Some Microsoft users who have installed the latest Windows security update have experienced freezing on devices with AMD processors, Microsoft disclosed in a recent update on its support site.
Affected machines have been forced into "an unbootable state" because some AMD chips do not match up with documentation previously given to Microsoft by the semiconductor manufacturer, according to the Redmond, Wash.-based computing giant. That documentation was used by Microsoft when developing its security response to the Spectre and Meltdown threats, the company said.
As a result, Microsoft is temporarily halting Windows OS updates to devices with AMD processors affected by this apparent bug. This includes nine updates that have been released since Jan. 3, with the security-only Spectre and Meltdown update among them (KB4056897). Microsoft also detailed troubleshooting steps for blue screen errors affecting Windows 7, Windows 8.1 and Windows 10.
Microsoft said it is working with AMD to resolve the issues as soon as possible.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," Microsoft stated on its website. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown."
The number of affected AMD processors has not been disclosed, but an AMD spokesperson said the booting errors affect only a small subset of its "older" processors. At least some user complaints referenced AMD's Athlon CPUs.
"It's definitely not any large volume of processors that are out there. It's being fixed. The patches are being updated so that service can be turned back on and rolled back out," the spokesman told CRN.
Last week, AMD said that there was "near-zero risk" to its processors with regard to the Spectre and Meltdown security flaws, due to differences in AMD's chip architecture. Intel has gone to great lengths to stress that Spectre and Meltdown are not "unique to any one architecture or processor implementation." However, AMD also said in a company statement that the "bounds check bypass" threat variant must be resolved by vendor software and OS updates.
Allen Falcon, CEO of Cumulus Global, a Westborough, Mass.-based cloud solution provider, hasn't come across any AMD-related performance issues among his company's customers. However, he emphasized that businesses running transactional processing systems or time-sensitive applications need to conduct testing before they apply any OS security updates.
"Yes, it's a security risk, but it's also at the hardware level," Falcon told CRN. "You need a level of access to the system before it can be exploited. Most companies with adequate, multi-tier security have less to worry about with this exploit. I'm not saying don't patch or address it."
As major public cloud providers have patched their platforms, they have asked users to patch their operating systems via Windows, Apple and Linux updates. Amazon Web Services' official advisory notes that customers are protected against Spectre and Meltdown vulnerabilities posed by "other instances," meaning that virtual machine operating systems do need to be patched, as well – this according to an AWS employee.
The Spectre and Meltdown vulnerabilities include certain circumstances where applications could be used to leak Linux kernel memory, another that could change how an application works based on the contents of memory and a third that could let an application red kernel memory without misdirecting the control flow of kernel code, according to Google Project Zero.
To date, there have been no known exploits of the security issue.
As solution providers have begun deploying patches meant to mitigate the Spectre and Meltdown processor threats, other reports of performance issues have begun to emerge.
Ian Chan, director of engineering at Branch, tweeted that a Spectre patch applied to a high input/output workload's AWS EC2 hypervisor caused CPU usage to increase between 5 percent and 20 percent. Chan added that he believes this will be "the new baseline" for that CPU.
Syslog_NG's Peter Czanik also tweeted that compiling times on Fedora had significantly increased, particulary when it came to Java, on an Intel i5 processor. He added that CentOS is "badly affected," while openSUSE Linux and Gentoo Linux are experiencing minimal effects.
Late last week, the Fortnite team at Epic Games published a blog on the company website that blamed Meltdown-related security updates for "login issues and service instability" affecting its back end. The Cary, N.C-based video game developer's infrastructure is built around cloud services, and "all" of those services had been affected, according to the company. Included in the post was a graphic detailing its CPU utilization, which more than doubled on the night of Jan. 3.
"Unexpected issues may occur with our services over the next week as the cloud services we use are updated," Epic wrote. "We are working with our cloud service providers to prevent further issues and will do everything we can to mitigate and resolve any issues that arise as quickly as possible."