The bad news just doesn't seem to stop where Intel and the Speectre vulnerability are concerned. The latest bit of news comes directly from Intel, as the company admits that it's just not possible to address the Spectre vulnerability in some of its older hardware. This means that nine families of chips and more than 230 models of computers (mostly manufactured between 2007 and 2011) will remain vulnerable to Spectre forever.
The company has stopped Spectre mitigation development on the following families of chips:
- Bloomfield
- Clarksfield
- Gulftown
- Harpertown Xeon
- Jasper Forest
- Penryn
- SoFIA 3GR
- Wolfdale
- Yorkfield
A company spokesman had this to say about the recent announcement:
"We've now completed the release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback."
It's unfortunate, but not entirely unexpected. If you have any older Intel equipment still in service at your company, have your IT group check the processor family. If it's one of the above, it's well worth marking those systems high priorities for upgrades, and limiting their use until you can.
Spectre is a devastating flaw, and it's just not worth the risk to leave exposed systems connected to your network and in service. This is especially true now that it's official that no help is coming for certain older systems.
Even worse, AMD chips, which are not impacted by Spectre and Meltdown, have since been found to have their own critical security flaws. While not as bad or as pervasive as the two Intel is facing, they will nonetheless require the company to issue its own microcode updates, which they are currently scrambling to do.
The long and the short of it is that there really are no safe harbors anymore.