This is an ongoing problem?
To my knowledge, yes. Properly mitigating the problems (there's more than one) requires disabling several features in Intel CPUs (from current ones to those made back in the early 2000's). This can be done in software, but results in a pretty nasty performance penalty (about 10-15%, I think).
Imagine tens of millions of desktops, laptops, servers and even embedded/industrial systems slowing down 10% overnight after the fixes are applied.
That is a
colossal hit, especially to data centers that use boatloads of Intel CPUs. Imagine having tens of thousands of servers in a data center, representing tens of millions of dollars of property, buildings and equipment and performing work that you could be making billions of dollars from, and all of a sudden your entire infrastructure slows down by over 10% overnight. That's a nightmare no matter how carefully you've planned.
Even if you have more computing capacity than you need (for room to grow), now you have to dip into some of that capacity to maintain
current performance, so now you've got less spare capacity, and that spare capacity can only handle 90% of the workload you expected it could.
The alternative to this massive performance hit is to leave the vulnerable features active. That
might be an acceptable risk if your servers
never run software you don't control (i.e. you just use it internally and never expose it to third party vendors or customers), but that situation is rare. It's unthinkable for pretty much every data center. Amazon, Google and Microsoft (big cloud vendors) absolutely had to apply the patches and take the performance hit since their whole cloud business depends on running customer workloads. Really every cloud vendor had to.
When it comes time to buy more servers to keep growing, are you still going to buy Intel?
Then comes the consumer market. Even if you know nothing at all about computers, imagine having a nice laptop that you use all the time, especially when you travel. You paid $1,500+ for it, and it's really fast and well-built. Now imagine Windows tells you "hey, gotta reboot for an update" and you roll your eyes and click "Restart now." Your laptop installs the update and reboots. Now it's 10% slower, and there's nothing you can do about it. Neat. It's noticeable, too. A 3-4% performance drop could probably slip under the radar unless you're benchmarking, but you're going to feel a 10% slowdown even if you're a technophobe.
Then you've got enthusiasts and gamers who value performance above pretty much everything else. Some of them accepted the hit, but others tried to figure out how to disable the fix to get their performance back. That leaves those machines vulnerable to these frighteningly nasty bugs. Remember that these vulnerabilities are so bad they can be exploited by regular Javascript code running in a browser. Between that and the fact that tons of PCs around the world are running pirated versions of Windows that never get updated, and doing so on vulnerable Intel CPUs, you've got a worldwide pile of botnet drones waiting to be activated.
This whole thing has been a massive kick to Intel's balls. They've only just fixed these issues in their latest (10th generation) chips, and there's still a performance penalty riding along with the fix, so the incremental performance improvements of their newer chips as they roll out aren't as good as they were hoping. And this is coming at a time when AMD is riding high on the success of their Zen architectures, which have been so successful at dethroning Intel as the performance king that AMD are feeling confident enough to start
raising their CPU prices for the first time in over a decade to inch closer to Intel's prices while still undercutting them on price with better-performing processors.