Intel releases fix for F00F bug

Been F00Fed yet?Probably not, but users will have to wait until a hole in the Pentium and Pentium MMX instruction set on the chips is plugged with a software patch before being safe.

Been F00Fed yet?

Probably not, but users will have to wait until a hole in the Pentium and Pentium MMX instruction set on the chips is plugged with a software patch before being safe.

Intel Corp. released a workaround for the F00F bug, or more properly, the Invalid Operand with Locked CMPXCHG8B Instruction, on Friday.

The workaround doesn't solve the problem -- operating-system makers, such as Microsoft Corp., will have to develop a patch using the workaround for each of their operating systems. "We are working with operating-systems makers to get patches out as soon as possible," said Intel spokesman Tom Waldrop.

The F00F bug was made public late last week. The bug causes affected processors to freeze when the illegal CMPXCHG8B instruction is issued.

Intel has stressed that normal applications do not contain the illegal instruction, so only programs that intentionally use the command will cause machines to hang. Rebooting the affected computer will return it to normal operation.

"The workaround will prevent the machines from hanging when the instruction is used," said Waldrop.

For hackers, delivering the F00F bug using the newly discovered hole in Microsoft's Internet Explorer 4.0 is an easy way to hang and then crash a target system. "These two holes in security were made for each other," said Adam Shostack, director of technology for security firm Netect Inc.

The bug affects the tens of millions of Pentium and Pentium MMX processors running DOS, Windows 3.1/95/NT, and most variations of Unix. Pentium II and Pentium Pro processors remain unaffected by the bug.

Microsoft officials would not comment on when a patch will be available or how it will be distributed.