Written byPatrick Howell O'Neill
One day after the Spectre and Meltdown bugs were revealed to impact virtually every processor sold over the last two decades, Intel promised to deploy a range of software and firmware updates by the end of next week for over 90 percent of processor products sold within the last five years.
The updates, some of which have already started deploying, will “render those systems immune from both exploits,” according to Intel’s Thursday statement.
Machines with processors older than five years will be issued fixes in the future. An Intel spokesperson told CyberScoop that the company is developing updates for older products.
One of the major concerns with these bugs was some of the fixes resulted in as much as a 30 percent performance dip on certain machines. That’s not a number likely to be seen on an average home or office computer, but when it comes to the huge cloud infrastructures maintained by companies like Amazon, the potential for significant slowing is real.
“After patching, performance may be diminished by up to 30 percent,” according to a new report from the United States Computer Emergency Readiness Team (US-CERT). “Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.”
Some Amazon cloud customers have already been complaining about slowdowns as far back as December when updates first went out, the Register reports. However, the impact can vary depending on exactly what software the computer is running.
“Immediately following the reboot my server running on this instance started to suffer from CPU stress,” one Amazon Web Services user said last month after installing security updates to their server.
Intel has both denied that the bugs cause performance problems and said impacts are real but “workload-dependent.”
For the average computer user, the performance hit should not be significant and will be mitigated over time, an Intel spokesperson said.
US-CERT is encouraging everyone to apply new security patches quickly and regularly in response to the newly publicized bugs. The agency put together a comprehensive list of updates available here.