Intel delays patches for new Specter-ng leaks for two weeks

Intel has postponed the release of patches for some of the so-called Specter-ng vulnerabilities for two weeks, the German Heise reports based on its own information. Actually, the first patches would be released on Monday together with further details, as it turned out earlier.

Heise cites sources familiar with Intel’s plans. The chip manufacturer would not have completed the patches on time. The new date is now set for May 21; then the company would like to release microcode, along with information about at least two of the eight vulnerabilities in total. Last week, c’t magazine used the collective name Specter-ng, where ‘ng’ stands for ‘next generation’. The date of May 21 would also not be completely fixed. Intel would also have asked for a further delay until July 10.

According to the site, a large number of systems have been affected by the leaks. For example, not only all Core-i processors and Xeon variants would be affected, but also Pentium processors based on Atom, in addition to Celeron and Atom CPUs since 2013.

C’t reported last week that Intel is working with OS manufacturers on patches for a total of eight vulnerabilities that fall under the Specter-ng denominator. Four of those would be critical. The most serious leak would allow easy looting of information on other systems on the same host from a VM. If this is indeed the case, then this is a risk for cloud environments. The patch date for this vulnerability is August 14, according to Heise.

Intel has since responded in general terms to the publication, saying it plans to disclose further details once it has been able to take countermeasures. AMD said it is investigating the reports. It’s unclear if the company has been affected by the vulnerabilities, which are said to resemble the two Specter variants released early this year. They make it possible to read sensitive information. AMD made patches for the second variant available in April.