Intel revealed Vulnerability-related.DiscoverVulnerability that it will not be issuing Vulnerability-related.PatchVulnerability Spectre patches to a number of older Intel processor families , potentially leaving many customers vulnerable to the security exploit . Intel claims the processors affected are mostly implemented as closed systems , so they aren ’ t at risk from the Spectre exploit , and that the age of these processors means they have limited commercial availability . The processors which Intel won ’ t be patching Vulnerability-related.PatchVulnerability include four lines from 2007 , Penryn , Yorkfield , and Wolfdale , along with Bloomfield ( 2009 ) , Clarksfield ( 2009 ) , Jasper Forest ( 2010 ) and the Intel Atom SoFIA processors from 2015 . According to Tom ’ s Hardware , Intel ’ s decision not to patch Vulnerability-related.PatchVulnerability these products could stem from the relative difficulty of patching Vulnerability-related.PatchVulnerability the Spectre exploit on older systems . “ After a comprehensive investigation of the microarchitectures and microcode capabilities for these products , Intel has determined to not release Vulnerability-related.PatchVulnerability microcode updates for these products , ” Intel said . Because of the nature of the Spectre exploit , patches for it need to be delivered Vulnerability-related.PatchVulnerability as an operating system or BIOS update , and if Microsoft and motherboard OEMs aren ’ t going to distribute Vulnerability-related.PatchVulnerability the patches , developing Vulnerability-related.PatchVulnerability them isn ’ t much of a priority . “ However , the real reason Intel gave up on patching Vulnerability-related.PatchVulnerability these systems seems to be that neither motherboard makers nor Microsoft may be willing to update Vulnerability-related.PatchVulnerability systems sold a decade ago , ” Tom ’ s Hardware reports . It sounds bad , but as Intel pointed out , these are all relatively old processors — with the exception of the Intel Atom SoFIA processor , which came out in 2015 — and it ’ s unlikely they ’ re used in any high-security environments . The Spectre exploit is a serious security vulnerability to be sure , but as some commentators have pointed out in recent months , it ’ s not the kind of exploit the average user needs to worry about . “ We ’ ve now completed release Vulnerability-related.PatchVulnerability of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered Vulnerability-related.DiscoverVulnerability by Google Project Zero , ” said an Intel spokseperson . “ However , as indicated in our latest microcode revision guidance , we will not be providing Vulnerability-related.PatchVulnerability updated microcode for a select number of older platforms for several reasons , including limited ecosystem support and customer feedback. ” If you have an old Penryn processor toiling away in an office PC somewhere , you ’ re probably more at risk for a malware infection arising from a bad download than you are susceptible to something as technically sophisticated as the Spectre or Meltdown vulnerabilities .

AMD has acknowledged Vulnerability-related.DiscoverVulnerability the Ryzenfall vulnerabilities discovered Vulnerability-related.DiscoverVulnerability by CTS-Labs , though the chip company believes the flaws can be patched Vulnerability-related.PatchVulnerability via BIOS updates issued Vulnerability-related.PatchVulnerability over the next few weeks . In a blog post authored by AMD ’ s chief technical officer , Mark Papermaster , AMD confirmed that the four broad classifications of attacks—Masterkey , Ryzenfall , Fallout , and Chimera—are viable , though they require administrative access to the PC or server in question . Third-party protection , such as Microsoft Windows Credential Guard , also serve to block unauthorized administrative access , Papermaster wrote . In any event , “ any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research , ” AMD ’ s Papermaster added . But AMD also provided the answer to consumers ’ most pressing question : What , if anything , needs to be done ? For each of the first three classifications of vulnerabilities , AMD said it is working on firmware updates that the company plans to release Vulnerability-related.PatchVulnerability during the coming weeks . The fourth category of vulnerability , known as Chimera , affected Vulnerability-related.DiscoverVulnerability the Promontory chipset , which CTS-Labs said was designed with logic supplied by ASMedia , a third-party vendor . While AMD said patches for that will also be released Vulnerability-related.PatchVulnerability via a BIOS update , the company said it is working with the Promontory chipset maker on developing Vulnerability-related.PatchVulnerability the mitigations , rather than supplying its own . AMD has neither confirmed nor denied whether the attacks can be executed remotely , or require local access . AMD did deny , however , that the attacks have anything to do with Meltdown or Spectre , the two side-channel attacks that rival Intel has worked to patch Vulnerability-related.PatchVulnerability . About a week ago , CTS-Labs issued a press release as well as a website outlining the vulnerabilities , which the company provided to AMD less than 24 hours before CTS-Labs went public , AMD said . But CTS-Labs also drew fire over boilerplate copy on its website that implied a potential financial interest in the subjects of its reports . PCWorld attempted to interview CTS executives , but later rescinded that request after CTS-Labs representatives demanded a list of questions in advance , and also forbade us from asking about the timing and the company ’ s financial motivations . In the meantime , however , the vulnerabilities were confirmed Vulnerability-related.DiscoverVulnerability by two independent researchers , Trail of Bits and Check Point . Both expressed doubts that attackers would be able to exploit the vulnerabilities that CTS-Labs had originally discovered Vulnerability-related.DiscoverVulnerability .