News Posts matching #Microcode

Return to Keyword Browsing

Microsoft Releases Microcode Updates Adressing Intel CPU Vulnerabilities under Windows 10

Microsoft today has released several microcode updates for Intel CPUs. The updates are meant to be applied in a case-by-case basis under their Windows 10 operating system, and these updates target several releases of that OS (ranging from version 1507 through version 1903/1909). These address several vulnerability exploits related to side-channel and speculative execution attacks on Intel CPUs.

The updates need to be installed specifically for the Windows OS version you're rocking, and on systems with CPUs affected by the vulnerabilities and covered by this microcode update release. These include Intel's Denverton (Atom C3000 series); Sandy Bridge, Sandy Bridge E and EP (2000 and 3000 series), Valleyview (Atom Z3000 series) and Whiskey Lake U CPUs (8000U series, 5000U series, and 4200U series). These updates must be installed manually by users.

Intel Readying X299 Microcode Update to Enhance "Cascade Lake-X" Overclocking

Intel is readying a microcode update specially for its X299 Express chipset, to enhance the overclocking capabilities of its 10th generation Core i9 XE "Cascade Lake-X" processors. News of the update was put out in an MSI press release that speaks of the company encapsulating the new microcode in BIOS updates for its entire socket LGA2066 motherboard lineup.

"To enhance the overclocking capability for the newly launched Intel Core X-series Processors (Intel Core i9-10980XE, 10940X, 10920X, 10900X), Intel will provide a new microcode update," the statement from MSI reads. Besides "overclocking capability," the new microcode also helps to "maximize the overall performance" of "Cascade Lake-X" processors," says MSI. The company does not describe what specifically these changes are. The microcode update will be released to end-users as BIOS updates by motherboard manufacturers, so be on the lookout for one, if you're using "Cascade Lake-X."

Microsoft Pushes Intel "Haswell" Microcode Update to Harden Against MDS

Microsoft started deploying microcode updates to some of Intel's older Core, Pentium, and Celeron processor generations through Windows Update. The latest Cumulative Update packages chronicled under "KB4497165" apply to machines running Intel's 4th generation Core "Haswell" processors, and low-power Pentium and Celeron chips based on "Apollo Lake," "Gemini Lake," "Valley View," and "Cherry View" microarchitectures.

The microcode update provides firmware-level hardening against four major variants of the MDS class of security vulnerabilities, namely CVE-2019-11091 (MDS Uncacheable Memory), CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling), CVE-2018-12127 (Microarchitectural Load Port Data Sampling), and CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling).

MSI Rolls Out AMD 400-series BIOS Updates with "Zen 2" Microcode

MSI mid-March began quietly rolling out BIOS updates for its socket AM4 motherboards based on AMD 400-series chipset, with a very ominous BIOS change-log entry: "Support new upcoming AMD CPU." At first, we dismissed this for being the company's follow-up to its 6th March announcement of support for some of the newer Athlon processor models, namely the 220GE and 240GE. After updating our MSI B450 Gaming Pro Carbon AC with one of these BIOSes, however, we discovered a very interesting microcode string - AGESA COMBO-AM4 0.0.7.2.

Such a major change in AGESA shouldn't be warranted to add support for two new chips based on existing "Raven Ridge" architecture that both AGESA "Summit Ridge" and AGESA PiR (Pinnacle Ridge) series microcodes should be able to comfortably run. We spoke with sources familiar with AMD microcode, who revealed that this AGESA COMBO-AM4 0.0.7.2 is designed for the upcoming "Zen 2" microarchitecture, and its first socket AM4 implementation, codenamed "Matisse." AMD internal versions of AGESA with Matisse support begin with the version sequence 0.0.7.x., and as we head closer to formal launch of these chips, AMD could release a 1.0.0.0 version of "AGESA COMBO-AM4." For our B450 Gaming Pro Carbon AC, the BIOS version packing this new AGESA is v1.60, and we wager this board should now be able to run Ryzen "Matisse" engineering samples. Now, if we can only get our hands on one.

Intel Gags Customers from Publishing Performance Impact of Microcode Updates

Much of the secret sauce that made Intel processors faster than AMD is going sour, as the cybersecurity community is finding gaping security vulnerabilities by exploiting features such as speculative execution. Intel's microcode updates that mitigate these vulnerabilities impact performance. Intel isn't too happy about public performance numbers put out by its customers, which it fears could blunt the competitive edge of its products. The company has hence updated the license terms governing the microcode update distribution to explicitly forbid its users from publishing comparative "before/after" performance numbers of patched processors.

The updated license for the microcode update has this controversial sentence (pay attention to "v"):
"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results."

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.

Intel 9000 Series CPU Lineup Confirmed in Official Microcode Revision Guidance + Clocks

Following all of the unofficial, tentative tidbits of information following Intel's on-again, off-again 9000 series CPU lineup (which still belongs to the 8th Generation), we now have official confirmation - as is usual, through Intel's documentation. In this instance, the "culprit" is Intel's Microcode Revision Guidance. The Coffee Lake S series featuring 6+2 configurations are now listed with Core i5-9600(K), Core i5-9500(T) and the Core i5-9400, while the Core i3-9100 and Core i3-9000 SKUs are listed with a 4+2 configuration.

Update: Intel's 8th Gen Specification Update now lists clocks and core count for the aforementioned CPUs. Overall, there's an increased 100 or 200 MHz Max Turbo frequency across the board within the same TDP package, and some instances of 100 MHz base frequency increases over Intel's 8000 series CPUs (can't just call them 8th gen anymore now can we?). The 9600K, for example, increases base clocks from the 8600K by 100 MHz (up to 3.7 GHz base), but pole-vaults its predecessor in maximum Turbo (up to 4.5 GHz).

Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures

Intel today released the latest round of CPU micro-code updates for its processors, which expand support for Intel processor microarchitectures ranging all the way back to 1st generation Core "Westmere," and "Lynnfield," and including "Sandy Bridge" and "Ivy Bridge" along the way, at various stages of roll-out (beta, pre-production, and production). This update probably features hardening against "Spectre" variant 4, and perhaps even RSRR (rogue system register read) variant 3A, chronicled in CVE-2018-3640.

Intel Stops Development, Deployment of Spectre Microcode Update for Several CPU Families

Intel on their latest Microcode Revision Guidance Guide has apparently stopped development of mitigations for some of its processor families that still haven't been updated to combat the threat of Spectre. The odyssey for the return to form of security on Intel products has been a steep, and a slow one, as the company has struggled to deploy mitigations for speculative code execution on its processor families that run it. Updates for some families of products, however - such as Penryn, Wolfdale, Bloomfield and Yorkfield, among others - are apparently not going to get an update at all.

Intel Finally Ready With Security Microcode Updates for Broadwell, Haswell

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel's CPUs to the exploits known as Spectre and Meltdown.

While that's good news, Intel's patching odyssey still isn't over, by any means. According to Intel's documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that's two other architectures that still remain vulnerable. Of course, this discussion of who's vulnerable and isn't really can't be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel's patch validation and distribution through manufacturers to end users' systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.

Intel Deploys Microcode Update for Spectre Flaw on Skylake

In another step of our Spectre/Meltdown odyssey, Intel has started deployment of a fixed update for its Skylake processors, which aims to neuter chances of a malicious attacker exploiting the (now) known vulnerabilities. This update, which comes after a botched first update attempt that was causing widespread system reboots and prompted Intel to change its update guidelines, is only for the Skylake platform; other Intel CPUs' updates remain in Beta state, and there's no word on when they might see a final deployment.

The new microcode is being distributed to industry partners, so that they can include it in a new range of firmware updates that will, hopefully, end the instability and vulnerabilities present in current mobile and desktop Skylake implementations. Users of other Intel architectures will still have to wait a while longer before updates for their systems are certified by Intel, distributed to industry partners, and then trickle to end users via firmware updates.

Critical Flaw in HyperThreading Discovered in "Skylake" and "Kaby Lake" CPUs

A critical flaw was discovered in the way Intel implemented its simultaneous multi-threading technology, HyperThreading, on "Skylake" and "Kaby Lake" processors. Being a micro-architecture specific flaw, this could affect all implementations, from low-power mobile chips, to mainstream desktop, high-end desktop, and perhaps even enterprise-segment Xeon processors. At this time, there are no security implications of this flaw.

Intel chronicled this flaw in its micro-architecture errata "SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095," and described it as follows: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active." As an implication, Intel goes on to note that Due to this erratum, the system may experience unpredictable system behavior."
Return to Keyword Browsing