Like every major tech company, Microsoft has been pushing out updates to help mitigate the unprecedented vulnerabilities known as Meltdown and Spectre. But some Windows users found that the update rendered their PCs unusable, and now Microsoft has paused the update in some cases until it can fix the problem.
On Monday, complaints started appearing on Microsoft discussion boards with users saying they encountered a boot failure after updating. Multiple outlets claimed the update was “bricking” PCs. That wasn’t exactly the case, but some unfortunate people with AMD processors did find themselves having to perform a reinstall.
The Verge points out that Microsoft has issued a statement on its blog addressing the problem. It reads in part:
Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.
Microsoft did not go into detail on which devices are causing issues and the statement refers all device-specific questions to AMD. We’ve reached out to AMD to request a list of affected devices and we’ll update this post when we know more. Update: AMD sent us the following statement, “AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.”
Intel has received the bulk of the criticism surrounding this particular security Armageddon. Most of its processors manufactured after 1995 include the Meltdown and Spectre vulnerabilities. Researchers at Google’s Project Zero explained last week that Meltdown is the scariest of the two issues and is primarily a problem for Intel. The vulnerability takes advantage of a technique called speculative execution, which improves CPU performance by predicting future calculations that it might need to make. Intel heavily relies on this process. Meltdown gives a bad actor the opportunity to access the memory sitting between the operating system and the programs it runs. Spectre, on the other hand, is only an issue inside web browsers, but it’s also a problem for some AMD and ARM processors, as well as Intel. Though Microsoft’s statement mentions both Meltdown and Spectre, AMD tells us that this patch was only intended to deal with Spectre.
Microsoft, Google, Amazon, and Apple have all rolled out patches for their services in the last week. In its statement regarding the latest update, Apple said Spectre’s techniques “are extremely difficult to exploit, even by an app running locally on a Mac or iOS device,” but “they can be potentially exploited in JavaScript running in a web browser.”
While Microsoft is getting this all worked out, you should be careful with Javascript ads and popups in the browser. And if you’ve already downloaded the updates and encountered boot problems, Microsoft has troubleshooting help for Windows 10, Windows 8.1, and Windows 7. If you’re still running Vista, for the love of God, stop running Vista.
While Google and Amazon have reported that they’ve seen “negligible impact” on performance from security fixes, it seems that initial fears that patches will harm performance are a reality. This is an architectural issue and it can’t simply be fixed with a patch. Microsoft and others are just distributing a workaround that should help with protection but doesn’t solve the issue.
Intel’s CEO Brian Krzanich made his previously scheduled appearance at CES on Monday night and confirmed that in rare cases, processors could see up to a 30 percent hit in performance. According to Bloomberg, he told attendees “we believe the performance impact of these updates is highly workload-dependent.”
Also, in case you were wondering, the NSA has officially denied that it was previously aware of the vulnerabilities. Sure, guys.
Clarification: This post has been updated to reflect AMD’s assertion that the patch that was halted was only intended to fix Spectre vulnerabilities.