In response to the news that Intel has announced it has dropped plans to patch certain older CPU families affected by the Meltdown and Spectre bugs, Ondrej Kubovic, Security Awareness Specialist at ESET commented below:
Ondrej Kubovic, Security Awareness Specialist at ESET:
“This approach by Intel is not completely new. End-of-support for legacy systems is a standard procedure usually triggered by the development of new and more advanced hardware and software, or changes in the way people interact with their devices. What’s interesting about this case is that it might be the first time when major bugs – such as Meltdown and Spectre – were the main accelerator for this process.
Non-patching of the mentioned vulnerabilities should affect mostly CPUs that were manufactured more than 5 years ago. We can only hope this will give Intel more space to concentrate on patching of the still widely-used systems and only isolated and sparsely used systems will be left out of the patching loop.
For those still using vulnerable components: These flaws enable attackers to harvest information, not to modify them. Therefore if the system contains no personal or sensitive data, or is used for other purposes but not for browsing, it should be relatively secure. Also users can improve their security by applying Meltdown and Spectre patches issued by OS, browser and other software developers. Of course, the safest thing to do is to replace the vulnerable hardware for newer non-vulnerable components. In case HW replacement or patching is not possible, users can also airgap their system to stay out of attacker’s reach.”