Intel is maintaining an open and transparent response to last week’s disclosure that many of its processors out in the field could be breached owing to the Meltdown and Sceptre vulnerabilities.
An open letter to technology industry leaders, Intel CEO Brian Krzanich writes: “Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible.
“As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration.
“In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
“As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
“Customer-First Urgency: By January 15, we will have issued updates for at least 90% of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritised by our customers.
“Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the website.
“Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
“We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
“The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.”
Navin Shenoy, executive vice-president and GM of the data centre group at Intel, says in his daily update that the company has received reports from a few customers of higher system reboots after applying firmware updates.
“Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data centre,” he says.
“We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to directly discuss the issue.
“End-users should continue to apply updates recommended by their system and operating system providers.”