News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – late to the microcode party

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – late to the microcode party

    Viewing 22 reply threads
    • Author
      Posts
      • #2269753 Reply
        Susan Bradley
        AskWoody MVP

        This occurred the other day on my Lenovo Laptop that I was seeing why I wasn’t getting 2004.  So I kicked a “seeking”… you know where you make it ch
        [See the full post at: Patch Lady – late to the microcode party]

        Susan Bradley Patch Lady

        4 users thanked author for this post.
      • #2269755 Reply
        G
        AskWoody Plus

        “Resumed updates” and received KB4497165 without “Check for updates”.

        Paused for 7 days and resumed updates again and MS reports “You’re up to date”

        Current version is 1909, build 18363.836

        Also have a Lenovo laptop Yoga 910. Resuming updates (not asking/checking) also installed KB4497165.

         

        Both got the KB without “checking” for updates and neither were offered Win 2004.

      • #2269764 Reply
        Alex5723
        AskWoody Plus

        So it appears to me that this only gets on machines that “seek”. If you never seek it never gets pushed. Does that sound about right to everyone who has already seen this for months?

        It happened to me too. I checked for updates on my Lenovo Y530 and got KB4497165.

      • #2269776 Reply
        davews
        AskWoody Plus

        This it seems is a REISSUE of a January Intel microcode patch. I have it sat here ‘pending download’ for the past week (1909 Home). Why it is offered me when my machine is an oldish AMD one I don’t know but it seems there is no harm in installing it on AMD machines.

        • #2270301 Reply
          Freeco
          AskWoody Lounger

          I got it offered on my AMD Ryzen 5 3600 desktop as well last week.
          I was wondering why an Intel microcode update got pushed to a non-Intel device, so had a quick look in the KB and only found Intel architectures. Weird 🙂

      • #2269781 Reply
        PKCano
        Da Boss

        KB4497165 is one of those patches that gets reissued and shows up in the Windows Update queue again every time it gets revised, because the metadata has changed. (Remember KB2952664 in Win7?)

        I have been hiding it every time it shows up. I have not been seeking. It just shows up.

      • #2269786 Reply
        anonymous
        Guest

        My experience was similar to G’s above, except that I don’t pause or hide updates; I was simply offered that 2020-01 update after all the May cumulative updates had been downloaded and installed, and without “seeking” or clicking “check for updates.” I, too am now on build 836 of version 1909 on an HP Omen Intel core i7 7700 laptop with 8gB ram. I never refuse or delay 1909 updates, just download them and install them as they become available. For me, version 1909 has been 100% problem-free and totally stable and reliable, not a single complaint. I haven’t been offered version 2004 yet, and I probably won’t install it when offered until late this Fall, since 1909 is working so well for me, best version so far. However, I don’t play “games” on my laptop and don’t have Office installed either, and am not part of any server-based network. I only use it as a standalone pc for ordinary simple home computing.

        1 user thanked author for this post.
      • #2269788 Reply
        ram5thwheel
        AskWoody Plus

        I have not perfor4med and “Check for Updates” and this showed up on my system two days ago.  I was wondering what it was.

      • #2269794 Reply
        woody
        Da Boss
      • #2269798 Reply
        bbearren
        AskWoody MVP

        I got it in mid-May on the A side of my dual boot; I am regularly checking for updates.  After updating the A side to 2004, I rebooted to the B side and it was waiting in the queue ahead of 2004.  I assumed it to be a prerequisite for updating to 2004.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2269816 Reply
        glnz
        AskWoody Plus

        Is this for Win 10 only or also for Win 7?

        • #2269821 Reply
          anonymous
          Guest

          Win 10 only.

           

      • #2269823 Reply
        Tex265
        AskWoody Plus

        I’ve been holding it in wushowhide.

        What is the consensus – are we suppose to install?

        In the past we have just been holding these.

        Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
      • #2269825 Reply
        CADesertRat
        AskWoody Plus

        I received it as soon as I hit resume updates, along with all of May patches on 6/1/20 ( as soon as we hit Defcon 4 ). I got it on our Intel computers and also my AMD computer. There was no “seeking”, just hit Resume Updates and it was in the list of Updates.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

      • #2269839 Reply
        Noel Carboni
        AskWoody_MVP

        I wonder whether my Westmere-based workstations are (artificially) aging out…

        NotReady

        Thing is, I don’t WANT nor NEED microcode updates. Spectre/Meltdown isn’t significant enough a threat technically that I should choose to have my workstations seriously performance-stunted. I had to turn off the mitigations with GRC InSpectre to get my full I/O and display performance back with Windows 10 (and the resultant performance is still a small bit lower than with Windows 8.1).

        InspectreDisplay

        What’s a workstation? Imagine a high-end desktop computer that, when new, cost in excess of $10K, and is performance-wise (when updated a bit with new plug-in hardware) still competitive with ALL but the very best (expensive) new computer systems available today. Seriously. I know because I have some of those too.

        As an example, Photoshop cold starts, on the very best new computer systems (e.g., top-end Dell Precision or hyper-expensive Mac Pro) in 3 seconds. On a well-outfitted 8 year old Westmere-based (e.g., Dell Precision T7500) workstation, outfitted with some modern upogrades like an array of SSDs + a good workstation-class graphics card Photoshop starts in a whopping 4 seconds. Yeah, I’m serious – CPU tech hasn’t really come that far.

        How can Microsoft get people who are still leveraging the power of these older systems, to spend more money on hardware? By claiming they’re insecure and finding ways to make Windows run like a dog on them. From everything I can discern at a technical/practical level, the Spectre and Meltdown worry is really just hype. Not something that should be allowed to cut the performance of a stout older system in half.

        So to my point…

        At this point is Microsoft really not allowing an upgrade to 2004 without microcode updates? Is that why I’m seeing the above notice?

        I don’t know for sure because I’m not confident I can revert a system that’s had such a microcode update and so I haven’t tried one myself, but I suspect the microcode update could negatively impact peformance – all in the name of (false) security… Can anyone confirm?

        EDIT: Hmmm, on a closer look I’m seeing no Westmere processors listed in the Microsoft microcode KB… Not sure whether to be relieved or concerned.

        -Noel

        Attachments:
        3 users thanked author for this post.
        • #2269844 Reply
          PKCano
          Da Boss

          I have been hiding the microcode updates on my Parallels VMs on MacOS Catalina 10.15.5 (Ivy Bridge & Haswell). To my knowledge, they have not slipped past me.
          I upgraded one of the Ivy Bridge VMs last Sat. from v1909 18636.836 through Windows Update. I will verify that the microcode did not install at the time in a while. But I did not see it in the queue.

          Edit: see screenshots.

          Screen-Shot-2020-06-06-at-11.33.28-AM

          Screen-Shot-2020-06-06-at-11.35.27-AM

          Screen-Shot-2020-06-06-at-11.44.54-AM

          Attachments:
          1 user thanked author for this post.
        • #2269846 Reply
          CADesertRat
          AskWoody Plus

          So far, I haven’t seen much/if any performance hit on my Intel workstations with the Microcode install. As to the 2004 “Your Device isn’t quite ready for it” message, the only computer that I received that message on was my HP ProBook 450 G2 laptop, none of my Desktops had any mention of 2004 Feature Update. All of my computers have GP set at 365 day’s deferral for Feature Updates so I thought it odd that my laptop would be the only one that had any mention of 2004.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

          1 user thanked author for this post.
          • #2270315 Reply
            steeviebops
            AskWoody Lounger

            So far, I haven’t seen much/if any performance hit on my Intel workstations with the Microcode install. As to the 2004 “Your Device isn’t quite ready for it” message, the only computer that I received that message on was my HP ProBook 450 G2 laptop, none of my Desktops had any mention of 2004 Feature Update. All of my computers have GP set at 365 day’s deferral for Feature Updates so I thought it odd that my laptop would be the only one that had any mention of 2004.

            I’d say that most HPs are ineligible for 2004 at the moment because they used Conexant audio so extensively. They’ve switched fully to Realtek in the last year or so but before that they used Conexant audio in all but their cheapest devices.

            Personally I wish they just used Realtek for everything because Realtek aren’t shy about providing generic driver updates, whereas Conexant driver updates are fully dependent on HP releasing them.

            • #2270357 Reply
              CADesertRat
              AskWoody Plus

              Actually, my ProBook has Realtek audio.

              Don't take yourself so seriously, no one else does 🙂
              4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

              • #2270371 Reply
                steeviebops
                AskWoody Lounger

                Actually, my ProBook has Realtek audio.

                Hmm, interesting. Must never have built one of those!

                I’ve only seen Realtek audio on the Pavilion machines and on the 250/255 series, with the exception of the very newest (9th/10th gen Intel). My work machine is a ProBook 440 G3 and has Conexant. Also have Conexant on my personal ZBook 15 G5.

              • #2270394 Reply
                CADesertRat
                AskWoody Plus

                Audio & Video
                Graphics Processor:  Intel HD Graphics 5500
                Camera:  Integrated webcam
                Resolution:  1280 x 720
                Sound:  Stereo speakers , stereo microphone
                Codec:  Realtek ALC3227-CG
                Compliant Standards:  DTS SOUND+

                Don't take yourself so seriously, no one else does 🙂
                4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        • #2269872 Reply
          Ascaris
          AskWoody_MVP

          Microcodes are stored in volatile memory in the CPU– turn the PC off, the microcode is gone.  It has to be reloaded by the system firmware at boot time.  If the OS update contains a newer microcode binary image than what is loaded into the CPU at that moment, the newer one is loaded, replacing the older one.

          If the microcode didn’t work out, just revert the update.  I would imagine it should be removable by the usual means for uninstalling any other Windows update,  but if not, you could restore from backup.

          I prefer getting microcode updates via OS updates for just this reason.  Like you, I was concerned that some of the changes for mitigation of the side-channel exploits would slash performance.  Recently, though, I had an even worse experience with one, where the microcode update was causing periodic hard lockups that required a power cycle to clear.  Fortunately, reverting the update was easy. This was in Linux, but it’s the same idea as in Windows.

          I recently installed a firmware update on my Dell G3 (a week ago, perhaps?).  In the changelog at the Dell site, the only things listed were non-microcode updates to mitigate a few of the security issues with the Intel management thingy that’s built into all of the recent Intel CPUs.  Had the update been for my Acer Swift, I would not have installed it, as the Acer does not permit downgrades, and even though no microcode update was listed, I could not take the chance that it was in there anyway.

          Sure enough, the microcode update in the firmware update did change to the newest microcode, even though it was not listed in the changelog.  It was already the microcode that was installed as an OS update, and I hadn’t had any issues with it, but I want to be able to backtrack if I ever do.

          I haven’t yet seen if it is possible to “hack” things so that I can have the microcode loader overwrite a newer image with an older one.  It would be nice to not have whatever fixes are in any given firmware update tied to a given microcode update version. With my old Asus laptop, I used to use an AMI tool to edit the microcode images within the firmware image, but I haven’t tried to do that with the G3’s firmware.  I’d guess it’s AMI, but it’s branded as Dell, so I can’t be sure.  I doubt they wrote their own!

          Group "L" (KDE Neon User Edition 5.19.3).

          2 users thanked author for this post.
          • #2270206 Reply
            Noel Carboni
            AskWoody_MVP

            OK, I found a little weekend time to fool with one of my workstations, a Dell Precision T7500, that still had a very old Dell BIOS revision (A05, where the latest, including Intel’s recent microcode mitigations for security issues, is A18).

            Backup in hand, I verified the BIOS installers will both upgrade and downgrade BIOS (so I would have a way back if needed), and set out to carefully measure performance before and after the BIOS update using the Passmark PerformanceTest benchmark and some real-world operations.

            To my pleasant surprise the A18 BIOS upgrade slightly increased performance overall. Nice.

            -Noel

            3 users thanked author for this post.
            • #2270328 Reply
              Ascaris
              AskWoody_MVP

              I did some reading about the microcode updates before I tried them, back when Meltdown and Spectre were still relatively new, and the conclusion seemed to be that the microcode updates would only really slow performance when used in conjunction with the kernel changes in the OS that were meant to be used in conjunction with the microcode changes.

              I found that most of the kernel mitigations that work with the microcode changes had very little performance impact (testing each mitigation individually using the Phoronix test suite, using the same tests the Phoronix site itself used in the articles).  The one exception that did cause a noticeable loss of performance in the benchmarks was the Spectre V2 userspace mitigations, which caused a large dip in at least one of the disk I/O benchmarks.

              The rest, even with the enabling kernel mitigations enabled, didn’t cause any big performance hits.  There may have been a little bit of impact, but not anything close to some of the horror story “up to” losses that were in the media at that time.  I’m not overly concerned about these side-channel vulnerabilities as a regular user who is more likely to encounter garden-variety untargeted malware than anything directed at me personally, but if all else is equal, or close to it, I’ll take the greater security.

              Group "L" (KDE Neon User Edition 5.19.3).

            • #2270420 Reply
              Tex265
              AskWoody Plus

              still had a very old Dell BIOS revision (A05, where the latest, including Intel’s recent microcode mitigations for security issues, is A18). Backup in hand, I verified the BIOS installers will both upgrade and downgrade BIOS (so I would have a way back if needed)

              Are you talking about the actual BIOS on the MB?  I am unaware that an actual BIOS can be backed up and even restored.  Thought that was why it is such a high risk task, cause there was no going back?

              I have a rather current ASUS motherboard Rog Strix Z370-E in my system.  I didnt see anything in the MB Manual about this, or is it only Dell?

              Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
              • #2271281 Reply
                Ascaris
                AskWoody_MVP

                Flashing the BIOS/UEFI is not really all that dangerous if the system is stable (and even better if you have a UPS or if it is a laptop).  The risk is that if the process gets interrupted while it is in progress, the new firmware was not fully programmed yet, but the old one was erased to make room for the new one, so you’re left with a bricked system.  It only takes a minute, so the odds of a crash or power loss during that time is pretty small… but if it does happen, it can be bad.

                It is sometimes possible to debrick a computer where that happened, but not always.  It could be a “send the motherboard or PC back to the manufacturer and let them fix it” kind of thing, which will cost you money if the unit is not under warranty.  In those cases, it might be cheaper to replace it.

                If you see motherboards or PCs with features with names like “Dual BIOS,” that’s what these are about.  They have two copies of the firmware, so if one is corrupted, it will start with the other one. It costs a little bit more, but it is worth it, I think.  My Dell G3 laptop has such a feature.  A lot of boards sold as components (as opposed to those from OEMs that are only sold inside complete PCs) like yours will have a feature like this.

                I would also guess that such a board would allow downgrades.  There are legit reasons to do that, so a blanket “no” rule like my Acer has is not ideal, and buyers of component boards are more likely to be aware about that kind of thing, and to care about it.  Component boards usually have more options and a more power-user-friendly feature set, though of course the user is not under any obligation to use them if they don’t want to.

                The flash utility to perform the firmware upgrade may have a feature to back up the existing firmware to a storage device of your choosing.  If I remember correctly, the flash utility for my Asus laptop (the old one, Core 2 Duo era) that was built into the BIOS didn’t have a backup function, but the command line MS-DOS flash utility did.  All one had to do was create a simulated boot “floppy” (really a USB thumb drive) to boot DOS, then they could start the menu-driven program (I think it was called ezflash.exe) and the rest was self-explanatory.

                If your board has no such option, you can generally get older firmware versions from the support site for your motherboard or PC model.  These can often be flashed right over what is already there, even if the one already there is newer.  In my Dell G3, I first have to enable firmware downgrades in the BIOS/UEFI setup, and then I can flash the old one over the new one.

                 

                Group "L" (KDE Neon User Edition 5.19.3).

                1 user thanked author for this post.
      • #2269847 Reply
        agoldhammer
        AskWoody Plus

        I built a new workstation on the first of March with a fresh Win10 install using the current MSFT ISO.  I assume this fix was part of the install as I’ve never seen the patch in question be installed during the past three months.  I have everything paused for 15 days and the major update for 75.

      • #2269855 Reply
        anonymous
        Guest

        MY experience is also like G’s above. I resumed updates on June 1st. I received KB4497165 which showed as a January update along with the June updates without “Check for updates” on Windows 1909 build 18383.836

      • #2269859 Reply
        Alex5723
        AskWoody Plus

        At this point is Microsoft really not allowing an upgrade to 2004 without microcode updates? Is that why I’m seeing the above notice?

        No. I have the Microcode installed and 2004 still isn’t fit for my 1909 Pro laptop.

        spctr

        Attachments:
        • #2269925 Reply
          brian1248
          AskWoody Lounger

          Do you have this particular version of the microcode (KB4497165) from January 2020 installed?

          Inspectre was last updated April 2019.  If I run it, I get the same result as you, but I do not have the January 2020 KB4497165 patch installed, although I have previous microcode updates installed..  Inspectre is either not aware of the new KB, or does not consider it necessary for declaring you patched for Meltdown and Spectre.

        • #2270256 Reply
          Noel Carboni
          AskWoody_MVP

          Scroll that little window some… There’s more specific info in there.

          InspectreDisplayScrolled

          -Noel

          Attachments:
          • #2270317 Reply
            brian1248
            AskWoody Lounger

            I’m not sure if you are responding to Alex or to me, but I am aware of that, and everything is green, without the KB4497165 update, which I have blocked since January.

            InSpectre-1

            InSpectre-2

            Attachments:
      • #2269895 Reply
        anonymous
        Guest

        All the… insanity that comes around during a major update or when a “bad* patch comes out usually only applies to OEM built PC’s… Weird, wonder if it’s their fault more than Microsoft’s most of the time… Like 99% of the time

        I have 3 home built PC’s all with different hardware.  There’s 2 Intel system with motherboards from different vendors and a ryzen 3 system.  They also all have different GPU’s, 1 with a 2080ti, and 2 with AMD cards.  There is also 3 different brands of ram in each.

        The single thing they share in common is through all the years of Win10 they never have problems with patches and only 1 had an issue a major update and I chalk that up to the fact that it was a fast ring update.

        More often than not these “problems” with Win10 are user error in one way or another and 99% of the articles written are FUD.  ****. Even the scant few patches Microsoft has actually pulled didn’t cause me trouble on a single system.

      • #2269918 Reply
        brian1248
        AskWoody Lounger

        I blocked KB4497165 since the support page says not to apply it unless your processor is on the list shown on the support page.  My processor is i7-9750H, which is not on the list  Other similarly named processors, such as the i7-8750H and various i7-97##X processors are on the list, but not the 9750.

        I have contacted Microsoft several times about this over several months asking if the list is incorrect, or if the update is being offered in error, and to correct things either way.  No change.  No response.

      • #2269923 Reply

        How can Microsoft get people who are still leveraging the power of these older systems, to spend more money on hardware? By claiming they’re insecure and finding ways to make Windows run like a dog on them. From everything I can discern at a technical/practical level, the Spectre and Meltdown worry is really just hype. Not something that should be allowed to cut the performance of a stout older system in half.

        I and my ancient 2009 offline XP workstation cry, “Hear, hear!” Bryce and other 3d CG animation software still produce great, usable output!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least six legs and no brain."

        -Robert Heinlein

      • #2270019 Reply
        Alex5723
        AskWoody Plus

        Do you have this particular version of the microcode (KB4497165) from January 2020 installed?

        Yes. Got it a couple of days ago.

        microc

        Attachments:
      • #2270157 Reply
        davinci953
        AskWoody Plus

        I just got this patch when I installed the May updates. It’s been sitting in the queue for a while. My processor wasn’t listed until this update, so I assume the patch wasn’t offered until the processor was supported. I installed it, and there’s nothing noteworthy to report.

      • #2270212 Reply
        pHROZEN gHOST
        AskWoody Lounger

        I was under the impression that clicking “Check for updates” was a sign to MS that you were willing to be a beta tester. Quite some time ago I tried it. I was automatically placed on the Windows Insider Program. I disabled this. There is no way I want to be a free beta tester (aka MS Lab Rat).

        Byte me!

        1 user thanked author for this post.
        • #2270289 Reply
          Paul T
          AskWoody MVP

          It used to download and install all the latest patches without question, but not since 1809 (I think). It never enrolled you in in insider program.

          cheers, Paul

           

      • #2270342 Reply
        steeviebops
        AskWoody Lounger

        I doubt that the microcode update is preventing you from getting 2004 (installing 2004 will probably give you that update anyway). More than likely, you’re hit by one of the known issues (e.g. Conexant audio, Realtek Bluetooth or old Nvidia drivers). Check the list and see if there’s anything that might affect you.

        https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-2004

        • #2271608 Reply
          EP
          AskWoody_MVP

          the 2004 feature update being offered since Tue June 9 should be available to more machines as MS had increased the availability earlier this week.

          before 6/9, the 2004 feature update was only being offered to a select few

    Viewing 22 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – late to the microcode party

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.