Intel has accepted that its fix to the Spectre and Meltdown vulnerabilities are having an impact on performance of PCs, particularly that it's causing more reboots and slowing devices down.
The company's Data Centre boss said it has now issued updates to 90% of Intel CPUs that have been purchased in the last five years, but it's now working on fixing the problems the update has caused. Although it has fixed the vulnerabilities, securing Intel chip-powered devices from hackers, it has caused knock-on effects across the board.
"We have determined that similar behavior occurs on other products in some configurations, including Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms," Navin Shenoy said. "We have reproduced these issues internally and are making progress toward identifying the root cause. In parallel, we will be providing beta microcode to vendors for validation by next week."
The company tested the performance of devices running its processors - both on the client and data centre sides. The tests on its data centre systems do show a significant impact that changes according to the specific workloads and configurations a client has set up.
For example, systems running integer and floating point throughput, Linpack, STREAM, server-side Java and energy efficiency benchmarks have been affected by 0-2%, while online transaction processing benchmarks show a performance reduction of 4%.
I/O applications were harder to measure because of their range of variants. Stress testing the CPU in a 100% write resulted in an 18% performance reduction, but splitting that out to 70/30 read/write model, there was only a 2% reduction.
"In those areas where we are seeing higher impacts, we are working hard with our partners and customers to identify ways to address this," Shenoy added. "For example, there are other mitigations options that could yield less impact. More details on some of these options can be found in our white paper and in Google's post on their 'Retpoline' security solution."
-
New chapter, same partners: Keeping the channel aligned with changeIndustry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security pushNews The acquisition marks the latest in a string for Palo Alto Networks
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problemNews More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
