Intel has published a microcode update guidance that confirms that it won’t be patching up the Spectre and Meltdown design flaws in all of its processors — mostly the older ones.
The company has rolled out microcode updates to fix the Spectre v2 vulnerability for many of its processors going back to the second generation Core (Sandy Bridge).
Reportedly, there were further plans of issuing updates, but in the latest guidance, Intel has essentially put an end to their microcode program.
Intel’s latest guidance has a list of several chipsets that have a “Stopped” status marked against them, denoting they won’t be receiving any further patches.
The microcode updates will be discontinued due to one or more following reasons:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
- Limited Commercially Available System Software support
- Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
This means that the processors won’t be updated if the Spectre v2 vulnerability of a chipset is too tricky to be fixed or if the customer thinks that the hardware has a low chance of getting exploited — if it is completely cut off from the outside world.
Although most of the CPUs in the “stopped” list are oldies that were sold between 2007 and 2011. So only a small fraction of them are likely to be in normal use.