The Meltdown and Spectre vulnerabilities—the ones that leave ever single Intel CPU made in the last ten years open to attack—have been, for the most part, patched. But according to a new Intel document, a handful of processor types will never be patched for Spectre Variant 2, the vulnerability that affects nearly all modern CPUs and allows bad actors to potentially access some of your most sensitive data.
Not patching a vulnerable CPU may seem like a poor decision on Intel’s side, but the chips that will remain unpatched are all eight to ten years old and not likely found in many active systems. In fact, in the Microcode Revision Guide released on 2nd April, Intel claims that one decision to leave these CPUs unpatched was due to “Limited Commercially Available System Software support.” That’s a fancy way of saying computer makers no longer supported the systems with the CPUs inside.
The other reasons Intel cited for not patching affected CPUs were that characteristics within the microarchitecture of some of the chips made a practical implementation of the patch difficult, and because some of the chips were only used on “closed loop” systems that can’t be accessed via an external network
Of the CPUs Intel is refusing to patch, nearly all of them are used on servers, not in the laptops and desktop computers most of us use daily. The one exception are chips based on the Penryn microarchitecture. Those CPUs, when found in laptops and desktops, had names like Core 2 Duo and Core 2 Quad and were used in computers made by Dell, Apple, and every other major computer maker. But Penryn is now nearly eleven years old, and the number of people still using computers with Penryn inside is likely (and hopefully!) very small.