Intel did not provide US government officials. UU Details about the Meltdown and Specter CPU failures until they leaked to the public last month. Reuters reports that US government officials UU They have expressed concern that the defects were not disclosed privately, as they could have affected national security. Intel did not report the failures to the US authorities. UU Because the hackers had not yet exploited the vulnerabilities. The Wall Street Journal reported earlier that Intel notified a small number of customers about the defects, including Chinese companies such as Lenovo and Alibaba, before they were publicly disclosed.
The approach may explain some of the confusion surrounding Meltdown and Specter as the flaws came to light for the first time in a report by The Register in early January. Intel, Google Project Zero, Microsoft and others were forced to reveal the vulnerabilities one day after The Register's report, and the initial statements of both AMD and Intel were confusing and misleading. Intel had not informed the US Computer Emergency Preparedness Team (US-CERT), so there was not a full warning about the security issues. Instead, CERT initially advised people to completely "eliminate" the defects by replacing the processors, but then revised their warning to simply install a patch on the systems.
Google gave Intel a lot of time to reveal the flaws
Google's Project Zero team originally reported Specter and Meltdown's problems to Intel in June, and provided the company with 90 days to fix the issues before publicly disclosing them. Reuters reports that Google extended the 90-day standard disclosure deadline, twice. The first extension was until January 3 (the day after the registration report) and the second was January 9. The unusual extensions to an unusual problem meant that the second date (January 9) was what the industry was working for and that it would have landed squarely in the middle of the Consumer Electronics Show.
Intel's handling of the Specter and Meltdown CPU vulnerabilities has been widely criticized over the past month. Intel issued a series of misleading statements and then began patching systems with defective firmware updates that caused some system reboots. Microsoft was forced to issue an emergency Windows update to allow system administrators to revert Intel patches. Intel began repairing new machines this week, almost nine months after the security flaws were reported to the company for the first time. Intel now faces at least 32 lawsuits over the vulnerabilities of Meltdown and Specter, along with allegations of abuse of information related to sales of Intel CEO Brian Krzanich.