![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Intel has released microcode update v20180108 with Meltdown/Spectre fixes
Home › Forums › AskWoody support › PC hardware › Intel has released microcode update v20180108 with Meltdown/Spectre fixes
- This topic has 27 replies, 4 voices, and was last updated 2 years, 11 months ago.
Viewing 12 reply threads-
AuthorPosts
-
-
January 10, 2018 at 10:38 am #158148
MrBrian
AskWoody_MVPIntel has released microcode update v20180108 with Meltdown/Spectre fixes for some CPU families. Of the 94 microcodes in the previous release (v20171117), 19 have been modified in this release; I verified this with a file comparison-by-contents program. I assume that the other 75 microcodes do not yet have Meltdown/Spectre fixes, but I don’t know that for sure.
Download: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File.Edit: The file is now not available for download.
From the download’s release notes:
“20180108 Release
— Updates upon 20171117 release —
IVT C0 (06-3e-04:ed) 428->42a
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22”From https://packages.qa.debian.org/i/intel-microcode/news/20180110T100610Z.html:
” + Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support and enhances LFENCE: mitigation against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors”I believe that you can check if your CPU has the Spectre/Meltdown fixes available in this release by getting its CPUID signature at http://www.cpu-world.com/cgi-bin/CPUID.pl (there is also a program at that page) and comparing with the last 5 letters/digits of the 19 sigs listed above.
These microcode updates can be applied at every startup of a Windows system by using the program at https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-156348. Warning: I have no personal experience doing this. Use at your own discretion. Other options available might be BIOS/UEFI updates from your device manufacturer, and microcode updates shipped by Microsoft via Windows Update.
Another discussion thread: https://news.ycombinator.com/item?id=16111433.
-
January 10, 2018 at 2:01 pm #158220
MrBrian
AskWoody_MVPQuestion from member Pim: “How serious is the risk if all other patches are applied except the BIOS patch (microcode update)?”
According to the table at https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/, the microcode updates are mitigations for CVE-2017-5715 (Spectre variant 2). According to the same link, the Windows changes for CVE-2017-5715 are “Calling new CPU instructions to eliminate branch speculation in risky situations.” The new CPU instructions are provided by the microcode updates.
According to https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html, an alternative mitigation for CVE-2017-5715 is “applying a software mitigation (e.g., Google’s Retpoline) to the hypervisor, operating system kernel, system programs and libraries, and user applications.”According to Intel’s whitepaper (https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf), “For Intel Core processors of the
Broadwell generation and later, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective.”More details about these two mitigations for CVE-2017-5715 are in Intel’s whitepaper at https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf.
Let’s now answer Pim’s question. From https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9:
“It’s [Spectre variant 2: CVE-2017-5715] fixed on Windows on Intel and AMD systems with a microcode update delivered by the OEM, using IBPB and IBRS when available. If no microcode update is done, LFENCE is implemented on Windows as a mitigation for the kernel.
[…]
On Windows, Spectre (Variant 2) is patched for user-mode applications if Intel or AMD microcode updates are applied via a BIOS/UEFI update, ask your OEM/PC manufacturer for an firmware update that adds December/January 2018 microcode. Otherwise, application-specific updates are required, and only the kernel is protected (an app can snoop on another application, or even a browser tab on your passwords and such in theory).
Warning: For Windows systems, microcode updates have to be shipped via the BIOS/UEFI to protect against Spectre (Variant 2) across applications.”
-
January 11, 2018 at 8:17 pm #158668
-
January 15, 2018 at 5:51 am #159450
MrBrian
AskWoody_MVPFrom reading Intel’s technical papers, it seems clear that Intel’s recommendation for mitigation for CVE-2017-5753 (Spectre variant 1) is that software should be changed to call the CPU’s LFENCE instruction at necessary places. What is unclear to me is if a microcode update is needed to guarantee that the CPU’s LFENCE instruction behaves in the desired manner. This link claims that recent microcode updates have this change: “LFENCE terminates all previous instructions”. I’m not sure if this is accurate or is an error. If this is accurate, then you might need a microcode update to ensure that software fixes for CVE-2017-5753 work properly. My guess though is that this is a documentation error because Intel’s technical papers don’t mention any microcode changes for LFENCE. Additionally, the Spectre paper contains this note: “After reviewing an initial draft of this paper, Intel engineers indicated that the definition of lfence will be revised to specify that it blocks speculative execution.”
1 user thanked author for this post.
-
-
January 10, 2018 at 11:08 pm #158368
MrBrian
AskWoody_MVPBad news for those interested in using VMware CPU Microcode Update Driver to update microcode in Windows: From https://twitter.com/SharkWipf/status/951132374515044352: “[…] Apparently the VMWare tool loads the microcode whenever the driver gets loaded, but Windows checks microcode before the driver is loaded, so it isn’t accepted by the patch. […]”
-
January 11, 2018 at 5:46 am #158418
MrBrian
AskWoody_MVPSimilar reports are at https://www.techpowerup.com/forums/threads/major-intel-cpu-hardware-vulnerability-found.240168/ and https://forums.guru3d.com/threads/windows-how-to-get-latest-cpu-microcode-without-modding-the-bios.418806/
1 user thanked author for this post.
-
January 11, 2018 at 6:57 pm #158642
MrBrian
AskWoody_MVPThe VMware driver has a comments page at https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#comments. I haven’t seen any solution yet.
-
January 13, 2018 at 3:24 pm #159182
walker
AskWoody Lounger
-
-
January 11, 2018 at 5:56 am #158426
MrBrian
AskWoody_MVPAnother option for temporarily updating the microcode: https://biosbits.org/ (found at How to update CPU’s microcode with GRUB and chainload Windows 10?). I have not tried this.
1 user thanked author for this post.
-
January 11, 2018 at 6:29 am #158435
MrBrian
AskWoody_MVPAscaris mentioned another option for getting the microcode update: “If Intel releases the new microcode for a given CPU, it may be possible to create a BIOS update yourself. […] If you do this, it’s at your own risk!” I have seen web references to other tools that can be used to do this.
1 user thanked author for this post.
-
January 11, 2018 at 10:08 pm #158687
MrBrian
AskWoody_MVPFrom Intel’s telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug: “The giant chipmaker is giving that advice because the recently issued software update can cause its latest processors to reboot when they’re not supposed to, something the company acknowledged in a statement on Thursday.”
1 user thanked author for this post.
-
January 11, 2018 at 10:25 pm #158691
MrBrian
AskWoody_MVPFrom the Wall Street Journal article linked to in that article (my bolding): ‘In a confidential document shared with some customers Wednesday and reviewed by The Wall Street Journal, Intel said it identified three issues in updates released over the past week for “microcode,” or firmware—software that is installed directly on the processor.’
-
January 12, 2018 at 9:06 am #158791
-
January 13, 2018 at 3:32 pm #159183
walker
AskWoody Lounger@Mr.Brian: I thought I had left a message thanking you for all of the information which you so freely provide for all of our members. I am not knowledgeable enough to understand a lot of this, however “I’m trying”. Thank you again for your limitless expertise, and knowledge relevant to these complex issues (which I wish understood more).
Your messages are always read, however I just don’t have the ability to understand many of them. I’m sure every member appreciates and is grateful for your assistance. 🙂
P.S. I located the other message I sent, and will not edit it since it’s a “duplicate”. 🙂
1 user thanked author for this post.
-
-
January 12, 2018 at 10:33 am #158815
anonymous
Guest? says:
this just came out for ubuntu/intel and wonder if this will work properly?
https://usn.ubuntu.com/usn/usn-3531-1/
any beta testers?
-
January 22, 2018 at 12:52 pm #161063
anonymous
Guest
-
-
January 13, 2018 at 3:35 pm #159180
anonymous
GuestSo, where does this leave all of us who either bought a locally built unit from a local mom-and-pop store that’s an Intel partner and said unit has Intel chip and motherboard, OR who went out and built our own units with an Intel board and chip?
In my case, I have two such units. One has an Intel i3-2120 chip (2nd. generation core) and one has an Intel i5-750 chip (first generation core). Both units were bought from two different local mom-and-pop stores who were and still are Intel channel partners.
So far, from links posted on this site, I’ve learned that the latest microcode update released on January 8th covers BOTH of my chips, according to the lengthy list posted on Intel’s site for downloading the actual update.
With the foregoing in mind, to quote the late Clara Peller, “Where’s the beef?”… or, in other words, where’s the BIOS revisions needed to properly patch the systems? BTW, both systems are Win 7 Pro x64 boxes.
This is a great question to post to Intel for proper product support. They’re releasing revised microcode for older chips like mine, so why not build that into a BIOS update for the Intel boards they’re compatible with and likely to be installed into?
-
January 13, 2018 at 3:52 pm #159189
-
-
January 13, 2018 at 4:06 pm #159193
MrBrian
AskWoody_MVPFrom Intel, AMD & VIA CPU Microcode Repositories: “This is a collection of every Intel, AMD and VIA CPU microcode we have found.”
-
January 13, 2018 at 4:25 pm #159197
MrBrian
AskWoody_MVPFrom iucode-tool:
“Updating the processor microcode is a process that can be done at any time (even with the system at full load), and as many times as required. It is strongly recommended that microcode updates be applied during early system boot, though:
* Microcode updates should be applied as soon as possible to shorten the time window where the errata fixed by the update could still trigger;
* Some microcode updates can only be applied safely before the operating system enables more advanced processor functionality, otherwise that functionality must be disabled by the kernel (Atom PSE erratum);
* Some microcode updates disable (faulty) functionality or make other “visible” changes to the processor, and must be applied before either the kernel or applications start using that functionality (e.g. Haswell Intel TSX erratum).”
-
January 18, 2018 at 12:02 pm #160208
MrBrian
AskWoody_MVPMore info about the v20180108 microcodes: https://github.com/bajorgensen/Intel_microcode/blob/master/Intel_20180108.txt.
-
January 19, 2018 at 11:58 am #160460
rontpxz81
AskWoody Lounger-
January 19, 2018 at 12:11 pm #160465
MrBrian
AskWoody_MVPThe latest microcode updates from Intel have known issues. I recommend that home users not update their BIOS yet.
1 user thanked author for this post.
-
-
-
January 22, 2018 at 8:42 pm #161243
MrBrian
AskWoody_MVP1 user thanked author for this post.
-
January 23, 2018 at 8:16 am #161435
-
-
January 24, 2018 at 2:25 am #161742
MrBrian
AskWoody_MVP-
January 24, 2018 at 8:03 am #161791
rontpxz81
AskWoody LoungerMrBrian-
Gigabyte still has it up as of today-
http://www.gigabyte.us/Motherboard/GA-H270-Gaming-3-rev-10#support-dl
1 user thanked author for this post.
-
-
-
AuthorPosts
Viewing 12 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
OscarCP on Minor Lounge Button Tweaks
10 minutes agoOscarCP on Adobe Flash Not working for School test
25 minutes agoKirsty on Minor Lounge Button Tweaks
27 minutes agoKirsty on Minor Lounge Button Tweaks
27 minutes agoOscarCP on Minor Lounge Button Tweaks
53 minutes agobagnara on What do you want?
1 hour, 1 minute agoanonymous on Firefox 84.0.2: YouTube Issue
1 hour, 17 minutes agoanonymous on WiFi Security Alerts after moving from 1909 to 2004
1 hour, 18 minutes agoanonymous on Move Office 2019 from C to D drive
4 hours, 9 minutes agojayinalaska on Something Overriding My Group Policy Settings
4 hours, 30 minutes agoMoonshine on Adobe Flash Not working for School test
4 hours, 59 minutes agoAlexEiffel on Is Windows back?
5 hours, 14 minutes agoJulianHicks on Adobe Flash Not working for School test
5 hours, 18 minutes agoJulianHicks on Windows 10 Home vs. Pro
5 hours, 18 minutes agoKobold Curry Chef on January 2021 updates are here
5 hours, 19 minutes agoanonymous on January 2021 updates are here
5 hours, 56 minutes agogeekdom on January 2021 updates are here
6 hours, 49 minutes agoRebusCom on Tips for speeding up Windows PCs
6 hours, 51 minutes agoSusan Bradley on January 2021 updates are here
6 hours, 56 minutes agoanonymous on January 2021 updates are here
6 hours, 57 minutes agoClearThunder on January 2021 updates are here
7 hours, 8 minutes agoCanadian Tech on Tips for speeding up Windows PCs
7 hours, 58 minutes agoSusan Bradley on January 2021 updates are here
8 hours, Just nowanonymous on January 2021 updates are here
8 hours, 1 minute agojoep517 on Tips for speeding up Windows PCs
8 hours, 2 minutes agoCanadian Tech on Tips for speeding up Windows PCs
8 hours, 15 minutes agojoep517 on Tips for speeding up Windows PCs
8 hours, 17 minutes agoOscarCP on Adobe Flash Not working for School test
8 hours, 20 minutes agoOscarCP on Is this the best science fiction show ever?
8 hours, 42 minutes agomn-- on OOMA vs MagicJack
8 hours, 58 minutes ago
Recent Topics
-
Windows 7 ESU year two oddities
1 hour, 54 minutes ago
-
Color Rendering in PowerPoint 2019 Export to Video Function
7 hours, 19 minutes ago
-
WiFi Security Alerts after moving from 1909 to 2004
1 hour, 18 minutes ago
-
The MacBook Pro pre-2016 is back
9 hours, 27 minutes ago
-
What Is the Latest Stable Version of Windows 10?
10 hours, 17 minutes ago
-
OOMA vs MagicJack
8 hours, 58 minutes ago
-
Want 7GB of extra disk space?
15 hours, 28 minutes ago
-
Windows 10X and its purpose
18 hours, 29 minutes ago
-
Neither Exchange nor GMail will connect
10 hours, 43 minutes ago
-
Tweaking spreadsheet data
15 hours ago
-
Windows 10 Latest Patch: KB 4598242
21 hours, 2 minutes ago
-
Firefox Browser Replacement – Opera
1 day, 10 hours ago
-
Windows 10 Insider Preview build 20292 released to DEV Channel
11 hours, 3 minutes ago
-
orange screen white lines HP all in one touchscreen
1 day, 8 hours ago
-
Adobe Flash Not working for School test
25 minutes ago
-
Apple to block sideloading iOS apps on M1
1 day, 21 hours ago
-
Mouse not always loading properly in Win 8.1
9 hours, 47 minutes ago
-
Resurrection Remix on the Moto G7 Play is a winner
2 days, 2 hours ago
-
Something Overriding My Group Policy Settings
4 hours, 30 minutes ago
-
Install some updates in queue but not all
2 days, 6 hours ago
-
Remove Windows 10 file security warning, WordPad
2 days, 8 hours ago
-
Text Box, Bullets, Graphics and Animations
2 days, 9 hours ago
-
Attention partners Microsoft really is coming for your clients this time
14 hours, 42 minutes ago
-
‘An Otter RSS Reader’ : RSS reader iOS, Mac
2 days, 8 hours ago
-
LibreOffice Calc Removes Excel Spreadsheet Password Protection
1 day, 7 hours ago
-
Jan. 12, 2021 Office Update
2 days, 8 hours ago
-
Renewal sign up not working
1 day, 9 hours ago
-
Prefetch and Sysmain with SSD?
1 day, 22 hours ago
-
Help with newly Windows offered Nvidia Display Driver
1 day, 7 hours ago
-
Help – Flash is not working…
3 days, 7 hours ago
Search for Topics
Recent blog posts
- Windows 7 ESU year two oddities
- Attention partners: Microsoft really is coming for your clients this time
- January 2021 updates are here
- MS-DEFCON 2 – Get ready for January updates
- What do you want?
- Time to adapt while acknowledging the past
- Stop paying $200 a year for your Internet cable modem
- Controlling Win10’s sometimes hyperactive security apps
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.