Vulnerabilities in Intel’s processors has driven a wedge between Intel and longtime partner Microsoft, forcing Microsoft to do much of the work to patch security holes and spurring disagreement over the extent of the possible disruptions to customer operations.
Recent revelations that millions of Intel’s chips carry a security flaw is putting a deeper strain on the company’s decades-long partnership with Microsoft.
Dubbed Wintel, the two technology giants worked hand in hand for much of the PC era, with Microsoft building the Windows operating system and Intel making the chips to run it. But as mobile technology began to replace PCs’ prowess, both companies sought new partners and the alliance started to fray.
Recent news of vulnerabilities in Intel’s processors has driven the wedge between the two even further, forcing Microsoft to do much of the work to patch security holes and both disagreeing over the extent of the possible disruptions to customer operations.
The incident has brought into focus the computer industry’s utter dependence on Intel, which controls more than 90 percent of the market for laptop processors and has a near monopoly in server chips. That too has implications for Microsoft, which in recent years has become a cloud-computing service provider to lessen its reliance on operating systems and business programs. As a big buyer of Intel server chips, Microsoft is also susceptible to fallout from the supplier’s design flaws.
For most of the six months since Intel made Microsoft aware of the problem, the two worked closely together to try to pre-empt an industrywide meltdown. Their efforts, which included other chipmakers and companies such as Alphabet’s Google, may have headed off widespread security breaches for now. But tensions over the fallout are on public display.
Intel has been on the defensive and has been criticized by some analysts for trying to deflect responsibility and waffling over how significantly the necessary patches will affect performance.
“Intel’s public face on this hasn’t been fantastic,” said Jeff Pollard, an analyst at Forrester Research. “It’s a lack of humility. It doesn’t give the impression that they understand the issues that their customers are dealing with.”
Last week, Intel Chief Executive Officer Brian Krzanich backed down from the company’s initial stance that fixes to the vulnerability wouldn’t result in a performance problem, acknowledging instead that it depended on the workload. He was careful to thank the industry for its cooperation and said so far there have been no reports of successful attempts to exploit a feature that can be used to trick processors into giving up secure data such as passwords and encryption keys.
The next morning Microsoft said the security patches it was issuing may cause “significant slowdowns” in some machines. The software maker indicated the problem is likely more pervasive and extensive than Krzanich implied.
In subsequent days, Intel increased the amount of information it was giving out, detailing test results on older personal-computer systems that it says prove they won’t suffer a noticeable slowdown when patched. On Thursday, Krzanich promised more urgency and communication. He said Intel will look for more security issues in hardware and fund research by others to identify weaknesses.
Microsoft said its “lengthy and extensive partnership with Intel continues to be an important one. Together with our partners, including Intel and others, we believe in a thriving modern technology ecosystem that is secure and empowers people to be more creative and productive.” Intel declined to comment.
Since the dawn of the PC age in the early 1980s, Microsoft and Intel have had to make sure their ubiquitous software and hardware worked smoothly together in machines built by others. Now Microsoft services such as Azure and Office 365 are provided over the internet by server computers that run on Intel chips.
Microsoft said its Azure cloud service’s users will be largely unaffected by the recent security revelations, mirroring assertions by rivals Google and Amazon.com’s Amazon Web Services. Microsoft’s corporate server customers might suffer bigger slowdowns in their in-house data centers, however. Such enterprise sales provide about half of Intel’s data-center revenue.
The carefully crafted public statements only hint at the deeper rift. Intel cautioned against going too far with software techniques to stop processors from accessing data they shouldn’t.
If used “too liberally, performance may be significantly compromised,” Intel said, implying slowdowns might be the fault of overzealous coders. It praised Google’s fix while withholding any recommendation for Microsoft’s approach.
Intel’s response rankled other companies, too. The chipmaker initially attempted to portray the vulnerability as an industrywide issue, saying that “many different vendors’ processors and operating systems” were susceptible to the exploits, and that it was working with Advanced Micro Devices, ARM Holdings and others to resolve the issue promptly.
Any solidarity quickly evaporated. Intel’s main rival, AMD, said initially that its processors are almost entirely safe, although it walked back on that Thursday, acknowledging that two of the three possible exploits of processors are applicable to its chips. ARM Holdings has said that no more than about 5 percent of the chips its technology goes into — the key components of smartphones — are at risk.
Intel needs to own the issue to keep its customer base from becoming disgruntled and looking for alternatives.
“Intel’s level of response will be very critical to determine what the reaction is,” said Joseph Unsworth, an analyst for Gartner. “The wrong way to go about it would be to be reactive, not actively taking customer satisfaction into account.”
While some of the dynamics have changed, both Microsoft and Intel still need each other. Until relevant competitors emerge for Microsoft’s software and Intel’s chips, they will have to find a way to keep working together.
Intel’s lucrative server division, whose prices have consistently increased, has already provoked some companies to make initial forays into designing their own data-center chips.
Microsoft started pushing back against Intel’s market power months ago. The Redmond company said last March that it plans on using ARM chip designs in the servers that underpin Azure, the collection of cloud-computing services that are the cornerstone of the company’s future.
When Qualcomm, the biggest maker of mobile phone chips, held an event in November to tout its entry into the server-processor business, Microsoft provided two executives to support the effort. It’s also working with Qualcomm on a version of Windows for mobile phone chips that will enable new laptops to run for much longer between battery recharges.
Microsoft isn’t the only restless customer of Intel’s data-center unit, which sells Xeon processors listed at as much as $13,000 per chip. Amazon has its own experimental chip division. Google has joined an alliance that’s working to try to bring back International Business Machines’ Power chips.
Microsoft’s tolerance for any weakness in Intel’s response may be shorter than most. Not only does it have to make sure its own hardware is safe but it’s having to push out rapid updates for its Windows operating system and deal with user questions and confusion for most of the world’s personal computers. It’s also the one that a decade ago was widely accused of not doing enough to make computers safe.
“If any one of any of Intel’s customers have the ability to put pressure on them to make changes, you would certainly think Microsoft would be one of them,” said Forrester’s Pollard. “Operating systems went from being the problem a decade ago to being the solution on this. What a crazy reversal in roles for companies like Microsoft. They went from being the vulnerable party to being the party that’s fixing the vulnerability.”