Intel won’t patch some of its older processors against Meltdown and Spectre

Meltdown and Spectre

Intel isn’t going to patch some of its older CPUs which are vulnerable to the Meltdown and Spectre flaws, according to a fresh update issued by the company.

The first thing to note here is that the processors in question are niche, older models, but this is still a potential fly in the ointment for some folks who are still using the silicon in question.

As the Register reports, the processors which won’t be getting a patch include chips in the Bloomfield, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn, SoFIA 3GR, Wolfdale and Yorkfield families (and Xeon variants).

That means CPUs which run the gamut across Core, Xeon, Pentium, Celeron and Atom chips. For example, the Bloomfield processors in question are high-end first-generation models: the Intel Core Processor Extreme Edition i7-975 and i7-965, and Core i7-920, 930, 940, 950, 960 (alongside Xeon offerings).

There are over 230 affected CPUs in total.

How to protect against Spectre and Meltdown

For the latest on how to protect yourself from Spectre and Meltdown, read our comprehensive guide.

Patch problems

Why aren’t these being patched? Intel gives several reasons, the foremost being that the ‘micro-architectural characteristics’ of these processors mean that it’s not actually possible to patch against Spectre Variant 2.

Intel also notes that there is ‘limited commercially available system software support’ for these chips these days. In other words, the firm’s line of thinking seems to be that even if it did produce a fix, manufacturers would be unlikely to deploy it for products which have effectively fallen by the wayside in terms of support.

A third point that the chip giant makes is that many of the computers running these processors are ‘closed systems’ not connected to the outside world and so unlikely to be exposed to Meltdown and Spectre anyway.

Intel has provided the following statement concerning the updates (or lack of): “We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. 

"However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.” 

These are fair enough points to make, although the admission that it simply isn’t possible to patch against Spectre for some of Intel’s chips may raise a few eyebrows, and certainly points to how deep this particular vulnerability runs in the silicon.