I’m not surprised that they were pulled to be honest. Last week I had numerous machines where KB4100347 was hanging, it would get stuck at “Downloading 100%” and never install. But a manual install worked fine.

My girlfriend’s AMD laptop was also being offered it last night, even though it obviously doesn’t need it.

susan

there’s an unrelated problem with KB4100347 microcode update and those using Trend Micro WFBS mentioned here:
https://borncity.com/win/2018/08/27/trend-micro-wfbs-issues-with-update-kb4100347/

Seems that we are digging in the same claim – I just published an article with similar observations.

Will Microsoft pulls July/August 2018 Microcode updates?

Susan, I’ve linked your post as an addendum to my post, due it contains some reddit.com links I’m not aware until now – thx for the eagle eye (I got lost in this Microcode update chaos).

EP wrote:

susan there’s an unrelated problem with KB4100347 microcode update and those using Trend Micro WFBS mentioned here: https://borncity.com/win/2018/08/27/trend-micro-wfbs-issues-with-update-kb4100347/

There are more issues. See my other post below above, where I’ve linked other articles from my blog. Overall it seems again a big mess.

@EP: Thx for your comment within my blog – that brought me pronto to this thread :-).

Admit it, who thought August was turning out too good to be true ;)?!

The 06-4f-01 (406F1) is the only current Intel Meltdown / Spectre microcode which has caveats. This microcode is for Xeon E5/E7 v4 and Core i7-69xx/68xx CPUs.

From Intel’s releasenote about the new microcodes, here is what is described about any microcode with caveats, in terms of application within Linux:

“– intel-ucode-with-caveats/ —
This directory holds microcode that might need special handling. BDX-ML microcode is provided in directory, because it need special commits in the Linux kernel, otherwise, updating it might result in unexpected system behavior.

OS vendors must ensure that the late loader patches (provided in linux-kernel-patches\) are included in the distribution before packaging the BDX-ML microcode for late-loading.”

The upshot is that Microsoft must do something similar in the Windows kernel before performing late-loading of this 06-4f-01 microcode in Windows, yet Microsoft obviously isn’t. This is why Win10 computers with Xeon E5/E7 v4 and Core i7-69xx/68xx CPUs are being rendered unbootable. Microsoft should have tested any microcode with caveats before including them in KB4100347.

I recall that someone here posted where Microsoft stores the microcode.dat file in Windows 10? I think that it is saved under a different file name. For those who Xeon E5/E7 v4 or Core i7-69xx/68xx CPUs and who can’t boot Win10, deleting this file might do the trick, since this file is not removed if you try a System Restore.

Finally, the unwanted and, even worse, outdated (!) microcode update vanished from Windows Update as well. Windows Update should NEVER throw such stuff at devices automatically, and the clowns responsible for this should be fired!

Poor fools who can’t resist to click the Check-for-updates and Download buttons, and install all the KB-junk spit out by Microsoft.

Unsure what’s up…

Well, that’s the Microsoft transperency philosophy for you…

I think there is/was metadata detection issues and they were offered up and installed on machines they shouldn’t have been installed.

Bad AI, bad! 😀

But seriously… if I ever released such code to my customers, I would long be fired. But then again, we’re not really customers, are we?

So glad I’m long out of IT management. This is a (bad and not funny at all) joke.

I just succeeded in repairing one workstation that couldn’t boot anymore into Windows. This was what I did:
•Boot into WinRE (press F9 before Windows starts)
•Choose Advanced Options and go to the command line option
•You have to find out now which letter the Windows partition got; start diskpart and type ‘list disk’. Select the one which matches your OS drive. Type ‘list volumes’. It’ll spew out a list. The biggest one should be Windows. Two small ones of around 500MB should be there, ignore those.
•Close diskpart by typing ‘exit’
•Now type ‘dism /image:<driveletter here> /get-packages’. This should result in a list of packages. Find KB4100347. It’s name is quite long, but you can copy it by selecting it and right clicking
•Now type ‘dism /image:<driveletter here> /remove-package /PackageName:<The really long name of the KB4100347>’
•Now type ‘dism /image:<driveletter here> /cleanup-image /revertpendingactions’ as to undo the damage done

When done, reboot the system and Windows works again. Be sure to kill Windows Update right after booting. It will again try to install it causing a kind Groundhog Day starring you.

Nothing beats nursing and playing with one’s OS, does it?

And what else would you have spent your time with?

Sigh.

Inter is so uncommunicative on how microcode updates are delivered, I don’t even know if I’ve been patched, & whether I have to get it through the Intel Driver & Support Assistant, or if it will come in a Windows Update patch. Looks like it might be through KB4343898, as Gunter documents in “Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)”. I have an ASUS laptop with Ivy Bridge (Intel Pentium Processor Family), microcode in Production status, CPUID 306A9, & MCU Rev 0x1F as of April 2018. Whether I can believe it or not, GRC’s InSpectre Release #8 tells me the following:

System is Meltdown protected: YES
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: SLOWER

Hi everyone,

There is a reason why Microsoft pushed out KB4100347 for non-supported Intel CPUs and for AMD CPUs. Eventually Intel will add support for AMD CPUs, and Intel has added support for five Intel CPUs, yet those didn’t make it into KB4100347. The upshot is that this update, when it does get re-released, won’t do anything if there isn’t newer microcode available for your CPU. It is a shame that Microsoft didn’t get it right the first time. Unfortunately we can say the same thing for a ton of MS updates during the past couple of years. It is what it is.

Best regards,

–GTP

Interesting article about the latest impact of Intel Microcodes on Linux in Phoronix:

Benchmarks Of Intel’s Latest Linux Microcode Update

Here’s their conclusions:

In the benchmarks run over the weekend, the latest Intel microcode files for August (taking Xeon Scalable CPUs to 0x200004d appeared to have only minimal impact on the system performance… Mostly in I/O cases were there some slight differences in performance, but nothing overly shocking and not as bad as the L1TF Linux kernel mitigation itself — see those benchmarks for all the details. Going into this microcode comparison I was expecting much more volatile results given their short-lived benchmark restriction, but it looks like it may have just been an overzealous Intel lawyer who thought it would be a good idea to forbid benchmarking and further lock-down their microcode license…

Jan K. wrote:

Nothing beats nursing and playing with one’s OS, does it? And what else would you have spent your time with? Sigh.

Uh, like actually getting some work done, instead of having to deal with yet another in-the-gutter Microsoft Windows Update? This is Nadella’s new Customer Experience. Ain’t it a riot of fun? It is like watching a stupidly hilarious circus act while riding a really scary roller coaster at the same time.

Hey you all,

I forgot to mention that all operating systems (Windows and Linux flavors) will be killing hyperthreading in all Intel CPUs which are affected by Meltdown and Spectre. It is what it is, yet I agree with the reasoning to do so. Also consider that hyperthreading in some Intel CPUs has already been found, due to bugs, to cause both data corruption and unexpected reboots. This info predates Meltdown and Spectre. In fact, I had to kill hyperthreading in BIOS on two cheap Win10 desktops at the office, due to unexpected reboots and data corruption. The remarkable thing is that I had forbade any Win10 computers at the office, yet the IT guy ignored me.

Best regards,

–GTP

JSTechGeek wrote:

For the Meltdown vulnerability, Microsoft issued a patch through Windows Update. For the Spectre vulnerability, it is up to the PC vendor to issue a firmware upgrade to your system BIOS. The below link is a bit old now, Several PC models have had BIOS updates released since this list was last updated. Visit the manufacturer of your PC’s website to see if there is a new BIOS upgrade in the drivers list. https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

Actually, no in terms of Windows 10 and perhaps now with Win7 32-bit. The upshot is that Microsoft is (was) recently pushing Intel Meltdown and Spectre CPU microcode updates which were loaded by Windows when Windows boots up, and which would supersede whatever older versions of CPU microcode that are present in the computer’s BIOS.

Windows has had the capability to load newer CPU microcode, versus whatever older CPU microcode is present in the user computer’s BIOS, since Windows XP.

Since nearly all motherboard OEMs are refusing to create BIOS updates for their products which are out of warranty, Microsoft is now trying to step up to the plate by loading Intel’s CPU microcode which mitigates Meltdown and Spectre. Yeah, a good idea. And yeah, a bad implementation since Microsoft not only didn’t incorporate Intel’s latest August microcodes, but also since Microsoft didn’t bother to address the caveats regarding implementing one specific CPU microcode. This latter thing is quite inexcusable since Intel clearly mentioned it.

I am wondering what to do with kb3019978, 3021674, 3023266,3045755 for Windows 8.1 Updates; if somebody has any experience with these installs and more because I am updating from a Clean Install.
Any tips will be greatly appreciated!!!

anonymous wrote:

My girlfriend’s AMD laptop was also being offered it last night, even though it obviously doesn’t need it.

AMD CPU’s are every bit as vulnerable to Spectre attack vectors (but not Meltdown) as Intel CPU’s.  It’s just AMD is slower than mollasis flowing uphill in an Alaskan January at putting their microcode updates out.  In any case an AMD CPU machine should not be offered an Intel Microcode update if the updates MetaData is correct.

WildBill wrote:

I have an ASUS X55A laptop. According to the Bleeping Computer list, “ASUS says it will release BIOS updates for affected products by the end of January.” As of ASUS’s announcement on 01/05/18, the X55A wasn’t listed. The Windows Hotfix for Win8.1 (Build 6.3.9600) is KB4056898 & the Hotfix for IE11 is KB 4056868. Not bothering with the KB’s until I also have the BIOS update from ASUS. The Saga Continues…

Hello Wild Bill,

The quote from ASUS comes with a caveat. They, like other OEMs, are not updating BIOSes for any hardware which is three years past the product’s initial release date. Yet ASUS does provide lifetime support for their products. If you push, then they probably will create an updated BIOS file for you. Yet I would not go that route.

I downloaded that last BIOS revision for your ASUS X55A. Your X55A supports four different types of CPU platforms. Two of the four types of CPU platforms which your laptop might contain do have Intel BIOS updates for Meltdown and Spectre. Unfortunately, the other two CPU platforms have no Intel BIOS updates for Meltdown and Spectre.

The two CPU platforms for which there are no Meltdown and Spectre mitigating microcode are 306A6 and 306A8.

The two CPU platforms with available Meltdown and Spectre mitigating microcode are 206A7 and 306A9.

Use GRC’s InSpectre utility to see which CPU platform you have. Hopefully InSpectre will show that you have either 206A7 or 306A9. If so, then the VMware Fling in conjunction with my tuned microcode.dat files will provide Meltdown and Spectre mitigations, without you having to flash your laptop’s BIOS. I am still a few days away from posting a Dropbox link for a ZIP of the Fling which includes the required DAT files and full instructions. I also have to tweak the Fling’s batch file installer.

A note for all Win10 users: The VMware Fling can have issues in Win10 since Microsoft already is basically doing the same thing in Win10 — having Win10 load Intel’s latest microcode for Meltdown and Spectre when Win10 boots up. Thus the VMware Fling should not be used in Win10.

Best regards,

–GTP

RE: Intel microcode updates
OK duly warned not to run any CPU benchmarks following the INTEL  threat re: their spectre patch on pure Intel box using IvyBridge I-5 CPU @ 3400Mhz using PassMark Bench – run 3 times:

using WIN10 ver 1709 w/out CPU patch – CPU Mark 6600
then WIN10 ver 1803 w/ CPU patch – 7200

GO FIGURE?

OK. All this is making it so right for me to be even more seriously considering to stay with Windows 7 until MS decrees (for real) it’s curtains for it, and then hightail it to a place far, far way from Windows.

It used to be difficult to work with colleagues that were forced by their organizations to have Windows PCs, unless one also had Windows in one’s machine. But now, at least if one is using a Mac, problems (at least for what I do) are practically non-existent. I wonder how that is like, these days, for those using Linux. Anybody?

For some reason, since I switched to Semi Annual with 365 days delay for feature updates, I only get monthly security updates. I assume the rest of the updates that are rolled out throughout the month are included too. But at least I have only one s***** day per month instead of multiple ones. Add that to the fact I don’t use a Windows machine for production anymore. So yeah, I slowly start to take more and more distance of the Microsoft-[……].