|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
This occurred the other day on my Lenovo Laptop that I was seeing why I wasn’t getting 2004. So I kicked a “seeking”… you know where you make it ch
[See the full post at: Patch Lady – late to the microcode party]
Susan Bradley Patch Lady/Prudent patcher
My experience was similar to G’s above, except that I don’t pause or hide updates; I was simply offered that 2020-01 update after all the May cumulative updates had been downloaded and installed, and without “seeking” or clicking “check for updates.” I, too am now on build 836 of version 1909 on an HP Omen Intel core i7 7700 laptop with 8gB ram. I never refuse or delay 1909 updates, just download them and install them as they become available. For me, version 1909 has been 100% problem-free and totally stable and reliable, not a single complaint. I haven’t been offered version 2004 yet, and I probably won’t install it when offered until late this Fall, since 1909 is working so well for me, best version so far. However, I don’t play “games” on my laptop and don’t have Office installed either, and am not part of any server-based network. I only use it as a standalone pc for ordinary simple home computing.
I wonder whether my Westmere-based workstations are (artificially) aging out…
Thing is, I don’t WANT nor NEED microcode updates. Spectre/Meltdown isn’t significant enough a threat technically that I should choose to have my workstations seriously performance-stunted. I had to turn off the mitigations with GRC InSpectre to get my full I/O and display performance back with Windows 10 (and the resultant performance is still a small bit lower than with Windows 8.1).
What’s a workstation? Imagine a high-end desktop computer that, when new, cost in excess of $10K, and is performance-wise (when updated a bit with new plug-in hardware) still competitive with ALL but the very best (expensive) new computer systems available today. Seriously. I know because I have some of those too.
As an example, Photoshop cold starts, on the very best new computer systems (e.g., top-end Dell Precision or hyper-expensive Mac Pro) in 3 seconds. On a well-outfitted 8 year old Westmere-based (e.g., Dell Precision T7500) workstation, outfitted with some modern upogrades like an array of SSDs + a good workstation-class graphics card Photoshop starts in a whopping 4 seconds. Yeah, I’m serious – CPU tech hasn’t really come that far.
How can Microsoft get people who are still leveraging the power of these older systems, to spend more money on hardware? By claiming they’re insecure and finding ways to make Windows run like a dog on them. From everything I can discern at a technical/practical level, the Spectre and Meltdown worry is really just hype. Not something that should be allowed to cut the performance of a stout older system in half.
So to my point…
At this point is Microsoft really not allowing an upgrade to 2004 without microcode updates? Is that why I’m seeing the above notice?
I don’t know for sure because I’m not confident I can revert a system that’s had such a microcode update and so I haven’t tried one myself, but I suspect the microcode update could negatively impact peformance – all in the name of (false) security… Can anyone confirm?
—
EDIT: Hmmm, on a closer look I’m seeing no Westmere processors listed in the Microsoft microcode KB… Not sure whether to be relieved or concerned.
—
-Noel
.
.
I have been hiding the microcode updates on my Parallels VMs on MacOS Catalina 10.15.5 (Ivy Bridge & Haswell). To my knowledge, they have not slipped past me.
I upgraded one of the Ivy Bridge VMs last Sat. from v1909 18636.836 through Windows Update. I will verify that the microcode did not install at the time in a while. But I did not see it in the queue.
Edit: see screenshots.
So far, I haven’t seen much/if any performance hit on my Intel workstations with the Microcode install. As to the 2004 “Your Device isn’t quite ready for it” message, the only computer that I received that message on was my HP ProBook 450 G2 laptop, none of my Desktops had any mention of 2004 Feature Update. All of my computers have GP set at 365 day’s deferral for Feature Updates so I thought it odd that my laptop would be the only one that had any mention of 2004.
Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
Microcodes are stored in volatile memory in the CPU– turn the PC off, the microcode is gone. It has to be reloaded by the system firmware at boot time. If the OS update contains a newer microcode binary image than what is loaded into the CPU at that moment, the newer one is loaded, replacing the older one.
If the microcode didn’t work out, just revert the update. I would imagine it should be removable by the usual means for uninstalling any other Windows update, but if not, you could restore from backup.
I prefer getting microcode updates via OS updates for just this reason. Like you, I was concerned that some of the changes for mitigation of the side-channel exploits would slash performance. Recently, though, I had an even worse experience with one, where the microcode update was causing periodic hard lockups that required a power cycle to clear. Fortunately, reverting the update was easy. This was in Linux, but it’s the same idea as in Windows.
I recently installed a firmware update on my Dell G3 (a week ago, perhaps?). In the changelog at the Dell site, the only things listed were non-microcode updates to mitigate a few of the security issues with the Intel management thingy that’s built into all of the recent Intel CPUs. Had the update been for my Acer Swift, I would not have installed it, as the Acer does not permit downgrades, and even though no microcode update was listed, I could not take the chance that it was in there anyway.
Sure enough, the microcode update in the firmware update did change to the newest microcode, even though it was not listed in the changelog. It was already the microcode that was installed as an OS update, and I hadn’t had any issues with it, but I want to be able to backtrack if I ever do.
I haven’t yet seen if it is possible to “hack” things so that I can have the microcode loader overwrite a newer image with an older one. It would be nice to not have whatever fixes are in any given firmware update tied to a given microcode update version. With my old Asus laptop, I used to use an AMI tool to edit the microcode images within the firmware image, but I haven’t tried to do that with the G3’s firmware. I’d guess it’s AMI, but it’s branded as Dell, so I can’t be sure. I doubt they wrote their own!
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)
OK, I found a little weekend time to fool with one of my workstations, a Dell Precision T7500, that still had a very old Dell BIOS revision (A05, where the latest, including Intel’s recent microcode mitigations for security issues, is A18).
Backup in hand, I verified the BIOS installers will both upgrade and downgrade BIOS (so I would have a way back if needed), and set out to carefully measure performance before and after the BIOS update using the Passmark PerformanceTest benchmark and some real-world operations.
To my pleasant surprise the A18 BIOS upgrade slightly increased performance overall. Nice.
-Noel
Flashing the BIOS/UEFI is not really all that dangerous if the system is stable (and even better if you have a UPS or if it is a laptop). The risk is that if the process gets interrupted while it is in progress, the new firmware was not fully programmed yet, but the old one was erased to make room for the new one, so you’re left with a bricked system. It only takes a minute, so the odds of a crash or power loss during that time is pretty small… but if it does happen, it can be bad.
It is sometimes possible to debrick a computer where that happened, but not always. It could be a “send the motherboard or PC back to the manufacturer and let them fix it” kind of thing, which will cost you money if the unit is not under warranty. In those cases, it might be cheaper to replace it.
If you see motherboards or PCs with features with names like “Dual BIOS,” that’s what these are about. They have two copies of the firmware, so if one is corrupted, it will start with the other one. It costs a little bit more, but it is worth it, I think. My Dell G3 laptop has such a feature. A lot of boards sold as components (as opposed to those from OEMs that are only sold inside complete PCs) like yours will have a feature like this.
I would also guess that such a board would allow downgrades. There are legit reasons to do that, so a blanket “no” rule like my Acer has is not ideal, and buyers of component boards are more likely to be aware about that kind of thing, and to care about it. Component boards usually have more options and a more power-user-friendly feature set, though of course the user is not under any obligation to use them if they don’t want to.
The flash utility to perform the firmware upgrade may have a feature to back up the existing firmware to a storage device of your choosing. If I remember correctly, the flash utility for my Asus laptop (the old one, Core 2 Duo era) that was built into the BIOS didn’t have a backup function, but the command line MS-DOS flash utility did. All one had to do was create a simulated boot “floppy” (really a USB thumb drive) to boot DOS, then they could start the menu-driven program (I think it was called ezflash.exe) and the rest was self-explanatory.
If your board has no such option, you can generally get older firmware versions from the support site for your motherboard or PC model. These can often be flashed right over what is already there, even if the one already there is newer. In my Dell G3, I first have to enable firmware downgrades in the BIOS/UEFI setup, and then I can flash the old one over the new one.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)
At this point is Microsoft really not allowing an upgrade to 2004 without microcode updates? Is that why I’m seeing the above notice?
No. I have the Microcode installed and 2004 still isn’t fit for my 1909 Pro laptop.
Scroll that little window some… There’s more specific info in there.
-Noel
I’m not sure if you are responding to Alex or to me, but I am aware of that, and everything is green, without the KB4497165 update, which I have blocked since January.
How can Microsoft get people who are still leveraging the power of these older systems, to spend more money on hardware? By claiming they’re insecure and finding ways to make Windows run like a dog on them. From everything I can discern at a technical/practical level, the Spectre and Meltdown worry is really just hype. Not something that should be allowed to cut the performance of a stout older system in half.
I and my ancient 2009 offline XP workstation cry, “Hear, hear!” Bryce and other 3d CG animation software still produce great, usable output!
Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Nine out of 10 doctors say Acid Reflux is mainly caused by computers."
Do you have this particular version of the microcode (KB4497165) from January 2020 installed?
Yes. Got it a couple of days ago.
I was under the impression that clicking “Check for updates” was a sign to MS that you were willing to be a beta tester. Quite some time ago I tried it. I was automatically placed on the Windows Insider Program. I disabled this. There is no way I want to be a free beta tester (aka MS Lab Rat).
Byte me!
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
