Mysterious Intel security patch released for almost every modern CPU

If your PC includes an Intel processor, it will likely receive a mysterious new security update originally pushed out by the company on Friday.

Three things about this release are somewhat concerning. First, Intel released the new CPU microcode as an “out of band” or unscheduled release. Second, it covers just about everything Intel has on the market today — dating all the way back to the 2017 8th-gen Core (“Coffee Lake”) chips. (The code itself is on the Intel GitHub page, listing all of the affected processors up to and including Intel’s most recent 13th-gen Core chips. Intel Xeons are affected, too.) Finally, the secretive and sudden nature of this patch raises eyebrows.

You do not need to try and download and install this code; motherboard vendors and even Microsoft itself will incorporate the security release inside updates for their own products. (Microsoft issues its own hardware drivers, especially for the Surface notebooks and tablets it produces.) You can probably expect that the new code will show up in a Windows update or a BIOS update from the board manufacturer itself.

Like Microsoft, Intel typically publishes vulnerability information on what’s known as “Patch Tuesday,” or the first Tuesday of the month. (As an example, Intel released information noting that its Smart Campus Android app could be used as a handheld Denial of Service (DOS) mechanism. Fun!) The fact that this code release wasn’t scheduled on that day signifies that Intel wasn’t aware of the vulnerability then, and felt it was significant enough to release a patch on Friday rather than waiting for next month.

So what’s all the fuss about? We don’t know. We’ve reached out to Intel for comment, and will update this story when we hear back. Kudos to Phoronix for first noticing the code, and beginning testing on whether any performance impacts would slow down your PC.