On January 3rd, 2018 the Meltdown and Spectre vulnerabilities were made public and meltdownattack.com was created to have a centralized place to publish the research papers and answer common questions. According to the official site, Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages, and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Intel published a blog post on January 11th to acknowledge issues with rushed patches and announced that the Broadwell and Haswell CPUs specifically were being affected and rebooting. Later, on January 22nd, they announced in a new post that progress had been made in resolving the rebooting issues but still recommended halting all rollouts of the patch.
Fast forward a few more days and on the 29th, Microsoft took matters into their own hands and released KB4078130, a manually downloaded update that would disable Intel’s flawed patch. This was meant to be an optional download for affected end user’s rather than forcing it out to everyone through Windows update.
As of this writing, the latest post from Intel to address the Spectre and Meltdown flaws was posted on February 7th, 2018. The post starts off by reiterating the remediation progress mentioned in earlier articles and goes on to mention that work has begun on developing the fix for other impacted platforms.
Unfortunately, as of right now, the only production-ready patch that is available is for the Skylake generation of CPUs. Previous posts talked about fixes for the Broadwell generation, but these are the 6th and 5th generations respectively. Since then, Intel has released the Kaby Lake (7th generation), Kaby Lake Refresh (8th generation), Coffee Lake (8th generation) and Cannon Lake (8th generation) CPUs. This means anyone on earlier generations or businesses and enthusiasts using more recently released versions of Intel CPUs will have to continue waiting on a fix.