Intel won't patch a new series of Spectre-related flaws in its chips for another 12 days, it is reported.
Fixes for the flaws, known as 'Spectre Next Generation', were scheduled for 7 May, but the chip manufacturer is allegedly having issues getting the updates ready in time, needing another two weeks to do so. This pushes the release date back to 21 May.
This is according to a report in German IT publication Heise, which suggests the patches could take even longer to arrive.
The flaws were originally reported earlier this month and are caused by the same design issue responsible for the original Spectre vulnerabilities. Around eight flaws have been discovered but technical details about them are yet to be published. Each flaw has a CVE number and each requires a patch to fix the issue.
Spectre Next Generation flaws affect Core i processors and their Xeon derivatives as far back as 2010, Heise reports. These are common Intel processors found in desktops, laptops and servers.
The flaws also reportedly affect Atom-based Pentium, Celeron and Atom processors dating back to 2013 as well as those powering tablets, smartphones and embedded devices.
One of the most troublesome flaws affects Core i and Xeon chips, allowing hackers to attack systems and virtual machines from a compromised VM. These flaws may not be fixed until the middle of August.
As well as microcode patches from Intel, fixes for the operating system will also be necessary, the publication said.
An Intel spokeswoman said in a statement sent to IT Pro: "Protecting our customers' data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalise mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date."
-
ePrivate 5G and partner ecosystems: The blueprint for intelligent infrastructureIndustry Insights Private 5G networks and collaboration between technology partners underpin the next wave of innovation and enterprise digital transformation
-
Manufacturers report millions in losses as downtime wreaks havoc on operationsNews UK manufacturers are losing up to £736 million every week due to downtime, according to new research, with outages lasting for several days on end.
-
Blackpoint Cyber and NinjaOne partner to bolster MSP cybersecurityNews The collaboration combines Blackpoint Cyber’s MDR expertise with NinjaOne’s automated endpoint management platform
-
Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerability – and more than 100 device models are impactedNews Widely used in high-security environments, the PCs are vulnerable to attacks allowing the theft of sensitive data
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be foundNews A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
-
Busting nine myths about file-based threatsWhitepaper Distinguish the difference between fact and fiction when it comes to preventing file-based threats
-
The threat prevention buyer's guideWhitepaper Find the best advanced and file-based threat protection solution for you
-
The Total Economic Impact™ of the Intel vPro® Platform as an endpoint standardWhitepaper Cost savings and business benefits enabled by the Intel vPro® Platform as an endpotnt standard
-
The Total Economic Impact™ of IBM Security MaaS360 with WatsonWhitepaper Cost savings and business benefits enabled by MaaS360
-
WithSecure Elements EPP and EDR review: Endpoint protection on a plateReviews An affordable cloud-managed solution with smart automated remediation services
