Intel has updated its patching guidance for Spectre this week, proceeding with the months-long process of fixing the critical security flaw. Although the company had previously said it planned to patch all affected chips, it has now made known that some product lines will not receive updates. Most are older and, presumably, not as widely used, including the Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Yorkfield line, and the Wolfdale line.
Intel reports three reasons for the halt in production of the planned patch solutions. These fixes include micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715) and limited Commercially Available System Software support. Additionally, based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
Most companies have upgraded older systems, which date back to 1998. However, one of the chips, the SoFIA 3G, stems from 2015. While Intel fails to obtain a solution to the necessary fix, the company recommends that users upgrade their processor for protection.
Intel has continuously struggled to patch Spectre. In early 2018, the company made a recommendation in which users end deployment of these patches due to a constant reboot error. It later adjusted the fixes and resumed the rollout. Intel is continuing to work on these patches, nearly one year after discovering the security flaw.