adam121 - Fotolia

Hours lost on patching Meltdown and Spectre flaw

IT administrators have already lost hours installing the processor patch from Intel, which causes PCs to lock up and systems to crash and slow down

Almost one-fifth of large businesses could end up spending up to $50,000 to fix the Meldown and Spectre microprocessor flaw, according to a survey of 514 IT professionals on the Spiceworks community.

The study found that in small organisations with fewer than 100 employees, most companies (93%) need fewer than five people to address the CPU flaws.

But in large organisations with more than 1,000 employees, 44% said more than five people would be involved, and 15% said more than 20 people would be involved, presumably because of the larger volume of systems that need to be patched.

Spiceworks reported that 45% of organisations expect to spend more than 20 hours patching Meltdown/Spectre vulnerabilities, 26% expect to spend more than 40 hours, and 16% expect to spend more than 60 hours.

Only 5% of IT pros said their organisation would not spend any time addressing the vulnerabilities, according to Spiceworks’ survey.

As Computer Weekly has reported previously, many people have faced problems in patching their systems. Intel recently recalled the patch it had originally issued to fix the processor flaw.

Navin Shenoy, executive vice-president and general manager of the datacentre group at Intel Corporation, wrote on Intel’s blog: “We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end-users stop deployment of current versions, as they may introduce higher-than-expected reboots and other unpredictable system behaviour.”

The patches are only one part of a much bigger problem for Intel and the microprocessor industry. Chips will need to be designed in a way that combats exploits of Meltdown and Spectre. The challenge for Intel et al is that the remedy involves switching off the microprocessor’s speculative branch execution feature, which processors and system software have made use of to boost the speed of processing.

Linus Torvalds, who originally developed the Linux kernel, believes Intel’s proposed solution to fix Spectre shifts responsibility from the chipmaker to the operating system software developer.

Rather than being secure against Spectre by default, future Intel processors will ship with the Spectre fix disabled. At boot time, when the computer starts, the operating system can check whether the microprocessor has the Spectre fix, and switch it on.

There is general consensus in the industry that switching on the Spectre fix will adversely affect a system’s performance.

Spiceworks reported that among organisations that had begun patching, 38% experienced at least one issue with the fixes.

“Among those companies experiencing issues, we found 46% had seen performance degradation, 26% had encountered system hangs/freezes, 22% had run into boot issues, 15% had seen blue screens of death and 14% had experienced application crashes,” said Spiceworks.

Read more on IT operations management and IT support