Partners Commend AMD For Taking 'Cautious' Approach To Spectre Vulnerability
AMD has released updates to address the Spectre Variant 2 vulnerability that has impacted multiple CPU vendors since the beginning of the year.
The Santa Clara, Calif.-based company said Tuesday it is mitigating the variant through microcode updates issued through its OEM and motherboard partners and Microsoft's latest "Patch Tuesday" update for Windows 10. The company has addressed the Spectre Variant 1 vulnerability through a previous operating system update while the Meltdown vulnerability doesn't impact AMD chips, unlike Intel.
The exploits, which account for three variants of a side-channel analysis vulnerability in server and PC processors, potentially could allow hackers to access protected data. However, AMD said it doesn't believe the likelihood of an attack stemming from the Spectre Variant 2 is high.
"While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy [a] combination of operating system patches and microcode updates for AMD processors to further mitigate the risk," the company said on its website.
There have been no reported attacks using the Spectre and Meltdown vulnerabilities since they were first disclosed at the beginning of the year by Google Project Zero.
In an exclusive CRN survey published in February, solution providers said Intel's response to Spectre and Meltdown was more comprehensive than that of AMD and ARM. However, two solution providers said AMD's cautious approach was the right one.
Andrew Kretzer, director of sales and marketing at Bold Data Technology, a Fremont, Calif.-based custom system builder and AMD partner, told CRN that he thinks AMD has handled the response to the issues created by Spectre "reasonably well," especially since a Microsoft patch in January had caused some AMD PCs to stop working before a fix was issued.
"I think it was prudent to be more cautious with both the variant 2 OS patch and their own microcode fix," Kretzer said in an email.
Randy Copeland, president of Velocity Micro, a Richmond, Va.-based systems builder that also partners with AMD, also thought AMD was right to be more cautious.
"Given the difficult hypotheticals required for this vulnerability to be able to be employed, I think AMD is taking a very responsible and commendable effort to respond," he said in an email.