The firmware updates do protect Intel chips against potential Spectre attacks, but machines with Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architecture processors are rebooting more frequently once the firmware has been updated, Intel said.
Intel has also updated its original Meltdown-Spectre advisory with a new warning about the stability issues and recommends OEMs and cloud providers test its beta silicon microcode updates before final release. These beta releases, which mitigate the Spectre Variant 2 CVE-2017-5715 attack on CPU speculative execution, will be available next week.
"Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations," the company wrote.
"We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users".
Despite the stability issues, Intel has told OEMs not to withdraw the already released updates for end users.
However, it warned IT admins at datacenters to proceed with caution: "Evaluate potential impacts from the reboot issue and make decisions based on the security profile of the infrastructure".
Navin Shenoy, Intel's EVP and GM of the datacenter group, has also released test data on the performance impact of the firmware updates on servers running its latest Skylake-based server Xeon Scalable systems.
On "common workloads" in the enterprise and cloud, Intel has seen an impact of zero to two percent, while it had a four percent impact on a simulated brokerage firm's customer-broker-stock exchange transaction system.
There is a large variance in the fix's impact on data-storage systems depending on CPU utilization and other factors, such as the read-write mix, block size, and drives.
On one benchmark at full CPU utilization, Intel found an 18 percent decrease in throughput performance, while on a 73/30 read/write model there was only a two percent hit on throughput performance.
Shenoy highlighted Google's software-based Retpoline fix for the Variant 2 attack as another mitigation that "could yield less impact".
Google last week urged the whole industry to adopt Retpoline because it mitigated the attack but had almost no negative performance impact on current hardware.
"Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms," a Google executive said.
Google's fix isn't a patch that consumers would apply to their own systems and addresses the variant that has the greatest risk for virtualized cloud environments.