Spectre/Meltdown help- How do I update microcode ?

[jetman]

Hi- I have been trying to understand how to protect my PC from the Spectre and Meltdown vulnerabilites. I run Windows 10 and have updated the BIOS (dated march 2018) from the manufacturers website. I have run a tool available from GRC.com called 'Inspectre' which indicates that I am supposedly protected against both attacks but that there is a 'microcode update available'. A bit of Googling suggests that this is something available from Intel but isn't automatically part of Windows updates. Any ideas on how to update this safely ? My PC is from 2012 so pretty old- and there is not much straightforward help on the manufacturer website. It took ages just to find whiere the Bios update was.

Thanks.

 

[ForgottenSeer 58943]

Microcodes are pushed manually at great peril.

I'd wait for manufacturer updates that will push the microcode during bios updates. If they don't arrive, the recommended course of action is to try to use mitigation's, or replace hardware.

 

[ForgottenSeer 72227]

The microcode from hardware vendors sometimes can be hit and miss depending on the vendor and age of the product. Microsoft has been releasing updates to help fill the gaps. I believe many of them are suppose to be available through Windows Update, but there is a update you can download yourself and see if it updates it for you.

The updates are located here: Summary Of Intel Microcode Updates

Select the KB number associated with your version of Windows 10 , scroll down to the bottom where it says "How to obtain and install the update", it will bring you to the Microsoft Update Catalog and then just select version for your system (x86 or x64). After the download is done double click and install the update and restart your computer, then re-run In Spectre from GRC.

 

[DeepWeb]

Need more info. AMD or Intel CPU? What CPU model? What OEM? What Windows 10 build? You said you already ran InSpectre and it's protected. Then you should be good to go.
Think of microcode and drivers like car parts. You want the one originally designed for your hardware unless there is a critical security update or flaw. If it ain't broke don't fix it. That being said here is the latest Intel microcode update for Windows 10 April Update (1803) for Intel 6th-8th generation CPUs: https://support.microsoft.com/en-us/help/4346084/kb4346084-intel-microcode-updates

Older generations will get their microcode update over the next weeks or months. Usually the microcode comes bundled in your manufacturer's BIOS update. You said the latest update was from March 2018 then it's 99% likely that it's up to date.

 

[SumTingWong]

Microsoft or your hardware manufacturer. You can mod your BIOS to inject the patch microcode, but that it is too risky for non experience user because this method can brick your system.

 

[jetman]

Thanks for your replies everyone.

To answer the question from DeepWeb, it is an Intel i5-3230M processor running Windows 10 Pro 1803.

 

[SumTingWong]

Thanks for your replies everyone.

To answer the question from DeepWeb, it is an Intel i5-3230M processor running Windows 10 Pro 1803.

As far as I know, Intel dropped Spectre support for Ivy Bridge CPUs.

 

[oldschool]

Agreed about older processors. My i3 will never be updated for Spectre! You can double check by searching your version + microcode, etc.

 

[DeepWeb]

Thanks for your replies everyone.

To answer the question from DeepWeb, it is an Intel i5-3230M processor running Windows 10 Pro 1803.

@oldschool and @SumTingWong are incorrect. The microcode has been updated for those CPUs as well. Intel has said they wouldn't but they did it anyway.

https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Check the site I linked above. The list of CPUs supported is growing. Once you and me see our CPU models there we can download the updated KB# file. Right now, Microsoft is testing if the microcode is stable before they release it. They test the latest Intel CPUs first and then work their way backwards. So by the end of next week or so 5th and 4th gen CPUs will have the microcode update and then the rest soon hopefully.

 

[jetman]

Thanks Deepweb- one final question. Will the Microsoft KB be automatically downloaded as part of the Windows update process or will it need to be downloaded manually ? Is it an essential update to get or might it brick my laptop and therefore not worth the risk of a manual download ?

 

[DeepWeb]

Thanks Deepweb- one final question. Will the Microsoft KB be automatically downloaded as part of the Windows update process or will it need to be downloaded manually ? Is it an essential update to get or might it brick my laptop and therefore not worth the risk of a manual download ?

Yes, if you are on the latest version of Windows 10. You are on the latest version of Windows 10 (1803) so once there is microcode for your CPU, Windows should update it automatically. The Windows update won't brick your laptop. If it did, it would brick millions of other laptops and Microsoft and Intel would be in a lot of trouble. That's why they are testing the code right now with Intel and OEMs to see if every computer is on the same board. It should be safe and fine to update.

 

[oldschool]

Yes, if you are on the latest version of Windows 10. You are on the latest version of Windows 10 (1803) so once there is microcode for your CPU, Windows should update it automatically. The Windows update won't brick your laptop. If it did, it would brick millions of other laptops and Microsoft and Intel would be in a lot of trouble. That's why they are testing the code right now with Intel and OEMs to see if every computer is on the same board. It should be safe and fine to update.

Thanks so much @DeepWeb for that info. That makes it easy so I'll check it out. Not that I would ever encounter Spectre… but hey why not check now and then for the update?

 

[oldschool]

i3 380M Arrandale - no luck so far. We'll see...…:emoji_fingers_crossed: but I still have doubts.

 

[DeepWeb]

Thanks so much @DeepWeb for that info. That makes it easy so I'll check it out. Not that I would ever encounter Spectre… but hey why not?

I doubt we ever will see someone use a Spectre exploit in the real world. Makes you wonder if it was really worth nerfing so many CPUs.

You can see if there is a microcode patch for your CPU model here:
https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf