To prevent users from losing data, the Windows update disables Intel's fix that addresses CVE-2017-5715, otherwise known as the Variant 2 Spectre attack. Intel noted that in some situations this reboot could case data loss or corruption. Three weeks ago, Microsoft briefly suspended its Windows update for AMD processors after it heard from some customers who said their machines would not boot up after the update.
Microsoft says that update will cover Windows 7 (SP1), Windows 8.1, and all versions of Windows 10.
Intel disclosed on January 22 that its latest microcode patches related to Spectre had created reboot issues as well as "other unpredictable system behavior".
Due to the severity of the flaws, Intel's decision to warn select customers in advance, leaving out the U.S. Government itself, has been met with concerns of the information being misused. You'll need to visit the Windows Update Catalog site, download the file and manually run it on your PC.
The problematic Intel fix was created to mitigate against attacks using the Spectre-related Branch Target Injection vulnerability, CVE 2017-5715.
The Meltdown and Spectre chip flaws were first identified by a member of Google's Project Zero security team shortly before they were independently uncovered and reported by other teams of security researchers.
The Windows-maker also assured users that as of January 25, there are no indications that the Spectre variant 2 patch has been weaponized for potential hacking attacks. In the coming weeks, Intel will issue a new firmware update to address the performance issues.
To make matters even worse, Intel's Spectre variant 2 mitigation is causing instability (random reboots) on some Windows computers.
Intel CEO Bryan Kraznich recently said the chipmaker is working on a new design for processors that would incorporate "silicon-based changes" to mitigate the threat posed by the Spectre and Meltdown vulnerabilities. "We recommend Windows customers, when appropriate, re-enable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device", the company said.
Some security researchers expressed concern that in alerting Chinese companies before the USA government, the Chinese government may have been able to exploit the security holes before patches were made widely available.