Wednesday, February 28th 2018

Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel's CPUs to the exploits known as Spectre and Meltdown.

While that's good news, Intel's patching odyssey still isn't over, by any means. According to Intel's documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that's two other architectures that still remain vulnerable. Of course, this discussion of who's vulnerable and isn't really can't be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel's patch validation and distribution through manufacturers to end users' systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.
Source: Intel Microcode Update Guidance
Add your own comment

35 Comments on Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

#1
R-T-B
lexluthermiester said:
There are several requirements that have to be met in order for an exploit to work. Either direct physical access to subject system, or direct remote access. Trojan's will work but have to be constructed and configured very carefully. And that is just for starters. While these things are possible, they are very improbable. If someone is using a good computing ethic and methodology the chances are minimal at best of a directed attack succeeding.
I'm assuming a compromised system ("malware-laden" if you will) true so it probably isn't much to worry about for the average TPU user.
Posted on Reply
#2
_JP_
phanbuey said:
I'm more talking about my motherboard maker than the actual microde update... last time i updated a bios for x299 from MSI all of my system fan headers stopped being able to control PWM fans.

Bios updates in general for me have become "do it only if broken, or if there is extra performance". I like to give them like 2-3 revisions before i update.
I understand you, had that kind of experience with ASRock. I have more of a problem with vague release notes...or the absense of them.
Posted on Reply
#3
TheMailMan78
Big Member
Didn't AMD fix this with a BIOs update?
Posted on Reply
#4
_JP_
I haven't checked the AGESA 1.1.0.1 release notes if Spectre was addressed.
Posted on Reply
#5
som
¿Qué pasa "Flanagan"...?. ¿Por qué no me admites mis opiniones...?. ¿No te gustan...?:
¡QUE NO SIRVE LA ACTUALIZACIÓN DE INTEL NADA MÁS QUE PARA "FASTIDIAR" EL PC. pierde 10% de recursos y se nota al entrar en el escritorio, en la pantalla de bienvenida.
NO ACTUALIZAR Update Haswell CPU Microcode to revision 24 and Broadwell CPU Microcode to revision 1D. Negativo. "CHAPUZAS" de INTEL.
Posted on Reply
#6
Vlada011
Can someone explain me how to avoid patches.
I finally fix audio problems with Win10_x64_1709.
Installed only Chipset drivers before Security Bug is exposed. Now I want to know what to do to avoid auto updates of Security patches.
Maybe someone to write name of Windows Update who is connected with that.
Posted on Reply
#7
Upgrayedd
Vlada011 said:
Can someone explain me how to avoid patches.
I finally fix audio problems with Win10_x64_1709.
Installed only Chipset drivers before Security Bug is exposed. Now I want to know what to do to avoid auto updates of Security patches.
Maybe someone to write name of Windows Update who is connected with that.
I could be really wrong here... I think only the Pro version of Win10 lets you stop all updates. For regular windows though I think you just uninstall them after they install themselves and just flag it to not install again.. pretty sure that's what I did, it has been a while, someone will explain this better no doubt.
Posted on Reply
#8
windwhirl
som said:
¿Qué pasa "Flanagan"...?. ¿Por qué no me admites mis opiniones...?. ¿No te gustan...?:
¡QUE NO SIRVE LA ACTUALIZACIÓN DE INTEL NADA MÁS QUE PARA "FASTIDIAR" EL PC. pierde 10% de recursos y se nota al entrar en el escritorio, en la pantalla de bienvenida.
NO ACTUALIZAR Update Haswell CPU Microcode to revision 24 and Broadwell CPU Microcode to revision 1D. Negativo. "CHAPUZAS" de INTEL.
Reviviste un thread que no tenía actividad desde hace más de un mes... y por cierto, seguro que este era el thread correcto? O incluso el foro correcto...? Casi nadie habla español por aquí...

Vlada011 said:
Can someone explain me how to avoid patches.
I finally fix audio problems with Win10_x64_1709.
Installed only Chipset drivers before Security Bug is exposed. Now I want to know what to do to avoid auto updates of Security patches.
Maybe someone to write name of Windows Update who is connected with that.
To avoid Windows 10 security updates, you'd have to disconnect the system from the Internet, permanently. Windows 10 updates are cumulative and all in one, meaning you get security patches, bug-fixing patches and everything else in only one update, and everything gets installed.

Upgrayedd said:
I could be really wrong here... I think only the Pro version of Win10 lets you stop all updates. For regular windows though I think you just uninstall them after they install themselves and just flag it to not install again.. pretty sure that's what I did, it has been a while, someone will explain this better no doubt.
Windows 7 allows you to do that, flagging updates so that they don't get installed. Windows 10 Home just installs everything, the Pro version allows you to choose the Business Branch (now they call it the Semi-Annual Channel), which avoids getting the big feature upgrades (for example, from the Creators Update to the Fall Creators Update), for at least 4 months. Also, the Pro edition can pause updates for up to 35 days.

However, being that the Meltdown/Spectre patch is considered a security update, even if it is also a microcode update, it may be impossible to avoid it without stopping all other updates.
Posted on Reply
#9
rtwjunkie
PC Gaming Enthusiast
Upgrayedd said:
I could be really wrong here... I think only the Pro version of Win10 lets you stop all updates. For regular windows though I think you just uninstall them after they install themselves and just flag it to not install again.. pretty sure that's what I did, it has been a while, someone will explain this better no doubt.
windwhirl said:
Reviviste un thread que no tenía actividad desde hace más de un mes... y por cierto, seguro que este era el thread correcto? O incluso el foro correcto...? Casi nadie habla español por aquí...



To avoid Windows 10 security updates, you'd have to disconnect the system from the Internet, permanently. Windows 10 updates are cumulative and all in one, meaning you get security patches, bug-fixing patches and everything else in only one update, and everything gets installed.



Windows 7 allows you to do that, flagging updates so that they don't get installed. Windows 10 Home just installs everything, the Pro version allows you to choose the Business Branch (now they call it the Semi-Annual Channel), which avoids getting the big feature upgrades (for example, from the Creators Update to the Fall Creators Update), for at least 4 months. Also, the Pro edition can pause updates for up to 35 days.

However, being that the Meltdown/Spectre patch is considered a security update, even if it is also a microcode update, it may be impossible to avoid it without stopping all other updates.
The Windows Update Mini-Tool (see @Mussels signature for link) allows you to selectively install and/or hide certain updates.

As to delaying the major new versions (although not forever) then you need W10 pro.
Posted on Reply
#10
lexluthermiester
windwhirl said:
you'd have to disconnect the system from the Internet
Incorrect. You need only disable the "BITS" service and the windows update services in the computer management control panel. When/if you wish to update again, re-enable them both and let it update. When finished, disable them again. This method allows the user to completely control when/if updates happen.
Posted on Reply