• Patch Lady – Microcode updates

    Posted on March 4, 2018 at 00:30 CST by Comment in the Forums

    Patch Lady here — Did you happen to catch this gem in this blog about the Microsoft microcode updates?

    There is also a small but subtle difference between firmware updates for the UEFI and a microcode update. A firmware update for the UEFI must be approved by the manufacturer of the motherboard. This update may also include microcode updates. These are loaded from the UEFI firmware into the CPU when the system is started. Pure microcode updates can be rolled out by Microsoft. These microcodes are loaded into the CPU when the operating system is started. The above update is therefore a microcode update, which is reloaded every time Windows starts.

    Interesting. Remember that these updates  are only on the Catalog download site and not on Windows update. The Microsoft blog hints that more of these Microcode updates are on their way.

    The reason for this? Doing firmware updates from afar is fraught with risk and many IT admins don’t have processes in place to remotely patch firmware. There are ways with PDQdeploy and psexec scripts but if you haven’t built up a process, you’d much rather script out the install of a patch rather than the install of a firmware update.  On my home and office machines I’ve become much more comfortable with installing the firmware updates from the manufacturers but I still cross my fingers and hold my breath a bit waiting for the process to complete.

    For those that plan to import these microcode updates into your Server 2016 WSUS, there’s a known issue whereby one can’t import updates into WSUS based on Server 2016 like one is used to in other platforms. As noted on the WSUS blog, you’ll need to edit a bit before you can import the patch.

    So what should you do if you are not a network administrator?  I would still wait for two reasons:

    1. It’s never wise with firmware to be the first one to install. There is no easy way to uninstall a firmware update.
    2. I would watch for side effects and impact.

    For anyone concerned about the impact of Spectre/Meltdown, I’m still not aware of widespread attacks. If you want to add a bit more security to your browsing remember you can put in Browser isolation in Chrome by following their instructions.  Test the impact as it may impact certain web sites, but if you suffer no major issues, I’d probably leave that setting in place.  As is noted on the Chrome blog

    the extra security will help stop the site from stealing your data from another website.

    And that’s a good thing!

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.