Microsoft Microcode Updates Defend Intel CPUs Against Spectre

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
A

adrian.byszuk

Mar 5, 2018
1
0
10
On Linux microcode update via OS is a standard, well known mechanism used for *many* years.
Most distributions provided microcode updates very quickly (i.e. 1-2 days after Intel release) via standard update channels.
Why this procedure is so complicated on Windows is beyond my understanding. This is simply disappointing.
 
alextheblue

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970

That might be annoying if you are running legacy code that won't work on Win10 AND your system OEM won't release a BIOS update with the new microcode. Realistically though most people (including MANY "buissness"es) are better off running Win10 over WinXP/7/8 if security is your top concern. Use VMs whenever possible for legacy crap so you're not downloading random emails on an old unprotected OS, just because you've got a program that doesn't work.
 
alextheblue

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
You should know, however, that this patch isn't as permanent a solution as patching via BIOS updates.
Click to expand...
What about those with older chips that eventually are patched by Intel, but your motherboard vendor/system builder no longer supports your board (and thus does not release a new BIOS). You might have to make it your permanent solution. They've already said they're going to add more of these patch-at-OS-boot updates.

The fact that this option of distributing microcode is a possibility at all, though, raises a question: If Microsoft had the ability to fully protect all Windows systems all along, why has it only come forward to do so now?

Considering how Intel’s first round of microcode updates for Spectre turned out, it’s actually fortunate that Microsoft didn't distribute them.
Click to expand...
This raises another question: Why would you ask a question that you already know the answer to? Why not write this in the form of a statement? For example: The reason Microsoft has only offered this solution now was because they were leery of Intel's initial microcode updates. Not to mention they actually DO NOT have the ability to protect ALL Windows systems at a microcode level. Intel hasn't even released microcode updates for many architectures yet!

Anyway, they have their reasons for not distributing them through Windows Update to systems en masse. They could do so at any time, if they were so inclined. Maybe some day they will go that route, but it definitely has some risks (as seen by Intel's fustercluck with their first round of highly unstable microcode fixes).
 
T

termathor

Distinguished
Jan 16, 2015
75
1
18,645
Is it me, or it is really strange that MS is offering a patch (presumably something running very early in the boot sequence, just after UEFI), for something which belongs to UEFI ?

Or is it that MS knows already the mobo OEMs don't give a <BIP>, and is offering a plan B to keep WIN10 safe ?
 
gdmaclew

gdmaclew

Distinguished
May 20, 2008
1,527
84
20,240
Tom's fixed the story entitled "Dell Quietly Releases Inspiron 17 5000 Laptops With AMD Ryzen/Vega APUs" so comments could be accepted...,
Then they promptly removed that ability after a few comments were entered.
I have never seen that before.
Dell is obviously handicapping their AMD products and this should be announced publicly - ExtremeTech has already at least one article on this.
What's going on Tom's?
 
D

dave_trimble

Honorable
Jul 3, 2013
33
0
10,530
"You should know, however, that this patch isn't as permanent a solution as patching via BIOS updates."

I have a Haswell-based system (4790K), and wasn't planning to upgrade for some time yet because I still get all the performance I need from my system. But the last BIOS update made available for my system came out in 2014. What am I supposed to do to protect myself? Am I going to have to upgrade to a new MB/CPU now in order to be safe?
 
alextheblue

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
If your vendor doesn't release a BIOS update, MS will likely release a microcode patch for Haswell soon. When they do just install it and keep it in mind that you need to reinstall it (outside of win update) if you reinstall the OS. It's just as permanent as any other software-based solution, you just have to be aware that it's not part of regular Windows Update patches. The preferred solution is UEFI based patches but for older hardware that just may not happen.
 
Wimpers

Wimpers

Distinguished
Feb 26, 2016
21
6
18,515
I have an 4690K CPU, so a 4th generation model with microcode revision C0 according to CPU-Z.

The first link here points to an article that says Intel has released patches for the Haswell series 06C3, 4066, 306F2, 40651 and 306C3 but what does that number mean?
Is it a NB-SB combination?
That would give me 06C2 (Haswell - Z87 south bridge) or is this a wrong assumption?

So this means I'm pretty screwed, right?

And I'm also still running Windows 7 but I guess, if available, I could update the microcode myself with my Linux distro...
 
H

hectordj

Distinguished
Feb 5, 2010
1
0
18,510
Today, I installed this latest microcode update on my Intel Skylake 6700K and Asrock Z270 motherboard. The result was a 20% reduction in performance from my unpatched 6700K CPU, according to the Passmark Performance Test 9. The first meltdown/spectre patch caused a 13.6% reduction in performance, according to the Performance Test. I was able to go back to the previous BIOS version and I will live with the 13.6% hit of the first patch.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom