• Microsoft “helps” Intel by releasing KB 4090007, a Spectre 2 microcode update for Win10 1709, Skylake processors only

    Posted on March 1, 2018 at 13:38 CST by Comment in the Forums

    UPDATE: Correcting myself (thanks to the anonymous poster) — this is a microcode update, which is kind of a transient firmware override, for lack of a better description. There’s a more thorough description on the Debian wiki, “Processor microcode is akin to processor firmware. The kernel is able to update the processor’s firmware without the need to update it via a BIOS update. A microcode update is kept in volatile memory, thus the BIOS/UEFI or kernel updates the microcode during every boot.”

    I can’t recall ever seeing Microsoft issue a firmware update (other than a Surface firmware update) as a security patch. This one comes with its own KB, no less.

    The announcement is very specific. KB 4090007 only deals with the Spectre Variant 2 / CVE 2017-5715 (“Branch Target Injection”) mitigation, and only on 6th generation Skylake H/S, U/Y and U23e processors. It’s only for Win10 1709. It’s not a cumulative update.

    And — importantly — it’s an Intel microcode update. Not a Windows patch.

    Says Microsoft:

    We will offer additional microcode updates from Intel as they become available to Microsoft. We will continue to work with chipset and device makers as they offer more vulnerability mitigations.

    which is a noble goal, at least to my way of thinking.

    You won’t get the patch via Automatic Update. If you really, really want to test it on your Win10 1709 / Skylake machine, you can download it from the Microsoft Update Catalog and manually install.

    Spectre v2 is a vulnerability in just about everything — Intel, AMD, ARM. As I’m fond of repeating, neither Meltdown nor Spectre (either variant) has been found in the wild.

    As you might imagine, I’m highly skeptical. I mean… what could possibly go wrong?

    Windows Patches/Security , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.