News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – what’s up with the Microcode updates

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – what’s up with the Microcode updates

    This topic contains 33 replies, has 16 voices, and was last updated by  Ascaris 11 months, 3 weeks ago.

    • Author
      Posts
    • #213642 Reply

      Susan Bradley
      AskWoody MVP

      Yesterday we’ve been seeing potential issues with the microcode updates and they were expired off of  WSUS servers last night… https://www.reddit.co
      [See the full post at: Patch Lady – what’s up with the Microcode updates]

      Susan Bradley Patch Lady

      8 users thanked author for this post.
    • #213650 Reply

      anonymous

      I’m not surprised that they were pulled to be honest. Last week I had numerous machines where KB4100347 was hanging, it would get stuck at “Downloading 100%” and never install. But a manual install worked fine.

      My girlfriend’s AMD laptop was also being offered it last night, even though it obviously doesn’t need it.

    • #213652 Reply

      EP
      AskWoody_MVP

      susan

      there’s an unrelated problem with KB4100347 microcode update and those using Trend Micro WFBS mentioned here:
      https://borncity.com/win/2018/08/27/trend-micro-wfbs-issues-with-update-kb4100347/

      2 users thanked author for this post.
    • #213653 Reply

      gborn
      AskWoody_MVP

      Seems that we are digging in the same claim – I just published an article with similar observations.

      Will Microsoft pulls July/August 2018 Microcode updates?

      Susan, I’ve linked your post as an addendum to my post, due it contains some reddit.com links I’m not aware until now – thx for the eagle eye (I got lost in this Microcode update chaos).

      7 users thanked author for this post.
    • #213654 Reply

      gborn
      AskWoody_MVP

      susan there’s an unrelated problem with KB4100347 microcode update and those using Trend Micro WFBS mentioned here: https://borncity.com/win/2018/08/27/trend-micro-wfbs-issues-with-update-kb4100347/

      There are more issues. See my other post below above, where I’ve linked other articles from my blog. Overall it seems again a big mess.

       

      @ep: Thx for your comment within my blog – that brought me pronto to this thread :-).

      1 user thanked author for this post.
    • #213669 Reply

      Seff
      AskWoody Plus

      Admit it, who thought August was turning out too good to be true ;)?!

      3 users thanked author for this post.
      • #213679 Reply

        OscarCP
        AskWoody Plus

        After much and careful consideration of all that has been written at Woody’s, both earlier and now in this particular thread, about microcode patching and its possible unintended consequences, I have arrived at the following position on this issue:

        I am not concerned with microcode updating (vade retro, Satana! as an old time exorcist would have said, holding Good Book and crucifix aloft).

        Also I patch as Group B my Win 7 machine and, so far, August has been pretty much meh!

        Group B. Windows 7 Pro, SP1 x64 “sandy bridge” ca. 2011 CPU.

    • #213672 Reply

      GoneToPlaid
      AskWoody Plus

      The 06-4f-01 (406F1) is the only current Intel Meltdown / Spectre microcode which has caveats. This microcode is for Xeon E5/E7 v4 and Core i7-69xx/68xx CPUs.

      From Intel’s releasenote about the new microcodes, here is what is described about any microcode with caveats, in terms of application within Linux:

      “– intel-ucode-with-caveats/ —
      This directory holds microcode that might need special handling. BDX-ML microcode is provided in directory, because it need special commits in the Linux kernel, otherwise, updating it might result in unexpected system behavior.

      OS vendors must ensure that the late loader patches (provided in linux-kernel-patches\) are included in the distribution before packaging the BDX-ML microcode for late-loading.”

      The upshot is that Microsoft must do something similar in the Windows kernel before performing late-loading of this 06-4f-01 microcode in Windows, yet Microsoft obviously isn’t. This is why Win10 computers with Xeon E5/E7 v4 and Core i7-69xx/68xx CPUs are being rendered unbootable. Microsoft should have tested any microcode with caveats before including them in KB4100347.

      2 users thanked author for this post.
      • #214038 Reply

        Ascaris
        AskWoody_MVP

        I was about to add that I am using successfully the most recent microcode (mitigating the most recent Intel vulnerability product known as L1TF) now in both my Sandy Bridge i5-2500k (CPUID 206a7, microcode version 2e, dated April 10, 2018) and Apollo Lake Pentium N4200 (CPUID 506c9, microcode version 32, dated May 11, 2018) PCs without issue, as released by Ubuntu on the 24th of August.  It doesn’t matter that I’m not using Windows, as the microcode is the same whether delivered by Linux, Windows, or the system firmware.

        It’s interesting that this is the first new microcode for Apollo Lake since 2017… it never received (or apparently needed) one for Spectre, but this new L1TF thing apparently did call for one.

        I wouldn’t flash a firmware update with these in it just yet, particularly on a system like my Apollo Lake (Acer Swift) that won’t allow going backwards in firmware.  As an OS update, it’s easily removed if problematic, so I was curious to see how it went.  No problems so far that I can see.  Neither of these CPUs features hyperthreading, FWIW.

        Group "L" (KDE Neon User Edition 5.16.4).

    • #213674 Reply

      GoneToPlaid
      AskWoody Plus

      I recall that someone here posted where Microsoft stores the microcode.dat file in Windows 10? I think that it is saved under a different file name. For those who Xeon E5/E7 v4 or Core i7-69xx/68xx CPUs and who can’t boot Win10, deleting this file might do the trick, since this file is not removed if you try a System Restore.

      • #213756 Reply

        Kirsty
        Da Boss

        I recall that someone here posted where Microsoft stores the microcode.dat file in Windows 10?

        Two possible candidates, at present…

        1 user thanked author for this post.
      • #213883 Reply

        anonymous

        The microcode is contained within %windir%\system32\mcupdate_GenuineIntel.dll or %windir%\system32\mcupdate_AuthenticAMD.dll. The former is the file that gets updated by the microcode update KBs.

        3 users thanked author for this post.
    • #213693 Reply

      anonymous

      Finally, the unwanted and, even worse, outdated (!) microcode update vanished from Windows Update as well. Windows Update should NEVER throw such stuff at devices automatically, and the clowns responsible for this should be fired!

      Poor fools who can’t resist to click the Check-for-updates and Download buttons, and install all the KB-junk spit out by Microsoft.

      • #213737 Reply

        GoneToPlaid
        AskWoody Plus

        Yep. In August versus July, Intel updated the microcode for 24 platforms, and added new microcode for 5 additional platforms. One would think that Microsoft’s programmers would be talking to Intel and that they would have known about Intel’s August microcode updates, before Microsoft rolled out KB4100347.

        Just for grins, I am running Intel’s latest version 25 of the 306C3 Meltdown and Spectre microcode on my Win7 x64 machines which have I5 Haswell CPUs, and I am doing so without having to flash the BIOS on my motherboards. Ain’t that slick? I have been running this microcode for three days with no issues so far. I am working on a final version for all of you Win7 and Win8x users to try, so that you all can see what performance impacts you will have when using Intel’s latest microcode for Meltdown and Spectre. Note that I will not include any microcode which has caveats. I will explain more later and in a separate thread.

        Steve Gibson’s InSpectre utility needs to be updated so that it checks what microcode is actually currently loaded and running in the CPU cores, instead of what microcode is present in the computer’s BIOS.

        Attachments:
        2 users thanked author for this post.
    • #213699 Reply

      Jan K.
      AskWoody Lounger

      Unsure what’s up…

      Well, that’s the Microsoft transperency philosophy for you…

      I think there is/was metadata detection issues and they were offered up and installed on machines they shouldn’t have been installed.

      Bad AI, bad! 😀

      But seriously… if I ever released such code to my customers, I would long be fired. But then again, we’re not really customers, are we?

      So glad I’m long out of IT management. This is a (bad and not funny at all) joke.

      I just succeeded in repairing one workstation that couldn’t boot anymore into Windows. This was what I did:
      •Boot into WinRE (press F9 before Windows starts)
      •Choose Advanced Options and go to the command line option
      •You have to find out now which letter the Windows partition got; start diskpart and type ‘list disk’. Select the one which matches your OS drive. Type ‘list volumes’. It’ll spew out a list. The biggest one should be Windows. Two small ones of around 500MB should be there, ignore those.
      •Close diskpart by typing ‘exit’
      •Now type ‘dism /image:<driveletter here> /get-packages’. This should result in a list of packages. Find KB4100347. It’s name is quite long, but you can copy it by selecting it and right clicking
      •Now type ‘dism /image:<driveletter here> /remove-package /PackageName:<The really long name of the KB4100347>’
      •Now type ‘dism /image:<driveletter here> /cleanup-image /revertpendingactions’ as to undo the damage done

      When done, reboot the system and Windows works again. Be sure to kill Windows Update right after booting. It will again try to install it causing a kind Groundhog Day starring you.

      Nothing beats nursing and playing with one’s OS, does it?

      And what else would you have spent your time with?

      Sigh.

      2 users thanked author for this post.
    • #213732 Reply

      WildBill
      AskWoody Plus

      Inter is so uncommunicative on how microcode updates are delivered, I don’t even know if I’ve been patched, & whether I have to get it through the Intel Driver & Support Assistant, or if it will come in a Windows Update patch. Looks like it might be through KB4343898, as Gunter documents in “Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)”. I have an ASUS laptop with Ivy Bridge (Intel Pentium Processor Family), microcode in Production status, CPUID 306A9, & MCU Rev 0x1F as of April 2018. Whether I can believe it or not, GRC’s InSpectre Release #8 tells me the following:

      System is Meltdown protected: YES
      System is Spectre protected: NO!
      Microcode Update Available: YES
      Performance: SLOWER

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      • #213755 Reply

        GoneToPlaid
        AskWoody Plus

        Microsoft is (was) loading Meltdown Spectre microcode in Win10, yet that just got pulled. MS is supposedly testing the same in Win7 32-bit? I need to confirm this.

        In a day or so I will have a utility to essentially do the same as the above for Win7 64-bit and all Win8 versions. Heck, it will even work for Win XP!

        1 user thanked author for this post.
      • #213774 Reply

        jstech
        AskWoody Lounger

        For the Meltdown vulnerability, Microsoft issued a patch through Windows Update.

        For the Spectre vulnerability, it is up to the PC vendor to issue a firmware upgrade to your system BIOS.

        The below link is a bit old now, Several PC models have had BIOS updates released since this list was last updated. Visit the manufacturer of your PC’s website to see if there is a new BIOS upgrade in the drivers list.

        https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

        Group A | Windows 7 Pro 64-bit | Windows 10 Pro 1809 64-bit
        • #213779 Reply

          Kirsty
          Da Boss

          Did you read Patch Lady – Microcode confusion

          Unless you are a nation state, have a key asset in a cloud server, or are running for a government office, I think we are spending way way more time worrying about this than we should…

          etc.

          4 users thanked author for this post.
        • #213791 Reply

          WildBill
          AskWoody Plus

          I have an ASUS X55A laptop. According to the Bleeping Computer list, “ASUS says it will release BIOS updates for affected products by the end of January.” As of ASUS’s announcement on 01/05/18, the X55A wasn’t listed. The Windows Hotfix for Win8.1 (Build 6.3.9600) is KB4056898 & the Hotfix for IE11 is KB 4056868. Not bothering with the KB’s until I also have the BIOS update from ASUS. The Saga Continues…

          Windows 8.1, 64-bit, now in Group B!
          Wild Bill Rides Again...

    • #213745 Reply

      GoneToPlaid
      AskWoody Plus

      Hi everyone,

      There is a reason why Microsoft pushed out KB4100347 for non-supported Intel CPUs and for AMD CPUs. Eventually Intel will add support for AMD CPUs, and Intel has added support for five Intel CPUs, yet those didn’t make it into KB4100347. The upshot is that this update, when it does get re-released, won’t do anything if there isn’t newer microcode available for your CPU. It is a shame that Microsoft didn’t get it right the first time. Unfortunately we can say the same thing for a ton of MS updates during the past couple of years. It is what it is.

      Best regards,

      –GTP

    • #213767 Reply

      johnf
      AskWoody Lounger

      Interesting article about the latest impact of Intel Microcodes on Linux in Phoronix:

      Benchmarks Of Intel’s Latest Linux Microcode Update

      Here’s their conclusions:

      In the benchmarks run over the weekend, the latest Intel microcode files for August (taking Xeon Scalable CPUs to 0x200004d appeared to have only minimal impact on the system performance… Mostly in I/O cases were there some slight differences in performance, but nothing overly shocking and not as bad as the L1TF Linux kernel mitigation itself — see those benchmarks for all the details. Going into this microcode comparison I was expecting much more volatile results given their short-lived benchmark restriction, but it looks like it may have just been an overzealous Intel lawyer who thought it would be a good idea to forbid benchmarking and further lock-down their microcode license…

      1 user thanked author for this post.
    • #213772 Reply

      GoneToPlaid
      AskWoody Plus

      Nothing beats nursing and playing with one’s OS, does it? And what else would you have spent your time with? Sigh.

      Uh, like actually getting some work done, instead of having to deal with yet another in-the-gutter Microsoft Windows Update? This is Nadella’s new Customer Experience. Ain’t it a riot of fun? It is like watching a stupidly hilarious circus act while riding a really scary roller coaster at the same time.

      3 users thanked author for this post.
      • #213968 Reply

        Jan K.
        AskWoody Lounger

        Heh heh.

        It takes a braver man than I to do serious work based on an OS that gets completely installed twice a year and with a patching/updating history as seen so far.

        Recently there was a link here with new features in 1809 and I had to scroll very long down to find a feature that wasn’t for fun and play. And didn’t find anything that couldn’t be delivered through app store or update.

        Guess most (?) maintains a list of settings to check after each new version and/or updates. Can’t be sure something hasn’t been switched on or off, can you?

        So yes, I can only see the OS as something to nurse and have fun playing with. Rolling back, uninstalling updates, reinstall, spending hours at AskWoody, etc. etc…

        For serious work, I boot up my good old trusted and hardened Windows 7. Just had a look and lastest glitch is on date exactly one year ago. The then known error, where MSE failed to install new definitions.

        Work = Windows 7.

        Play and funny experience = Windows “10”.

        3 users thanked author for this post.
    • #213773 Reply

      GoneToPlaid
      AskWoody Plus

      Hey you all,

      I forgot to mention that all operating systems (Windows and Linux flavors) will be killing hyperthreading in all Intel CPUs which are affected by Meltdown and Spectre. It is what it is, yet I agree with the reasoning to do so. Also consider that hyperthreading in some Intel CPUs has already been found, due to bugs, to cause both data corruption and unexpected reboots. This info predates Meltdown and Spectre. In fact, I had to kill hyperthreading in BIOS on two cheap Win10 desktops at the office, due to unexpected reboots and data corruption. The remarkable thing is that I had forbade any Win10 computers at the office, yet the IT guy ignored me.

      Best regards,

      –GTP

      1 user thanked author for this post.
      • #213796 Reply

        Bill C.
        AskWoody Plus

        This is the second time I have heard or read that mitigation could affect hyperthreading for both Windows and Linux. As I was planning a Linux build (soon) with a six core i7, I could probably make do with an i5 rather than pay for what might not be workable. That sort of makes a Ryzen look better.

        Than again, with an Intel Z370 board, an i5 might be a prudent course and later upgrade to the i7 if a non-disabling fix is developed. Unfortunately, by then the Z370 will be ancient history given how things progress.

    • #213778 Reply

      GoneToPlaid
      AskWoody Plus

      For the Meltdown vulnerability, Microsoft issued a patch through Windows Update. For the Spectre vulnerability, it is up to the PC vendor to issue a firmware upgrade to your system BIOS. The below link is a bit old now, Several PC models have had BIOS updates released since this list was last updated. Visit the manufacturer of your PC’s website to see if there is a new BIOS upgrade in the drivers list. https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

      Actually, no in terms of Windows 10 and perhaps now with Win7 32-bit. The upshot is that Microsoft is (was) recently pushing Intel Meltdown and Spectre CPU microcode updates which were loaded by Windows when Windows boots up, and which would supersede whatever older versions of CPU microcode that are present in the computer’s BIOS.

      Windows has had the capability to load newer CPU microcode, versus whatever older CPU microcode is present in the user computer’s BIOS, since Windows XP.

      Since nearly all motherboard OEMs are refusing to create BIOS updates for their products which are out of warranty, Microsoft is now trying to step up to the plate by loading Intel’s CPU microcode which mitigates Meltdown and Spectre. Yeah, a good idea. And yeah, a bad implementation since Microsoft not only didn’t incorporate Intel’s latest August microcodes, but also since Microsoft didn’t bother to address the caveats regarding implementing one specific CPU microcode. This latter thing is quite inexcusable since Intel clearly mentioned it.

    • #213789 Reply

      anonymous

      I am wondering what to do with kb3019978, 3021674, 3023266,3045755 for Windows 8.1 Updates; if somebody has any experience with these installs and more because I am updating from a Clean Install.
      Any tips will be greatly appreciated!!!

      • #213798 Reply

        Kirsty
        Da Boss

        These aren’t microcode updates (so this should have been posted in the Win8.1 patches forum…).

        KB 3019978 is a security update from Jan/2015 (pre the patching changes of October 2016), with no known issues showing
        KB 3021674 is another Jan/2015 security update, and searching online brings up original problems found in installation
        KB 3023266, again a Jan/2015 security update
        KB 3045755 was issued Apr/2015, and is another security update

        1 user thanked author for this post.
    • #213805 Reply

      ViperJohn
      AskWoody Lounger

      My girlfriend’s AMD laptop was also being offered it last night, even though it obviously doesn’t need it.

      AMD CPU’s are every bit as vulnerable to Spectre attack vectors (but not Meltdown) as Intel CPU’s.  It’s just AMD is slower than mollasis flowing uphill in an Alaskan January at putting their microcode updates out.  In any case an AMD CPU machine should not be offered an Intel Microcode update if the updates MetaData is correct.

    • #213842 Reply

      GoneToPlaid
      AskWoody Plus

      I have an ASUS X55A laptop. According to the Bleeping Computer list, “ASUS says it will release BIOS updates for affected products by the end of January.” As of ASUS’s announcement on 01/05/18, the X55A wasn’t listed. The Windows Hotfix for Win8.1 (Build 6.3.9600) is KB4056898 & the Hotfix for IE11 is KB 4056868. Not bothering with the KB’s until I also have the BIOS update from ASUS. The Saga Continues…

      Hello Wild Bill,

      The quote from ASUS comes with a caveat. They, like other OEMs, are not updating BIOSes for any hardware which is three years past the product’s initial release date. Yet ASUS does provide lifetime support for their products. If you push, then they probably will create an updated BIOS file for you. Yet I would not go that route.

      I downloaded that last BIOS revision for your ASUS X55A. Your X55A supports four different types of CPU platforms. Two of the four types of CPU platforms which your laptop might contain do have Intel BIOS updates for Meltdown and Spectre. Unfortunately, the other two CPU platforms have no Intel BIOS updates for Meltdown and Spectre.

      The two CPU platforms for which there are no Meltdown and Spectre mitigating microcode are 306A6 and 306A8.

      The two CPU platforms with available Meltdown and Spectre mitigating microcode are 206A7 and 306A9.

      Use GRC’s InSpectre utility to see which CPU platform you have. Hopefully InSpectre will show that you have either 206A7 or 306A9. If so, then the VMware Fling in conjunction with my tuned microcode.dat files will provide Meltdown and Spectre mitigations, without you having to flash your laptop’s BIOS. I am still a few days away from posting a Dropbox link for a ZIP of the Fling which includes the required DAT files and full instructions. I also have to tweak the Fling’s batch file installer.

      A note for all Win10 users: The VMware Fling can have issues in Win10 since Microsoft already is basically doing the same thing in Win10 — having Win10 load Intel’s latest microcode for Meltdown and Spectre when Win10 boots up. Thus the VMware Fling should not be used in Win10.

      Best regards,

      –GTP

       

    • #213902 Reply

      noblame no gain
      AskWoody Lounger

      RE: Intel microcode updates
      OK duly warned not to run any CPU benchmarks following the INTEL  threat re: their spectre patch on pure Intel box using IvyBridge I-5 CPU @ 3400Mhz using PassMark Bench – run 3 times:

      using WIN10 ver 1709 w/out CPU patch – CPU Mark 6600
      then WIN10 ver 1803 w/ CPU patch – 7200

      GO FIGURE?

      be well, breathe and honor wabi sabi

      Attachments:
      1 user thanked author for this post.
    • #213973 Reply

      OscarCP
      AskWoody Plus

      OK. All this is making it so right for me to be even more seriously considering to stay with Windows 7 until MS decrees (for real) it’s curtains for it, and then hightail it to a place far, far way from Windows.

      It used to be difficult to work with colleagues that were forced by their organizations to have Windows PCs, unless one also had Windows in one’s machine. But now, at least if one is using a Mac, problems (at least for what I do) are practically non-existent. I wonder how that is like, these days, for those using Linux. Anybody?

    • #214015 Reply

      anonymous

      For some reason, since I switched to Semi Annual with 365 days delay for feature updates, I only get monthly security updates. I assume the rest of the updates that are rolled out throughout the month are included too. But at least I have only one s***** day per month instead of multiple ones. Add that to the fact I don’t use a Windows machine for production anymore. So yeah, I slowly start to take more and more distance of the Microsoft-[……].

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – what’s up with the Microcode updates

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel