Intel in a microcode update, hinted that it won’t be releasing Spectre patches for certain older CPUs like Penryn, Yorksfield, and Wolfdale, essentially ones that go a decade back. The company had earlier promised to fix the vulnerability in these parts.
This has been a tough year for Intel. First, AMD with it’s Ryzen family of processors dethroned it as the supreme performance leader in the CPU race, and then the Spectre and Meltdown vulnerabilities caused quite a commotion. Meltdown is fairly less problematic as it can be mitigated by an operating system update, Spectre however needs a chip microcode update, to be rolled out by the motherboard manufacturers.
Intel chips as old as the Yorkfield Core and Xeon chips released in 2007 are affected by Spectre. Intel had originally planned to patch all affected processors, but has now decided to ditch the CPUs released between 2007 and 2009.
Intel’s explanation is as follows:
“We will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.” More specifically, those reasons are:
Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
Limited Commercially Available System Software support
Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
Intel is basically saying that these older systems are mostly out of commission, and have limited to no software support. Even the ones that are in use are at a very low risk of being compromised as they are not connected to any network.
Intel Not Patching Chips Released Between 2007 and 2010
Intel announced that Penryn (launched in 2007), Yorkfield (2007), Wolfdale (2007), Bloomfield (2008), Clarksfield (2009), Nehalem-based Jasper Forest (2010), and Intel Atom “SoFIA” (2015) will no longer receive the Spectre patches, as originally promised.
Tom’s Hardware puts it nicely “Limited Commercially Available System Software support” is just a nice way of Intel explaining motherboard manufacturers and operating system developers are not very enthusiastic about rolling out patches for decade-old systems. It’s just not worth the effort for the vendors.