Intel Patches All Recent Processors, Promises Hardware Fixes For Upcoming 8th Gen CPUs

[Guest]

Intel announced today in a blog post that it has made Spectre and Meltdown patches available for all processors it has launched in the last five years.

Intel Patches All Recent Processors, Promises Hardware Fixes For Upcoming 8th Gen CPUs : Read more

 

[madmatt30]

You've touched on it in the report Paul, but I do have to reiterate - it's a suspiciously well timed release given the very recent cts-labs/amdflaws fiasco !

 

[Blinken]

With all the press hubbub surrounding this, other than hoping MS includes patches covering my CPU, WHERE DO I GET THE PATCHES?
If I have a couple PC's I built, with say a Skylake i7 with ASUS motherboard do I just hope ASUS issues a BIOS update? What about older PC's, a Haswell i7 or even Bloomfield Xeon's, do we just hope no one points malware at these systems?

 

[derekullo]

You've touched on it in the report Paul, but I do have to reiterate - it's a suspiciously well timed release given the very recent cts-labs/amdflaws fiasco !

Good news or bad news, Intel still gets blasted.

They just can't win(tel).

 

[Glock24]

I updated my Haswell and Ivy Bridge Linux boxes yesterday. Microcode updates for Linux were available publicly yesterday.

 

[richardvday]

Intel has done a lot of bad stuff so if they sometimes get the blame where you think they don't deserve it well they only have themselves to blame. There is probably something we don't know about that they DO deserve it for anyway.
Whether its illegal or just unethical is moot.

 

[Giroro]

I have an ASRock Mobo in my Haswell system. It looks like the most recent drivers and BIOS updates are from 2014. I have a feeling I'll never get this patch.

Unless I'm misunderstanding how the fixes are supposed to be distributed. Intel bragging that they made patch isn't very helpful unless these updates are actually made available to users with older systems.

 

[LORD_ORION]

Intel has specifically stated my Ivy Bridge mobo will not receive a bios patch. :\

 

[The Paladin]

yep my ASUS z87 gryphon still has not update out for it.... dates 2014/09/12I emailed ASUS, and got a canned reply to not worry they will provide updates asap...lol I think I will just skip worrying about it.

And from Intel's web site: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

The Asus list doesn't even come close to covering Haswell CPUs lol
https://www.asus.com/News/V5urzYAT6myCC1o2

 

[alextheblue]

"We hope Microsoft expands this technique to a wider range of systems, as it will help speed the delivery process and also assures that older systems could actually receive the patches that Intel has made available."

They've already started to expand availability and you can get the patches from MS. But last I heard they won't be rolling these into Windows Update for a while. Next major release, probably. They're being cautious after the instability fiasco with Intel's initial microcode updates, and I don't blame them.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Bookmark that KB. It states that MS will add microcode for older architectures as they become available (after testing I assume) from Intel.

 

[alan_rave]

Good news)

 

[dabeargrowls]

You don't want the patch! I refused to degrade my processor for this crap. Why bother? you want to decrease performance up to 30%??

 

[Spock_rhp]

So, for all of us who built our on box, it looks like the software updates come from our operating system maker, but must be manually found and applied, and the BIOS update comes from our motherboard maker. Do I read this correctly?

Obviously, Intel has no specific say over when these various product companies make these patches available for each and every model they produced. Consult the product company on those.

 

[onesmartfuture]

Sorry!

 

[onesmartfuture]

"We hope Microsoft expands this technique to a wider range of systems, as it will help speed the delivery process and also assures that older systems could actually receive the patches that Intel has made available."

They've already started to expand availability and you can get the patches from MS. But last I heard they won't be rolling these into Windows Update for a while. Next major release, probably. They're being cautious after the instability fiasco with Intel's initial microcode updates, and I don't blame them.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Bookmark that KB. It states that MS will add microcode for older architectures as they become available (after testing I assume) from Intel.

I have a Skylake - based laptop using the i7 6700HQ CPU from MSI. I already installed the latest BIOS updates from MSI as well as the MS windows updates. I run the InSpectre tool and it says all is good. Do I still need these special MS updates you alluded to earlier?

 

[2Be_or_Not2Be]

With all the press hubbub surrounding this, other than hoping MS includes patches covering my CPU, WHERE DO I GET THE PATCHES?
If I have a couple PC's I built, with say a Skylake i7 with ASUS motherboard do I just hope ASUS issues a BIOS update? What about older PC's, a Haswell i7 or even Bloomfield Xeon's, do we just hope no one points malware at these systems?

The update you need will come from your motherboard mfg who is supposed to take Intel's updates & patch their m/b's BIOS. Sadly, most of the 2nd/3rd-tier m/b mfgs won't devote the resources to updating much older models form which they've already received their profit. But hey, maybe we'll get them for newer models. If not, then they can profit again if you decide to buy a whole new, updated motherboard. (/s)

Microsoft has release one update that mitigates one of the vulnerabilities from the OS level, and maybe we'll get more in the future. At least one mitigating factor is that some of the vulnerabilities require root access; if the attacker has that, you're pretty much been compromised already.

 

[2Be_or_Not2Be]

I have a Skylake - based laptop using the i7 6700HQ CPU from MSI. I already installed the latest BIOS updates from MSI as well as the MS windows updates. I run the InSpectre tool and it says all is good. Do I still need these special MS updates you alluded to earlier?

Meltdown is addressed by software patches, which you've likely already received through Windows Update. The BIOS updates should take care of Spectre variant 2; just make sure you keep on install the BIOS updates as Intel has released updated microcode fixes for it's own "fixes".

Spectre variant 1 is going to be addressed by software fixes; however, this will be ongoing fixes as the full scope of the attack is still being explored. So keep on installing the software patches for it as released by Microsoft et al. These will hopefully become automatically delivered through Windows Update, although Microsoft currently has one as a manual update.

 

[2Be_or_Not2Be]

So, for all of us who built our on box, it looks like the software updates come from our operating system maker, but must be manually found and applied, and the BIOS update comes from our motherboard maker. Do I read this correctly?

Yes and no. Yes, BIOS updates come from m/b mfg, but no, not all software updates are manual ones. Some are being auto-delivered (for Windows through Windows Update, and a number of Linux repositories have fixes). The manual updates MS has made available for some Skylake systems are only available right now as a manual download, but that will likely become auto-delivered as well.

So if you've built your own system (like I have), you need to get the BIOS updates & the software fixes. It's the gift that keeps on giving!