AMD has finally released patches to protect processors affected by the Spectre vulnerability.
Researchers fear that the security flaw, which was disclosed in January alongside the Meltdown exploit, could grant hackers access to sensitive data. In a blog, AMD’s CTO Mark Papermaster said that the latest updates would secure systems containing the company’s chips.
“Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows,” said Papermaster.
“While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above-described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk.”
The Information Commissioner’s Office warned in January that firms that fail to patch against Meltdown and Spectre microprocessor bugs could face fines if they lead to a data breach. Nigel Houlden, head of technology policy at the ICO, strongly recommended that firms determine which systems are vulnerable.
Failure to patch known vulnerabilities is one way the ICO determines whether a breach is serious enough to warrant a civil monetary penalty, he added. Under the EU’s General Data Protection Regulation, which comes into force in May, organisations could also be held liable for a breach if they have not taken appropriate security measures, such as issuing updates.