Some mobile chips shipped by Intel in January have a bug that lets servers obtain an identification number from them, a company spokesman said today.
The number that the chips provide to the servers, however, is not a serial number, like the one that Intel is burning into its new Pentium III processors. Intel doesn't even know if the number that the mobile chips issue is unique, said Howard High, an Intel spokesman based in the company's headquarters in Santa Clara, California.
"The chip returns a value. But the exact nature of the value is not one we can guarantee as unique," High said.
This "value" is generated by some circuitry that is a prototype to the one present in the Pentium III chips, he said. This prototype circuitry should have been removed from these mobile chips before shipping, High added.
In any case, Intel recognises this as a bug and today began shipping a patch to PC manufacturers to fix the flaw at the BIOS (basic input/output system) level by rewriting part of the BIOS code, he said. PC manufacturers can distribute the patch by physically sending it to users, by reprogramming the BIOS code in the users' machines via a phone line, or by placing the patch on their Web sites for downloading, High said.
The flaw is present in some of the mobile Pentium II processors with Level 2 cache and some of the mobile Celeron processors that Intel began shipping January 25. Intel estimates that about half of the Pentium II chips and half of the Celeron chips that began shipping that day have this flaw, High said.
The flawed chips are those that come in the "mobile module package," which is one of three types of packaging Intel offers, a distinction not all users may be aware of, High said. Users should contact the manufacturer of their notebook PCs to find out if their machines have one of the affected chips, he added.
Intel is also working with Microsoft to include with the next Windows update a patch to fix the flaw at the operating system level, he said. Microsoft releases these updates about every four weeks, High said.
Intel has been involved in a loud controversy since it announced several weeks ago that its new Pentium III processors would have a unique serial number, which Intel said will help identify parties in a transaction and make electronic commerce more secure. Groups that advocate consumer privacy have said that the feature could compromise the privacy of users.
To address the issue, Intel has offered a software patch that can be downloaded from the Internet and used to disable the security number. The company has also provided a mechanism in the BIOS that can be used to disable the number, although this requires a bit more technical expertise to use, and Intel said it can't force PC makers to install it.