• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Pushes Intel "Haswell" Microcode Update to Harden Against MDS

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,283 (7.69/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Microsoft started deploying microcode updates to some of Intel's older Core, Pentium, and Celeron processor generations through Windows Update. The latest Cumulative Update packages chronicled under "KB4497165" apply to machines running Intel's 4th generation Core "Haswell" processors, and low-power Pentium and Celeron chips based on "Apollo Lake," "Gemini Lake," "Valley View," and "Cherry View" microarchitectures.

The microcode update provides firmware-level hardening against four major variants of the MDS class of security vulnerabilities, namely CVE-2019-11091 (MDS Uncacheable Memory), CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling), CVE-2018-12127 (Microarchitectural Load Port Data Sampling), and CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling).



View at TechPowerUp Main Site
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,776 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Quick and dirty if interested

Code:
Install-Module SpeculationControl

Code:
Get-SpeculationControlSettings
 
Joined
Aug 17, 2017
Messages
274 (0.11/day)
well, gotta hand it to them for doing this, those procs are old and surprised they even bothered. Kudos to them for doing.
 
Joined
Jun 28, 2016
Messages
3,595 (1.27/day)
well, gotta hand it to them for doing this, those procs are old and surprised they even bothered. Kudos to them for doing.
Haswell Xeons and Gemini/Apollo Lake are still ubiquitous in enterprise devices - with really no reason to replace unless they die.
Intel will keep supporting them for a long time.
 
Joined
Aug 17, 2017
Messages
274 (0.11/day)
Haswell Xeons and Gemini/Apollo Lake are still ubiquitous in enterprise devices - with really no reason to replace unless they die.
Intel will keep supporting them for a long time.
Then even More reason they should be commended. Kudos to them for doing good work!
 
Joined
Apr 19, 2018
Messages
960 (0.44/day)
Processor AMD Ryzen 9 5950X
Motherboard Asus ROG Crosshair VIII Hero WiFi
Cooling Arctic Liquid Freezer II 420
Memory 32Gb G-Skill Trident Z Neo @3806MHz C14
Video Card(s) MSI GeForce RTX2070
Storage Seagate FireCuda 530 1TB
Display(s) Samsung G9 49" Curved Ultrawide
Case Cooler Master Cosmos
Audio Device(s) O2 USB Headphone AMP
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Cherry MX
Software Windows 11
So how much performance is this going to cost?
 

Polo6RGTI_

New Member
Joined
May 6, 2018
Messages
5 (0.00/day)
134381
 
Joined
Jun 28, 2016
Messages
3,595 (1.27/day)
So how much performance is this going to cost?
Very little. It's a simple and quick fix. Nowhere near what the Spectre tragedy did to modern CPUs.

It became a hot topic since Meltdown, so suddenly you care. But dozens of similar fixes came earlier and you'd have to read every update description to even notice.
Then even More reason they should be commended. Kudos to them for doing good work!
They sell enterprise products, so they have to support them. That's how you get sales in this segment - not with benchmarks, but with cooperation. It's even more important for Intel now that they're slightly under the oomph curve :)
 
Joined
Oct 19, 2018
Messages
30 (0.02/day)
Processor Intel i7-8700k @ 5.0GHz
Motherboard Gigabyte Z390 Aurous Pro
Cooling Corsair H115i Pro
Memory G.SKILL TridentZ Series 32GB DDR4 3200
Video Card(s) EVGA RTX 2080 SUPER XC Ultra
Storage Samsung 870 EVO+ 500GB NVMe and Samsung 850 EVO 1TB SSD
Display(s) ASUS ROG PG279Q 27" IPS QHD w/ G-Sync @ 144hz
Case Cooler Master H500M
Audio Device(s) Corsair VOID PRO
Power Supply Corsair 1000w Gold Rated
Mouse Logitech G700
Software Win10 1909
I agree that this is a very proactive way to help secure computers. I know that the public sector will jump on this patch, hopefully with a little bit of testing first. Doubt it will cause any issues but you need to always test before pushing to a full set of enterprise machines
 
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
Then even More reason they should be commended. Kudos to them for doing good work!
Wrong.

First we don't know the contracts Intel has for supporting Haswell Xeon. It could have the obligation to support those CPUs for 5-10 years, don't know.

Second. Intel is not doing this because it wants to, but because it needs to. If Intel was offering the best server CPUs in the market TODAY, they could come out and say "Sorry, those Xeon are way old and their warranty expired. Please buy new Xeons". But it doesn't. ALL those customers if they had to choose TODAY, what server CPUs to buy to replace those old Xeons, ALL would have gone for the new EPYC CPUS. Much faster, much cheaper and NO or very few security problems. Intel knows this, so it tries to convince those customers to keep those old Xeons a little longer, as much as needed to keep it's market share and also have more time to prepare, if possible, those 10nm Xeons for next year.
 
Joined
Jun 28, 2016
Messages
3,595 (1.27/day)
The comment was OK here, but it got weird later...
First we don't know the contracts Intel has for supporting Haswell Xeon. It could have the obligation to support those CPUs for 5-10 years, don't know.
Contract with whom?
This kind of long-time support contracts could happen in military or HPC clusters. But it doesn't mean the fix would go public.

Intel supports their CPUs for a long time, because that's how they make their business. It's nothing new. They did the same few years ago when AMD wasn't doing anything worth a forum comment.
Second. Intel is not doing this because it wants to, but because it needs to. If Intel was offering the best server CPUs in the market TODAY, they could come out and say "Sorry, those Xeon are way old and their warranty expired. Please buy new Xeons". But it doesn't. ALL those customers if they had to choose TODAY, what server CPUs to buy to replace those old Xeons, ALL would have gone for the new EPYC CPUS. Much faster, much cheaper and NO or very few security problems.
This fix is for low power SoCs and for old Xeons. Performance? WTF?
Xeons would have to be from 2013-2014, so it's very unlikely they'd still serve in first tier, production systems. More like testing, file servers, fun projects...

Market share of AMD in servers was 4-5% in 2019Q3, so that's how many clients choose EPYC. That's clearly not "ALL".

And saying that AMD has "no or very few security problems" is not even fantasy. It's just obviously wrong.
The only thing one can say is that less vulnerabilities are found compared to Intel.
 
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
And saying that AMD has "no or very few security problems" is not even fantasy. It's just obviously wrong.
The only thing one can say is that less vulnerabilities are found compared to Intel.
About this one. I don't see news about serious AMD vulnerabilities and AMD/Microsoft rushing to publish fixes. Do you?
Now, every processor is vulnerable to attacks where, for example, the attacker works at the company, is in fact the IT manager and has all the keys to the systems. Maybe you mean something like that?
 

jgraham11

New Member
Joined
Oct 16, 2019
Messages
11 (0.01/day)
Wrong.

First we don't know the contracts Intel has for supporting Haswell Xeon. It could have the obligation to support those CPUs for 5-10 years, don't know.

Second. Intel is not doing this because it wants to, but because it needs to. If Intel was offering the best server CPUs in the market TODAY, they could come out and say "Sorry, those Xeon are way old and their warranty expired. Please buy new Xeons". But it doesn't. ALL those customers if they had to choose TODAY, what server CPUs to buy to replace those old Xeons, ALL would have gone for the new EPYC CPUS. Much faster, much cheaper and NO or very few security problems. Intel knows this, so it tries to convince those customers to keep those old Xeons a little longer, as much as needed to keep it's market share and also have more time to prepare, if possible, those 10nm Xeons for next year.

Not mention that they released all these products for so many years with so many high security risk bugs... I guess we're supposed to be thankful that Intel is fixing their broken products. Its about time Intel cared about security!
 
Joined
Oct 3, 2019
Messages
246 (0.15/day)
System Name Ryzen 1
Processor Ryzen 5800X
Motherboard MSI B550 Gaming Plus
Cooling Scythe Fuma 2
Memory 32GB Patriot Viper 3600 CL16
Video Card(s) AMD RX 7800 XT 16GB
Storage SSD's
Display(s) HP X32 32" 1440p 165Hz
Case Phanteks P400A
Power Supply Superflower Leadex III 750w
Joined
Jan 30, 2018
Messages
215 (0.10/day)
System Name Dreamstation2
Processor Ryzen 7 3700X
Motherboard MSI X470 Gaming Plus
Cooling Hyper 212 Black Edition
Memory Kingston HyperX 32GB DDR4 3200 CL16
Video Card(s) Aorus 2080 Ti Turbo (sounds like a vaccum cleaner at full load)
Storage 2 x 1TB M.2 NVME + 1TB 2.5" SSD
Display(s) Samsung Odyssey G7 32" 4k
Case NZXT H500i
Audio Device(s) Asus Xonar U3 / Audio-Technica ATH-M50x / Edifier R1855DB
Power Supply Corsair TX650M
Mouse Corsair Scimitar Pro RGB
Keyboard Cooler Master Masterkeys Lite L
5.5 years old isn’t *that* old.... sheesh. They were only discontinued 2 years ago.
Yep, I'm 100% with you.
Expected server life is what, 10+ years right? It's not a smartphone that you throw away after 2 years because it's too old / unsupported by vendor / battery died.
 
Joined
Oct 19, 2018
Messages
30 (0.02/day)
Processor Intel i7-8700k @ 5.0GHz
Motherboard Gigabyte Z390 Aurous Pro
Cooling Corsair H115i Pro
Memory G.SKILL TridentZ Series 32GB DDR4 3200
Video Card(s) EVGA RTX 2080 SUPER XC Ultra
Storage Samsung 870 EVO+ 500GB NVMe and Samsung 850 EVO 1TB SSD
Display(s) ASUS ROG PG279Q 27" IPS QHD w/ G-Sync @ 144hz
Case Cooler Master H500M
Audio Device(s) Corsair VOID PRO
Power Supply Corsair 1000w Gold Rated
Mouse Logitech G700
Software Win10 1909
Yep, I'm 100% with you.
Expected server life is what, 10+ years right? It's not a smartphone that you throw away after 2 years because it's too old / unsupported by vendor / battery died.

I fully agree 5 years is not old but when it comes to 10 years, I would say that most enterprise scenarios typically perform some sort of server refresh around 4-5 years. Could they last 10 years, probably but depending what is running on these 10 year old servers/CPU, things like Virtualization may not work to it's full potential. As new technology comes out, the software can be designed to work more efficiently with new CPUs as the code can be tailored to specific processors
 
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
A simple google search and you read titles, in 2019, that say "43% of businesses are still running Windows 7" and "It's 2019, and one third of businesses still have active Windows XP deployments"
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Very little. It's a simple and quick fix. Nowhere near what the Spectre tragedy did to modern CPUs.

Uh... no. IIRC, Benchmarks have been pegging it at around 2-10%. It's not "very little" by any stretch. Media access is hit the worst I think.

Don't quote those exact numbers but "very little" is not being completely honest.

Likewise, I'd not advise people to avoid this fix either. Even if it was 15-20% on a complete average I'd advise home users to apply it. Fortunately it's way less. But it's not nothing.

As for enterprise? There is no choice, apply it. Even if it was a 80%+ hit I would say the same there.

This website keeps track of known security vulnerabilites within any vendor... https://www.cvedetails.com/vendor-search.php

Intel: 247
AMD: 16

Biggest elephant gets poked the most. Even if their chips had less overall vulnerabilities, you would never know it. It's a huge case of sample bias.


Yep, I'm 100% with you.
Expected server life is what, 10+ years right? It's not a smartphone that you throw away after 2 years because it's too old / unsupported by vendor / battery died.

Yeah, and honestly the smartphone ideology sucks too

ALL would have gone for the new EPYC CPUS.

All? Jesus man, can I get a "yeah right" here?

Corperations are inherently conservative. HALF is the most I could see migrating, and that's probably giving AMDs market penatration way too much credit. Not saying that wouldn't be smart... but the people who approve these purchases simply don't understand, and don't care or want to learn either.
 
Last edited:
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
All? Jesus man, can I get a "yeah right" here?

Corperations are inherently conservative. HALF is the most I could see migrating, and that's probably giving AMDs market penatration way too much credit. Not saying that wouldn't be smart... but the people who approve these purchases simply don't understand, and don't care or want to learn either.
This period of time, security, price and performance are on AMD's side. So with maybe superficial criteria, everyone would have the EPYC as the standard option. But in corporations the parameters are probably too many and unknown to me, so let's change that to "enough to make Intel feel (very) uncomfortable".
 
Top