Regular PC or Mac users don’t have a lot to worry about when patching their systems against Meltdown and Spectre, which take advantage of a processing technique that is used in a wide variety of chips, including smartphone processors. But cloud customers and the people responsible for maintaining their own data centers — powered almost exclusively by Intel’s chips — have been scrambling to deal with the fallout and are facing a tough question: do they patch and take the performance hit, or take the risk that hackers won’t find their systems and hope that Intel and its partners will soon find better ways to deal with the flaw?
The clock is running. A mysterious web page emerged Thursday morning promising details about exploits that take advantage of the flaws once Intel and operating system vendors have had a chance to review their code and respond. While the authenticity of that page can’t be verified at the moment, you can be sure that some of the people working to discover exploits for Meltdown and Spectre won’t be as polite.