Business IT, Security
No Spectre Patches for Award BIOS Devices
Following up from our recent article on the Meltdown and Spectre vulnerabilities, we’ve had confirmation from Gigabyte that Award BIOS motherboard products cannot apply the Intel CPU microcode that patches the Spectre flaws. According to them this affects all Award BIOS products from all manufacturers. In that case, even though the CPUs may be supported by Intel, the platform itself is not, so there’s no way to apply the CPU microcode and protect that system from Spectre. There’s a possibility that Microsoft may release a future patch that includes the microcode updates at boot time, but there are a couple of problems with this:
- An OS microcode implementation cannot protect against a system attack that occurs prior to the OS bootloader initiating and loading the microcode tables – the microcode will protect against attacks against the OS kernel’s memory access, but a successful attack against a device that can load an attack method prior to the OS bootloader call could still exploit this flaw to some extent. That’s why the microcode firmware patch is the best path to mitigation, but for tens to hundreds of millions of systems this simply isn’t going to be possible.
- So far, Microsoft have released security patches that only cover the most recent architecture generations, with no word from them about when, if ever, microcode for older generations will be integrated. At this point the idea that older systems may have an OS workaround to implement Intel’s microcode is little more than wishful thinking.
When we asked Gigabyte what the options were for people with Award BIOS systems, they responded with this:
We suggest you to buy new chipset motherboard and enjoy the latest technology if you encounter any issue.
So no surprises there…