The fallout from the Meltdown and Spectre CPU bugs rolls on. There’s a lot of reading on this topic, but here are some of the bullets you need to know:
- According to one experienced tester, the Meltdown patches “introduce the largest kernel performance regressions I’ve ever seen.”
- The early patches might be causing more harm than good … and it’s not just the performance hit. As noted by Security Week, “Both microcode and software updates designed to address the Spectre and Meltdown vulnerabilities have turned out to be buggy, often making systems unbootable or causing them to reboot more frequently.” Major software vendors including Microsoft stopped the patches due to instability.
- Intel is coming out with a new set of patches that supposedly avoid the reboots and other problems noted earlier. But considering Intel’s history of attempting to spin its way out of this PR mess and releasing half-baked fixes, I would take the news with a grain of salt.
- Long-term, the entire world has a big security problem on its hand that won’t be fixed until silicon platforms are rearchitected AND older systems are patched or replaced. This could take years.
If you’re trying to play catch-up with these flaws, the best to start is on this page created by security researchers, which includes links to advisories and patches put out by major vendors.This is an excerpt from Priority Payload Report.