Deanna’s Freeware Spotlight: Intel Microcode Boot Loader v0.3

Topic

New Reply

Some motherboard manufacturers have failed to release firmware updates to patch the Spectre vulnerability which allows speculative execution side-chan
[See the full post at: Deanna’s Freeware Spotlight: Intel Microcode Boot Loader v0.3]

4 users thanked author for this post.

Elly, WildBill, abbodi86, lanceboil

Reply | Quote

Replies

Well, that could help. However, we’re by no means done with this category of vulnerability, nor do I expect any time soon…

 

https://www.theregister.co.uk/2018/11/14/spectre_meltdown_variants/

The chip vendors’ insistence that they’re not affected contradicts the researchers’ published statements. “Even with all mitigations enabled, we were still able to execute Meltdown-BR, Meltdown-PK, and Meltdown-RW,” they state in their paper, adding that “some transient execution attacks are not successfully mitigated by the rolled out patches and others are not mitigated because they have been overlooked.”

And then there was the one about GPU-based side channel attacks, where did I put that one again…

Reply | Quote

It just boots on grub command prompt and does nothing.

Reply | Quote

Enable legacy boot (non-EFI).

Reply | Quote

GTP,

Wow! Way above my pay grade. Thanks so much for all your effort on this. 😎

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

The latest version of this tool supports installation to HDD

1 user thanked author for this post.

Microfix

Reply | Quote

Tried to download Boot Loader – file doesn’t exist.

Reply | Quote

The latest version is available from the developer here.

2 users thanked author for this post.

Elly, columbia2011

Reply | Quote

Wow! What a lot of hoops to jump through, just to patch vulnerabilities for which there are as yet no proven in-the-wild exploits.  I refer to Meltdown and Spectre. No known exploits as of yet.

If your system doesn’t have a firmware microcode patch, all major operating systems now have mitigations, as do all major web browsers. And again, there are no known exploits in the field.

-- rc primak

Reply | Quote

Seems to be working at first (using flash drive) – get message “replaced microcode on 4 of 8 cpus”. Then just hangs and never boots to windows. Any thoughts or suggestions?

Reply | Quote

Now that the bootloader is up to Version 0.5.1, is anyone using it?

It sounded good, but my CPU had not actually received a firmware update from Intel. Intel also said it would not. In some firmware update packages, my CPU is listed as being updated, but when you look carefully at the update contents by CPU ID number, mine shows its last update was 2012. The intel site also shows the i7-960 (Bloomfield) in red, meaning all research and activity for a new firmware version had stopped.

Upshot yes, there was an update of the appropriate Intel package, but not every CPU listed in the package actually received a firmware update. Bloomfield family was left out.

Reply | Quote

Is this still a viable tool for those whose processors never got an official update?

i7-10700k - ASROCK Z590 Pro4 - 1TB 970 EVO Plus M.2 - DDR4 3200 x 32GB - GeForce RTX 3060 Ti FTW - Windows 10 Pro

Reply | Quote

GTP,

Thank you so much for taking on this tedious task. I’m really glad I saw you post before trying to implement this on my older Dell test machine. Awaiting your results.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

GTP,

It’s a Tilly.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Will you be able to implement it so that it doesn’t require a flash drive to run it?

Reply | Quote

Did Google not find this?

Hybrid PhysX Mod Package contains Trojan
by Hilbert Hagedoorn on: 04/30/2010 09:32 AM | source: | 0 comment(s)

It has become apparant that Hybrid PhysX Mod from NGOHQ.com posted earlier this month contained the Infostealer.Gampass trojan. I wanted to add to this that it MIGHT as well be a false positive. None the less, we say … safety for all.

According to Symantec, Infostealer.Gampass specifically targets video game credentials, log-ins and passwords. I would recommend uninstalling this and doing a full scan on your computer.

* Update – This news-post was invalid and we are happy to report that the mod was a false positive.

4 users thanked author for this post.

rc primak, Elly, columbia2011, Kirsty

Reply | Quote

Are you still going to implement the flash drive solution in the meantime?

Also, if this (the flash drive microcode boot loader) is used, will it cause any problems should the user decide they want to stop using it and just go back to booting normally?

Reply | Quote

For anyone interested, there has been a revision update to this bios bootloader on the originator’s website:
https://www.ngohq.com/intel-microcode-boot-loader.html

Changes (v0.5.1):
* Fixed a bug in the installer.
* Improved support for a local drive installation.
* Updated microcode database.

my bolding
Note: Website and Download Links have been checked via VT and are clean (at this post time and date)

IMHO It still wants for a checksum/ hash verification code..

Windows - commercial by definition and now function...

2 users thanked author for this post.

Karlston, satrow

Reply | Quote

If that install.exe has been processed with an EXE packer/compression tool, that could be a source of false positive. UPX processed files have been a great source of false detection in the past with several different Antivirus vendors.

1 user thanked author for this post.

rc primak

Reply | Quote

Based only on a file name? Your Googled result’s file also has other names, originally ‘MIDARs2DLesson.exe’, also logged as being ‘ICMREALOSUVT.EXE’.

If it was the same hash, it would be convincing as malware, without that it’s just coincidental.

Take a step back: Would you use or trust Rising or Cylance software to be 100% reliable, or as good as the more common (and trusted) options?

1 user thanked author for this post.

Microfix

Reply | Quote

Yes and to add to that, most of those engines used by VirusTotal may be configured differently from purchased or downloaded ‘free’ products.

Reply | Quote

So what’s the concensus, is it worth installing? Also, will the latest version install locally without any additional steps, or is the flash drive still necessary?

Reply | Quote

Worthy for those still using Windows 7 or 8 and never received a BIOS update from the manufacturer. If you have ‘System Reserved’ MBR partition, flash drive is no longer necessary.

Reply | Quote