1 Reply Latest reply on Jan 22, 2018 1:55 PM by Intel Corporation

    Security Announcement INTEL-SA-00088

    Patrick_Long

      I have read the Security Announcement Intel-SA-00088 from 1/17/2018 and I'm struggling to understand the lack of complete transparency regarding the higher reboots cited under the recently-released microcode updates; at first appearing to only affect Haswell and Broadwell processors - but now seeming to effect a much larger spectrum of processors per Intel's internal testing as stated in both INTEL-SA-00088 as well as the Side-Channel Analysis Facts document . The Security Announcement states:

       

      “For PCs and Data Center infrastructure, Intel recommends that patches be applied as soon as they are available from your system manufacturer, and software vendors

      For data center infrastructure, Intel additionally recommends that IT administrators evaluate potential impacts from the reboot issue and make decisions based on the security profile of the infrastructure”

       

      As an IT administrator, how can Intel reasonably ask me to “evaluate potential impacts from the reboot issue and make decisions” when there is NO public data describing the precise reboot findings, as best I can tell? For example, the phrase “in some configurations” appears three times in that statement without ANY indication of which specific configurations fit the reboot risk profile. That omission leads me to believe that either the configurations that are at risk are not strictly identifiable at this point  - OR that the answer to that question will eventually be revealed to be “all configurations using the specified processors which run User mode programs”.  I know that sounds cynical, but without specific evidence to the contrary I have to err on the side of caution.

       

      Can anyone point out a good technical resource with specific details of the Intel Sightings reboot issue? Specifically the “some configurations” under which the described "higher reboots" for all these processors under new microcode have been observed?

        • 1. Re: Security Announcement INTEL-SA-00088
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello, Patrick_Long.

          I understand you would like to know more information about the SA-00088 vulnerability issue. Allow me to help you regarding this issue you are facing.

          I understand your frustration and that the performance of your devices is very important nevertheless, we are still working hard to provide a solution as soon as possible. Please verify as well with your operating system vendors and system manufacturers, and apply any available updates as soon as they are available. You should do this whether you use an Intel-based system, or other computer or mobile device.

          When we have more information it will be posted on the Side-Channel Analysis Facts and Intel® Products.


          Antony S.