Microsoft released an out-of-band patch over the weekend to disable Intel\u2019s buggy Spectre variant 2 microcode fix.After the world learned of Meltdown and Spectre, it took Intel some time to get around to releasing patches. The fixes were \u201cgarbage,\u201d Linux creator Linus Torvalds said in a rant. Intel at first mentioned that its firmware updates were causing some reboots, but it admitted last week that the fixes were a buggy mess, causing systems to restart for no good reason, and have other stability issues.Last week, Intel recommended \u201cthat OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.\u201dIn fact, in Microsoft\u2019s explanation of why it was issuing an emergency patch to disable Intel\u2019s microcode for Spectre variant 2, the Redmond giant pointed at a comment in Intel\u2019s fourth-quarter financial results. Intel had noted that the buggy firmware could lead to \u201cdata loss or corruption.\u201dMicrosoft agreed, saying, \u201cOur own experience is that system instability can in some circumstances cause data loss or corruption.\u201dThe company added, \u201cWe understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.\u201dWhile Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 \u2013 \u201cBranch target injection vulnerability.\u201d In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel\u2019s microcode revision guidance.This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 \u2013 \u201cBranch target injection vulnerability.\u201dMicrosoft offered another Spectre Variant 2 option, one meant for advanced users because it deals with manually disabling and enabling mitigations via changes in registry settings.As of Jan. 25, Microsoft said there were no known reports of attacks using Spectre variant 2. It recommended re-enabling the mitigation against that variant as soon as Intel is sure the \u201cunpredictable system behavior\u201d has been resolved.As you likely remember, Microsoft immediately rushed out patches to mitigate Meltdown and Spectre; however, those fixes were also buggy and caused system instability. In response to mass complaints of Windows crashing to a BSOD, Microsoft hit the brakes and stopped rolling out the \u201cfixes\u201d to AMD devices.Intel told Chinese firms about chip flaw before U.S. governmentOver the weekend it came to light that Intel notified Chinese companies of the security flaws in its chip before it told the U.S. government. The Wall Street Journal reported that it was a \u201cnear certainty\u201d that by Intel warning a small group of Chinese firms about the flaws in its processor chips, the Chinese government knew because it monitors all communications of Chinese tech companies.This gave China the opportunity to exploit the flaws before the U.S. government even knew about them. At this time, experts have seen no evidence to suggest the information was used to launch attacks.