Intel to do quarterly CPU bug updates

With the growing attention on CPU vulnerabilities, Intel is taking a page from Microsoft's book and will start disclosing and patching new bugs on a quarterly basis. Previously, the chip giant updated its security advisory page at irregular intervals, but this is no longer ideal with the growing number of flaws. This sort of update cycle gives the IT ecosystem time and notice to plan for the installation of updates on a regular basis.

Urgent security updates will be pushed out in between these quarterly batches. Some fixes may be emitted outside of this quarterly cadence if they are due to be released on a specific date in a coordinated disclosure with other organizations, and that date falls outside Intel's schedule.

Motherboard manufacturers, computer makers, operating system developers, and other Intel partners, will privately get a long heads up before these quarterly updates are made public. For instance, today's patches were shared with manufacturers in March, allowing them to prepare to roll out fixes to customers.

At the same time, Intel also dropped a dozen security alerts, including another Spectre-class CPU flaw that can be exploited through bound-check bypass store attacks. However, the good news is that the software mitigation for Spectre variant 1 offers protection for the new variant.

Via: The Register