Microsoft issues a Windows patch to disable Intel’s buggy Spectre fix

Spectre and Meltdown are causing all kinds of headaches, though not because anyone is exploiting them. Instead, it's the resulting patches that are causing most of the problems, including performance issues and random reboots. To deal with the latter, Microsoft has issued an out-of-band security update for Windows.

Random reboots are not just an inconvenience, they can corrupt data and lead to data loss. That's especially problematic for mission critical PCs. Unfortunately, Intel's first round of patches designed to mitigate Spectre and Meltdown were found to be buggy, causing some systems to reboot at random times.

Intel believes it has found the problem and is testing out a new round of updates.

"We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed," Intel said last week.

In the meantime, Microsoft is updating Windows to undo the damage done by Intel's initial patch.

"While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715—'Branch target injection vulnerability'. In our testing this update has been found to prevent the behavior described," Microsoft said.

Put another way, the Windows patch disables one of the Spectre mitigations (variant 2) from Intel's patch. It applies to Windows 7 (SP1), Windows 8.1, and all version of Windows 10, for both client and server PCs. Anyone running an impacted device can apply the update by downloading it from the Microsoft Update Catalog website.

For users who might be wary of disabling the mitigation, Microsoft notes that there are no known reports of anyone using the exploit to attack customers.