Skip to main content

Intel decides not to patch Spectre vulnerability for older processors

Intel Announces The Xeon 5100 Microprocessor For Servers
Court Mast/Intel via Getty Images

Intel revealed that it will not be issuing Spectre patches to a number of older Intel processor families, potentially leaving many customers vulnerable to the security exploit. Intel claims the processors affected are mostly implemented as closed systems, so they aren’t at risk from the Spectre exploit, and that the age of these processors means they have limited commercial availability.

The processors which Intel won’t be patching include four lines from 2007, Penryn, Yorkfield, and Wolfdale, along with Bloomfield (2009), Clarksfield (2009), Jasper Forest (2010) and the Intel Atom SoFIA processors from 2015. According to Tom’s Hardware, Intel’s decision not to patch these products could stem from the relative difficulty of patching the Spectre exploit on older systems.

“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products,” Intel said. “Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”

Because of the nature of the Spectre exploit, patches for it need to be delivered as an operating system or BIOS update, and if Microsoft and motherboard OEMs aren’t going to distribute the patches, developing them isn’t much of a priority.

“However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago,” Tom’s Hardware reports.

It sounds bad, but as Intel pointed out, these are all relatively old processors — with the exception of the Intel Atom SoFIA processor, which came out in 2015 — and it’s unlikely they’re used in any high-security environments. The Spectre exploit is a serious security vulnerability to be sure, but as some commentators have pointed out in recent months, it’s not the kind of exploit the average user needs to worry about.

““We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero,” said an Intel spokseperson. “However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”

If you have an old Penryn processor toiling away in an office PC somewhere, you’re probably more at risk for a malware infection arising from a bad download than you are susceptible to something as technically sophisticated as the Spectre or Meltdown vulnerabilities.

Editors' Recommendations

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
New HP Spectre x360 16 ditches Nvidia, embraces Intel Arc
The new HP Spectre x360 16 in use on a desk.

The rollout of Intel's highly anticipated discrete GPUs has been slow and confusing. But today, they just scored a big win with the announcement that HP's most premium laptop, the Spectre x360 16, will be sold with Intel's Arc instead of Nvidia's RTX graphics.

The new Spectre x360 16 comes with an option for an Arc A370M on board, in addition to an option for Iris Xe graphics for the $1,650 base configuration. The Arc A370M comes with 4GB of GDDR6 dedicated memory. That is on top of the 16GB or 32GB of onboard device RAM, as well as the up to 2TB NVMe solid-state drive on the device.

Read more
AMD’s defenses against Spectre V2 may be inadequate
Ryzen 5000 APU on a red background.

Just a few days ago, Intel and ARM chips were once again found to be affected by the Spectre V2 vulnerability, also known as branch history injection (BHI). AMD processors were thought to be safe at the time.

Unfortunately, further research shows that AMD is not immune to Spectre V2, and its previous measures may be inadequate, bringing performance drops of up to 54%.

Read more
The Spectre flaw is back — and Intel Alder Lake isn’t safe
Intel Alder Lake pin layout.

Intel CPUs have been subjected to several significant security vulnerabilities in recent years, namely Meltdown and Spectre. Now, the latter has made an appearance once again.

As reported by Tom’s Hardware and Phoronix, security research group VUSec and Intel confirmed the existence of a new speculative execution vulnerability labeled branch history injection (BHI).

Read more