Wednesday, February 28th 2018

Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel's CPUs to the exploits known as Spectre and Meltdown.

While that's good news, Intel's patching odyssey still isn't over, by any means. According to Intel's documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that's two other architectures that still remain vulnerable. Of course, this discussion of who's vulnerable and isn't really can't be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel's patch validation and distribution through manufacturers to end users' systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.
Source: Intel Microcode Update Guidance
Add your own comment

29 Comments on Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

lexluthermiester said:
There are several requirements that have to be met in order for an exploit to work. Either direct physical access to subject system, or direct remote access. Trojan's will work but have to be constructed and configured very carefully. And that is just for starters. While these things are possible, they are very improbable. If someone is using a good computing ethic and methodology the chances are minimal at best of a directed attack succeeding.
I'm assuming a compromised system ("malware-laden" if you will) true so it probably isn't much to worry about for the average TPU user.
Posted on Reply
phanbuey said:
I'm more talking about my motherboard maker than the actual microde update... last time i updated a bios for x299 from MSI all of my system fan headers stopped being able to control PWM fans.

Bios updates in general for me have become "do it only if broken, or if there is extra performance". I like to give them like 2-3 revisions before i update.
I understand you, had that kind of experience with ASRock. I have more of a problem with vague release notes...or the absense of them.
Posted on Reply
Big Member
Didn't AMD fix this with a BIOs update?
Posted on Reply
I haven't checked the AGESA release notes if Spectre was addressed.
Posted on Reply