When Intel and its software partners disclosed L1 Terminal Fault (L1TF) chip vulnerabilities on Tuesday, the communications and patch recommendations appeared clear, concise and detailed -- far better than Intel's Meltdown and Spectre vulnerability missteps from earlier this year.
Yes, the L1TF vulnerabilities have a high severity rating. But today's Intel-led guidance provides channel partners and customers with well-defined next steps to mitigate and patch the L1TF vulnerabilities across various hardware and software.
ChannelE2E's sister site, MSSP Alert, offers links to the latest L1TF patch information from Intel, Microsoft, Red Hat and VMware here.
Intel Video: L1TF Vulnerability Explained
The communications also included consumer-type videos with enough technical meat to help IT professionals and channel partners explain the L1TF vulnerabilities to employees and customers. Here's an example from Intel:
Video linkPlus an example from Red Hat:
Video linkThanks to those rapid efforts, the L1TF vulnerability (along with associated news reports and forum discussions) apparently won't spiral out of control.
That's quite a statement, considering that Intel badly botched communications about the so-called Meltdown and Spectre vulnerabilities earlier this year.
How Intel Improved Crisis Communications
In some ways, it's unfair to label the L1TF communications as a "crisis" moment. So far, the chip giant's communications about the issues seem to be avoiding -- or at least minimizing -- overreactions to the vulnerabilities.
What a difference eight months makes. Under former CEO Brian Krzanich (who stepped down in June), Intel in January 2018 initially mismanaged the Meltdown and Spectre communications. Speculative stories about the bugs' reach, implications and patch performance hits ran rampant for several weeks.
Krzanich deserves credit for an effective post-mortem, during which Intel thoroughly reviewed its internal and external communications, and overall security posture. The net result: Krzanich formed a new team led by Leslie Culbertson, who shifted to a newly created position titled executive vice president and general manager of Product Assurance and Security at Intel. Fast forward to present day. That team apparently performed well -- very well -- amid the L1TF issue.
The latest evidence? Intel's stock is slightly up in after-hours trading this evening -- a clear indication that Wall Street isn't panicking over the L1TF vulnerabilities, despite their high severity ratings.
