Hangover Tuesday: Every version of Windows gets yet another Intel microcode patch

Topic

New Reply

There are 13 new August patches in the Microsoft Update Catalog, all dated August 20, all released in the past hour or two. They’re Intel microcode up
[See the full post at: Hangover Tuesday: Every version of Windows gets yet another Intel microcode patch]

8 users thanked author for this post.

walker, Fred, RDRguy, Elly, PhotM, GreatAndPowerfulTech, Joulia.S, geekdom

Reply | Quote

Replies

Every version of Windows 10/2016, rather. I’m not seeing anything for Windows 7 or Server 2008 R2 systems.

3 users thanked author for this post.

Pepsiboy, geekdom, woody

Reply | Quote

Or windows 8.1

3 users thanked author for this post.

radosuaf, geekdom, woody

Reply | Quote

no new Intel microcode updates are available for Win7 & Win8.1 (with the exception of KB3064209 which was in June 2015)

and no new microcode updates are available for Win10 v1511 either

Reply | Quote

You mean every version of Windows 10.  While MicroSoft could easily put out Spectre MicroCode Updates for Windows 7 (and 8.1) Satya has decided to literally use the Organized Crime tactic of withholding protection to over 40% of it’s Windows Installed Base. He is outright trying to leverage (Extort might be more accurate) a lack of Spectre protection (again now caused by MicroSoft), in STILL IN SUPPORT Windows OS’s other than 10, to force users into Windows 10.

7 users thanked author for this post.

SueW, lanceboil, Pepsiboy, geekdom, RDRguy, Elly, woody

Reply | Quote

Just let’s wait and see. I am suspending judgement on MS about this, for now.

It looks like this might concern only those users with Windows 10 in their machines. If this is about Windows 10 only, this fact could have made clear by Woody. Perhaps this is the case here, perhaps it is not. But be that as it may, in dealing with the endless grief daily renewed from Windows 10 I’ve noticed that some people are increasingly referring to problems with Win 10 without clarifying that these are a concern only for those users running Win 10 in their PCs.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

It’s not clear to me which pieces of the patches can be implemented in Windows, which have to be part of a firmware update, and which require both.

Anybody else have a clue?

1 user thanked author for this post.

PhotM

Reply | Quote

Well in a nutshell, my understanding is that the preferred fix is to receive an OEM firmware update for your hardware.  But in my case, as in many others, out of warranty hardware is not likely to ever see another OEM firmware update.

So the second line of defense is to issue a microcode update that the OS can load at boot time.  This microcode is stored in volatile memory and needs to be restored at each OS boot.  But it can patch flaws that exist in the underlying firmware or silicon.

These Microsoft patches are designed to supply that second line of defense for older hardware.

Windows 10 Pro 22H2

3 users thanked author for this post.

BobbyB, OscarCP, RDRguy

Reply | Quote

So, to give an example: I (really) have Windows 7, x64 and an I-7 “sandy bridge” CPU from around 2011.

Questions:

(1) Does anyone here have reason to disagree with JohnW’s #21221  assessment of the situation?

(2) Does anyone know if my PC’s CPU is too old to be still under warranty, and therefore might be eligible for this patch?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Unfortunately, Microsoft is only releasing Intel microcode patches for the latest versions of Windows 10.  Intel has been releasing microcode for older generation CPUs, but it is still up to Microsoft to release the patches and determine which OS gets supported.

Sandy Bridge (2011) is very likely to have been out of warranty for many years now, as is my Ivy Bridge (2012), which is a generation newer.  So firmware updates are not going to happen with these.

Contact your computer manufacturer for warranty details, but anything that old is highly unlikely to still be covered.  They would rather you buy new hardware.

Windows 10 Pro 22H2

4 users thanked author for this post.

SueW, Bill C., Noel Carboni, BobbyB

Reply | Quote

I used to have a PDF from Intel of which Intel CPUs were scheduled for microcode. I had it bookmarked, but it keeps disappearing behind a log-in on the Intel site. Most older i series CPUs (most Gen1 and some Gen2) were not going to get firmware updates, unless it was a real popular CPU or Intel MB or was a Xeon type of CPU and even many of thiose were SOL. My i7-960 and the DX58SO2 MB will never get a firmware update from the OEM manufacturer (uh… Intel).

Steve Gibson’s Inspectre utility says an update is available for my CPUID, but checking the released firmware package does NOT include an UPDATE for my exact CPU. A contributor here, RDRGuy did a lot of work on the issue, but it was not for the amateur to attempt.

JohnW is dead on, even IF Intel released firmware for my ancient CPU, it would NEVER be used by MS for Win7. A friend who has an MSI motherboard has still received nothing from them and I cnould not find any BIOS/UEFI updates for his board of any Windows flavor. In my opinion, the OEMs share more blame than MS on lack of firmware updates.

Reply | Quote

not entirely true, JohnW.

read MS support KB article 4093836.

there are new Intel microcode updates for several versions of Windows 10, including the RTM (1507) release [for those using 1507 LTSB]. only version that is not getting them is the 1511 release which was already EOL.

Reply | Quote

Correct, but I stated “latest versions”, not “the latest version”, so I was being generally inclusive.  Plus I was intending to exclude Win 7 and 8 in the same sentence, which is correct.

Windows 10 Pro 22H2

Reply | Quote

These microcode updates can readily be implemented by Microsoft in Windows and Windows 8.1 at boot time, yet MS chooses not to do so. It is obvious that MS is leaving Win7 and Win8x users, and all users who are running older hardware which MS no longer supports in Windows 10, hanging out to dry.

3 users thanked author for this post.

walker, wdburt1, lanceboil

Reply | Quote

As a point of general interest: If an update of the “software” microcode that happens to be installed at OS booting up time goes bad, does this also mean that one cannot boot up the OS at all? Not even in secure mode? If so, what then? Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

If you’re running Linux, hold the shift key down during boot, go into Grub, and then select an older Kernel (then, after you boot up, delete the kernel that’s hosed, so you default to a working one). If that does not work, you can try this:

https://ubuntuforums.org/showthread/?t=2273643

Windows, I don’t know. I would try booting into Safe mode, and see if I could uninstall the offending update. I’d highly suggest doing a full system backup before adding Windows Microcode, though, as that may not work.

Reply | Quote

To be fair, you don’t want these updates.
Smeltdown patches reduced performance in 7 & 8.1, which is why a lot of people either don’t install them or they disable the protection.

There are no known exploits in the wild. This is key #2. You’re protecting yourself against something that has yet to exist.

Furthermore, the main attack vector that would be compromised (browsers) are updated (or are being updated) to help prevent Smeltdown as well.

This is just more of the same, really. I get your grievances, and follow along…but I’d rather not have the updates. If/when exploits are found or publicized, I would assume both browsers and A/V orgs will update their software to protect you accordingly anyway.

4 users thanked author for this post.

wdburt1, Jan K., Cybertooth, Microfix

Reply | Quote

@Zero2dash Luckily, these microcode updates don’t affect W7 and W8.1 but, I do understand exactly where you are coming from. 😉

If debian is good enough for NASA...

Reply | Quote

I have an AMD CPU so this update shouldn’t be applicable to my PC. Does anyone know why it is available on Windows Update for me?

1 user thanked author for this post.

woody

Reply | Quote

There have been many complaints about Intel patches being made available to AMD machines. No idea why it happens – but apparently the installers are smart enough to catch the inconsistency.

1 user thanked author for this post.

Wazhai

Reply | Quote

Not this time.  My AMD A10 system running Windows 10 home 1803 just got the KB100347 patch.

Reply | Quote

It’s probably just Microsoft’s attempt at keeping the same patch code base installed on all Windows 10 machines.  The microcode will most likely actually be installed only if the correct target processor is available at boot time.

There is always the possibility that you could swap your AMD motherboard out for an Intel, without doing a fresh install of Windows.  Then you would need the new microcode at boot time.  Windows 10 makes this a breeze to accomplish now, so it is a real thing.

Windows 10 Pro 22H2

Reply | Quote

you mean KB4100347, mobartz.

KB4100347 has no effect on AMD CPUs. it can be installed but does not do anything on AMD systems

Reply | Quote

Win10 home user here …. I checked Windows Update an hour ago, and KB4100347 appeared. I downloaded and installed it (I am a seeker…I know, I know….). All seems fine. The update required a restart…..Ughhhh….

Reply | Quote

No patches for Windows 7 and 8.1? Actually, I’m kind of relieved. Look on the bright side, folks–you won’t have further slowdowns and other issues with your computer (like we did earlier this year).

One thing is for certain: I’m buying AMD next time. Intel’s Meltdown, monopolistic ploys, profit-mining at the expense of innovation, and a host of other things really makes me want to stick it to Intel until they straighten up and fly straight. But I’m not holding my breath.

1 user thanked author for this post.

bassmanzam

Reply | Quote

Fortunately any slowdowns haven’t been much too noticeable for me.

Reply | Quote

The KB has changed so that now it indicates that it’s on the Microsoft catalog site only, not on Microsoft update.

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

walker, woody, BobbyB, OscarCP, Elly

Reply | Quote

Just because Microsoft ships microcode updates, it doesn’t mean anyone should install them! Instead, check without your computer manufacturer for BIOS updates. That’s the proper way to get such updates.

2 users thanked author for this post.

Microfix, BobbyB

Reply | Quote

It’s probably best to wait on the patches, as Woody has said there are currently no exploits in the wild.

That being said, OEM firmware or BIOS updates may be best, but will only be provided for current hardware.  If you have an older, end of life, out of warranty system, you will most likely never receive OEM updates for your hardware.

Windows 10 Pro 22H2

1 user thanked author for this post.

Bill C.

Reply | Quote

which seems to be happening with my family’s Dell Inspiron 620 computer, which uses Intel Sandy Bridge CPUs and Dell won’t be offering any microcode BIOS/firmware updates for it.

on the other hand, Dell DID offer BIOS updates for Inspiron 660/660s PCs, which uses Intel Ivy Bridge processors – see this list from the Dell support site.

Reply | Quote

OscarCP wrote:

Questions: (1) Does anyone here have reason to disagree with JohnW’s #21221 assessment of the situation?

I did not provide footnotes to my assessment, but if you spend sufficient time with a search engine, you will reach the same conclusions.  The facts are out there…

Windows 10 Pro 22H2

Reply | Quote

Well, it seems to me that, right this moment, no one, but absolutely no one here has the remotest idea of what all this might mean for any of us…

For my part, I have just now and most solemnly sworn an oath of blood NEVER to install a microcode patch in my beloved old Windows 7 PC! Be it meant to be applied to the firmware, the vaporware or the lycanthropic software.

So: Hey, Spectre! Hey Meltdown! Come and get me: see if I care!

Life is sweet, and it will go on… Until it doesn’t. So, there!

(And it even rhymes!)

Win 7 x64 SP1, I-7 “sandy bridge” – Group B for ever.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Why is it that we never see any information whatsoever about what the performance impacts of these microcode updates, patches, etc. will be?

Back for Meltdown/Spectre, Microsoft DID publish some hints, of the form “you’ll probably notice a slowdown”. That’s not nearly good enough!

It’s unacceptable to foist things on people without letting them know the potential impacts. Don’t get used to this treatment.

-Noel

8 users thanked author for this post.

SueW, wdburt1, Bill C., Elly, Sessh, AlexEiffel, OscarCP, JohnW

Reply | Quote

I agree.  So I ran an informal comparison with and without the mitigations in place, using Performance Test by Passmark Software.  https://www.passmark.com/products/pt.htm

I found negligible difference on my system with and without the Spectre and Meltdown protection.  Windows 10 Pro 1709 with an Ivy Bridge 3rd gen Intel Core i3 CPU.

Windows 10 Pro 22H2

3 users thanked author for this post.

Noel Carboni, Elly, AlexEiffel

Reply | Quote

Rumor has it that with Windows 10 and/or newer hardware the impacts are less.

Thanks for your observations, which don’t dispel this possibility.

-Noel

Reply | Quote

Just to be clear, I was referring to the ORIGINAL mitigations for the Meltdown and Spectre vulnerabilities, not the latest variants.  I am holding off on these new patches for now.

I ran Steve Gibson’s InSpectre tool, which allows you to disable/enable the protections.

Windows 10 Pro 22H2

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Don’t worry, I had read your post correctly.

-Noel

1 user thanked author for this post.

JohnW

Reply | Quote

Difficult and highly dependent on workload. See e.g. this VMWare document regarding L1TF:

https://kb.vmware.com/s/article/55767

Or this from MS:

https://blogs.technet.microsoft.com/srd/2018/08/14/analysis-and-mitigation-of-l1-terminal-fault-l1tf/

The “core scheduler” mitigation might turn out to have rather disastrous performance affects depending on CPU over-commit/over-subscription.

2 users thanked author for this post.

Noel Carboni, Elly

Reply | Quote

Noel Carboni wrote:

Why is it that we never see any information whatsoever about what the performance impacts of these microcode updates, patches, etc. will be?

Back for Meltdown/Spectre, Microsoft DID publish some hints, of the form “you’ll probably notice a slowdown”. That’s not nearly good enough!

It’s unacceptable to foist things on people without letting them know the potential impacts. Don’t get used to this treatment.

-Noel

I suspect it is due to the many, many configurations out there. MS can hardly make patching work, so would you trust their testing?

For example my old Intel i7-960 on an Intel DX58SO2 MB took a minimal hit with the Meltdown software fixes. My Lenovo E440 laptop with an Intel i5 took a bigger hit (I guess less excess horsepower) but was not objectionable. However when the new firmware addressing Meltdown AND Spectre was released the laptop took a noticable hit, especially when installing updates. I have it turned off via Steve Gibson’s Inspectre utilty until it is reported in the wild.

What did surprise me is none of the tech sites did any methodical testing. I can find detailed reviews of GPUs that measure down to a few frames per second variations, but nothing on these fixes. I suspect the reason is they did not want to dissuade folks from installing the patches.

2 users thanked author for this post.

Noel Carboni, AlexEiffel

Reply | Quote

No doubt there is no way to make a statement like “You’ll experience xx.xxx% slower performance” because of the complexity of the computing world.

And it’s the kind of thing probably most folks won’t even notice or even care about. But some of us care very much because we’re doing computing out on the cutting edge.

The changes CAN be described, and the potential areas of impact COULD be identified.

Bill C. wrote:

What did surprise me is none of the tech sites did any methodical testing. I can find detailed reviews of GPUs that measure down to a few frames per second variations, but nothing on these fixes. I suspect the reason is they did not want to dissuade folks from installing the patches.

My own testing showed me quite clearly that much of the expenditure and time I’ve put into creating a highly-tuned I/O subsystem for my workstation (involving arrays of SSDs) will be simply lost if Meltdown/Specter mitigations are allowed in. Specifically, I found that the maximum I/O throughput my system can deliver went from 1800+ megabytes per second to 900 megabytes per second – LESS THAN HALF.

EVEN IF I take the updates and disable the mitigations by InSpectre there’s STILL an 8% hit to my I/O performance!

I measured this not only through artificial means, but by actually installing the updates and doing real world testing, doing things like software system builds.

What price security? I’m willing to pay some to reduce risk but not for made-up BS security, especially when I have many other things already in place that DON’T require me to wait longer for my work to be done and which are arguably far better than presuming malware is constantly running on my system pestering the OS for secret data.

-Noel

2 users thanked author for this post.

Sessh, Bill C.

Reply | Quote

Regarding Windows Updates on Windows 10:

I haven’t had the displeasure of using Windows 10 on my personal computer, so it’s not something that affects me on a personal level yet, but I have a question regarding the updates.

I’ve been reading since the birth of 10 that there is no way of taking full control of the updates, even if you stop the Windows Update service, it starts up by itself.

But on my office PC I see that the updates are not being installed and I have not received any notification about them.

In the screenshots attached, which are in italian, on the top of the 1st you can read “Some settings are handled by the organization” on the second you can read:

Disable automatic updates

Origin: Administrator

Type: Group criteria

How would one achieve such a thing?

Thank you.

Reply | Quote

Winoni71:” #212244 “:

” But on my office PC I see that the updates are not being installed and I have not received any notification about them. In the screenshots attached, which are in italian, on the top of the 1st you can read “Some settings are handled by the organization” on the second you can read: Disable automatic updates.   Origin: Administrator.   Type: Group criteria. ”

Just a thought: If you are working in Italy at the moment, could it be that MS has to work there complying with different rules and regulations imposed by the EU or the Italian authorities, than those they have to follow, for example, in the USA? In general the Europeans tend to have strong privacy and consumer protections. For example: the settings you see must be the default way MS needs to set up things to comply with those regulations.

But this is no more than a guess.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Anytime you have any deferral settings in place that message “some settings are handled” is shown.  You may have deferral settings that are holding them back.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Elly

Reply | Quote

Susan Bradley wrote:

Anytime you have any deferral settings in place that message “some settings are handled” is shown.

If deferred via Group Policy, not Windows Update Advanced Options.

Reply | Quote

Most likely your organization is running either a WSUS server, or an SCCM server, to push the updates out on their own schedule.

Behind WSUS and SCCM, you can absolutely control Win10, because WSUS and SCCM have more weight than Automatic Updates. Even if you leave Automatic Updates enabled on the client workstations, they will only install what is provided to them by the WSUS or SCCM server. IOW, they will check for updates and find none, and thereby do nothing – unless a Domain Admin (or WSUS/SCCM Admin) makes the updates available to the clients.

The best thing (as a smart home user) to do, if you have 10 Pro, is change Automatic Updates to 2 in Group Policy, which notifies when updates are available but does nothing else. If you don’t download the updates, nothing happens. (If you do download the updates, they are automatically installed.) This is really the lone brick wall to stop Automatic Updates for 10 Pro that people who are not behind WSUS/SCCM have available to them.

Reply | Quote

Instead of setting the Local Group Policy to 2, if you actually disable that policy you will stop the notifications as well.  This has been working well for me!  Nothing at all until I press the check for updates button!  🙂

Windows 10 Pro 22H2

1 user thanked author for this post.

zero2dash

Reply | Quote

Yeah, that’s an option, but the problem there is you have to use wushowhide to see what the updates are before you hit the button to check and install, because otherwise it doesn’t show you. That’s why I like a setting of 2, because it shows the updates it wants to download but does nothing else (thereby removing the requirement of using wushowhide to see what the update(s) are). I guess it all boils down to personal preference there though, obviously. 🙂

1 user thanked author for this post.

JohnW

Reply | Quote

LOL.  But wushowhide has become a habit ever since Woody learned me about it.  I like the belt and suspenders safety net!

Windows 10 Pro 22H2

Reply | Quote

It came down through Windows Update this morning for me, so definitely not Catalog only

Reply | Quote

The Patch Lady posting  #212221 was later, in the evening, around 6:16 PM:

“ The KB has changed so that now it indicates that it’s on the Microsoft catalog site only, not on Microsoft update. “

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Did it get pushed down or did you manually go to Windows update (settings, etc) and scan for it?  When I scan, it’s there, if I let it install, I’m not seeing anything be pushed to my machine.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

FYI, seen today on a Win 7 x64 Ultimate system asked to scan for available updates:

-Noel

1 user thanked author for this post.

Elly

Reply | Quote

7’s aren’t getting any of the microcode updates.  I’m trying to determine if 1803 10’s are getting this microcode update pushed to them or if you only get it if you check for updates?

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Noel Carboni

Reply | Quote

OK, sorry, I didn’t quite get the context of the question.

Wow, so Win 10 updates received automatically might be a different set than when you press the [Check for Updates] button? Is that the “seekers” concept at work?

I’ve managed to get my own Win 10 Pro setup into a mode where it reports “Some settings are managed by your administrator” and it will only update if I run a .msu from the catalog. I really, really, really, really, really like it this way. I wish I could publish a “7 steps to accomplish that” guide, but I lost track of how I did it. Last thing I remember doing was poking around in gpedit.msc but now I don’t see settings in there that would imply I have changed something related to Windows Update from the defaults. Someone needs to write a tool that examines all the hundreds of different settings that could affect Windows Update and summarizes, like O&O ShutUp10 or similar. Sigh.

-Noel

Reply | Quote

My WSUS server suddenly got a set of 2018/07 updates today:

– 1607 – KB4091664
– 1703 – KB4091663
– 1709 – KB4090007

All are similarly labelled as Intel microcode updates, dated today.

Not sure of the Windows Update availability of these.

No matter where you go, there you are.

Reply | Quote

I have an Ivy Bridge based HP Probook and I just did a firmware update last month so for Business laptops the support is a little longer than on the more consumer oriented laptop SKUs. It’s best to find out what laptop is most popular for the big enterprise customers and the laptop makers usually have a little better build quality for any make/models of Business laptops that are favored by the big enterprise customers.

I’d Like to replace my current Probook with an AMD Zen/Vega graphics based Radeon Pro mobile APU, and that Pro version gets a longer support and warranty period than the non Pro Raven Ridge(Zen/Vega graphics) consumer oriented Raven Ridge SKUs. Raven Ridge is the code name for AMD’s line of APUs that make use of the Zen cores and Vega integrated Graphics and hopefully the Raven Ridge Pro Variants will begin appearing in business laptops. There are also Raven Ridge Desktop APUs that hopefully will be appearing also with Pro Variants for those HP mini-desktop PC variants that are rather popular form factors for Business oriented usage.

I’d like to move away for Intel’s SKUs until they have all this Meltdown/Spectre mess fixed in their hardware. It’s risky flashing a laptops BIOS/UEFI as if the power goes out while you are flashing new firmware you can brick your laptop. I have some older Sandy Bridge generation laptops but I have not looked for any firmware updates from the Laptop’s OEMs as they are getting rather out of date, the oldest laptop that still works is a first generation core i series Intel Laptop and that’s probably never going to get any updates from Intel. Sandy Bridge may still get some Updating as Intel has been supporting some of its server class Sandy Bridge SKUs but laptop OEMs are not that much willing to support non business grade laptop much at all.

Reply | Quote

woody wrote:

It’s not clear to me which pieces of the patches can be implemented in Windows, which have to be part of a firmware update, and which require both. Anybody else have a clue?

As you know Spectre mitigations require MicroCode updates.  What many people are unaware of is these MicroCode updates can be applied in two ways.  The first is via a firmware update, provided by your motherboard maker,  to your motherboard.  The second is via the MicroCode Update means (Mcupdate_GenuineIntel.dll or Mcupdate_GenuineAMD.dll) at boot that has been built into every version of Windows since at least Windows XP.

Note that either way the new MicroCode is applied, firmware or MS update, it’s the same code, supplied by either Intel or AMD. The difference is just in how and when in the boot cycle the MicroCode is introduced to the CPU.

Reply | Quote

you actually need BOTH the microcode BIOS/firmware update from PC manufacturer plus the microcode Win10 update from MS update to eliminate the problem

just like a marriage – you can’t have one without the other

Reply | Quote

Incorrect…

Windows 10 Pro 22H2

Reply | Quote

I agree with JohnW. Incorrect.

1 user thanked author for this post.

JohnW

Reply | Quote

You need the windows patch and a microcode or firmware patch… but not both firmware and microcode…

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

Kirsty, JohnW

Reply | Quote

woody wrote:

There are 13 new August patches in the Microsoft Update Catalog, all dated August 20, all released in the past hour or two. They’re Intel microcode up[See the full post at: Hangover Tuesday: Every version of Windows gets yet another Intel microcode patch]

Thanks Woody.
However there are no kwown breaches there STILL is a b****y NECESSITY to place all these patches. My HP-Pavilion needs very well the HP-patches for hard- and software. There simply is no clear descryption of these HP-patches, but the OS is simply performing more badly over the time and so on. Now up to yesterday it seems to go right again, BUT still, it’s all a TOMBOLA where believe in stabilily is still going down.
So, the Linux old-laptop, is still active and present for the real thing when things are going wrong again. It’s not a question of IF, but WHEN it goes down again.
Getting tired of it.
Regards and tulips,  Fred

* _ ... _ *

Reply | Quote

I received KB4100347 which appears to be a microcode sort of Windows update on Home 1803 on my Dell notebook. So it does look like they may be pushing out some of these through Win update.

1 user thanked author for this post.

woody

Reply | Quote

Did you check for updates or did it automatically come down?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

UPDATE: Crysta notes that there are two more microcode updates, both dated Aug 21, but they appear to be re-issues for last month’s microcode updates. KB 4090007 for Win10 1709 and KB 4100347 for 1803. jescott418 notes that KB 4100347 is arriving via Windows Update on his Win10 Home 1803 computer.

Reply | Quote

UPDATE: Crysta notes that there are two more microcode updates, both dated Aug 21, but they appear to be re-issues for last month’s microcode updates. KB 4090007 for Win10 1709 …..

Interesting since the MS information sheet on KB4346085 for ver 1709 says that it includes KB409007 – And still need KB4078407 (or manual registry entries) to enable it.

Reply | Quote

@woody I think what Crysta noticed is that the patches for 1803 which were downloaded before in WSUS but never installed, only detected if installed manually (this is not regular behavior) have now been reissued with metadata update and possible contents update to be installed automatically by WSUS if approved by administrator or Windows Update according to the documentation.
All the other microcode updates for Windows 10 other than for 1803 are new as far as I can tell. According to WSUS metadata, which can and has been wrong before, only the 1803 patches supersede previously released patches as they are cumulative for the microcode purpose according to other reports.

Reply | Quote

From Microsoft KB support on K4346085 for Windows 10 ver 1709:

Intel recently announced  that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”), Spectre Variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”), L1TF (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646: “L1 Terminal Fault”). In addition to microcode updates previously released in </span>KB4090007​ to address Spectre Variant 2 (CVE 2017-5715: “Branch Target Injection”), this update also includes microcode updates from Intel for the following CPUs.

And (note the below enablement KB was previously included with KB4090007)

Please make sure that mitigation against Spectre Variant 2 is enabled by applying the update through KB4078407 or through the registry settings that are documented in the following articles:

 

Edit to remove HTML – Please use the “Text” tab in the post entry box when you copy/paste

Reply | Quote

OK not I’m really confused.

Running Windows 10 Pro ver 1709 and just re-set my Monthy Quality Update delay back to 0 in order to allow the August updates to download then review (Update Group setting is 2)

In addition to the expected August KB’s came KB4090007 – Variant 2 microcode!

Per above, I thought this was contained (replaced by) the new KB4346085 and that these were manual catalog installs.

Anyone else receive these recently or earlier in the month if your system was not set to delay updates?  Should I install, or hold, or manually install KB4346085?

Reply | Quote

OscarCP wrote:

Just a thought: If you are working in Italy at the moment, could it be that MS has to work there complying with different rules and regulations imposed by the EU or the Italian authorities

As far as I know there are no different rules and regulations regarding updates in Italy or the EU. Even though I don’t own a Windows 10 PC, I have used them from time to time, and I’ve never seen any option to disable updates.

Susan Bradley wrote:

Anytime you have any deferral settings in place that message “some settings are handled” is shown. You may have deferral settings that are holding them back.

Where would I find these “deferral settings”?

Reply | Quote

Start, settings, update and security, advanced options, click on view configured update policies is how I see them.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

KBs 4091664, 4091663, 4090007 and 4100347 appeared in SCCM this morning.  We are going to “test” them on a few workstations, but likely not deploy to our nearly 2,000 Win 10 devices.  Our systems are still summarizing these new patches.

Reply | Quote

So: nothing that might concern those of us with Windows 7 has shown up yet?

Or this is, still, all about Windows 10?

Thanks, in advance, for any useful update.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

W7 and W8 are not affected (as of writing), these microcode updates are only for W10

If debian is good enough for NASA...

3 users thanked author for this post.

SueW, Elly, OscarCP

Reply | Quote

that’s right OscarCP. nothing here for Win7 & Win8.1. MS doesn’t seem to “backport” these new microcode updates for Win10 to older Windows versions. also Win10 v1511 users won’t be getting the new microcode updates either since that version is completely out of support.

1 user thanked author for this post.

OscarCP

Reply | Quote

We’ve had 4100347 hanging in Windows Update on multiple machines, mostly HP 250 G6 laptops. Gets stuck at 100% and sits there. A manual install works fine.

Reply | Quote

Here is a problem report for the KB4100347 on Windows 10 1803.
After updating the DPC latency went through the roof while accessing USB flash through external (PCI-USB) card. The mouse is jerky, the sound freezes, etc.
System interrupts takes up to 20% CPU in Task Manager.
LatencyMon shows up to 500 ms DPC execution time for USBPORT.SYS
The MB USB ports are fine.
CPU: i5-2500K, Chipset: Z68

Kinda have no hopes for this to be fixed, cause Microsoft would blame Intel and the opposite.
But does anyone have any ideas of a best place/places to get this reported?

EDIT html to text (from copy>paste) – content may not appear as intended

Reply | Quote

So what is the direction we should be taking on these micocode patches?

Manually install?  Or ignore?

If they come down WU automatically and your system is set to Group Policy 2 (Ask):

Allow installation?  Or hold/hide?

Reply | Quote

OscarCP wrote:

As a point of general interest: If an update of the “software” microcode that happens to be installed at OS booting up time goes bad, does this also mean that one cannot boot up the OS at all? Not even in secure mode? If so, what then? Thanks.

If you have either a System Repair disk or the OEM or Retail Install disk, then you can boot from either and, using known methods, uninstall the offending update.

Reply | Quote

Hi everyone,

Yes, Microsoft can readily implement microcode updates into Win7 and Win8x. For example and for Win7, simply go to your Windows folder and search for “microcode” in Windows Explorer. The search results should show something similar to the following, depending on your CPU flavor and motherboard flavor:

amd64_microsoft-windows-microcodeupdate_31bf3856ad364e35_6.1.7600.16385_none_645de31f9d8e02a3.manifest

On my computer, the above file is dated 07/13/2009.

In other words, the above proves that Microsoft, since 2009, has had the capability of readily implementing CPU microcode updates within Windows 7. It is what it is.

5 users thanked author for this post.

HiFlyer, SueW, walker, columbia2011, OscarCP

Reply | Quote

@GoneToPlaid:  After reading all of these postings, I have a MAJOR headache, since I am totally computer illiterate.    I will just have to wait until I can find a “safe” path to follow.  Not having a lot of sophisticated programs does help, however the postings from you all help more than anything else.   Thank you to everyone!   🙂

1 user thanked author for this post.

HiFlyer

Reply | Quote