New
#730
Yes. All Spectre variant 3a and 4 mitigation requires the July MCU. The July MCUs are not in any of the Cumulatives, nor are they in the standalone for supported versions of W10.
The current standalone Microsoft MCU are sufficient for Spectre variant 2 mitigation. They do not cover ALL the vulnerable hardware that has a MCU available from Intel. Seek support from your OEM.
There are new BIOS available for my board. Basically they have been issuing one a month for last four months. Always makes me leery when I see this type of activity. Asus BIOS's have CPU Microcode updates in March and June.
Thanks
It is the July MicroCode Update, if you have to ask what it is, you do not need to find it!
Basically, it contains the raw code updates per CPU to your system BIOS/UEFI best integrated by your OEM, although it is possible in some circumstances using command line tools to edit some images and flash them yourself.
Can anyone confirm that if they did not have KB4100347 before today's update that it has been installed alongside today's cumulative build 17134.191?
KB4100347 Intel microcode updates for Windows 10 v1803 - July 24 - Windows 10 Forums
There is a new speculative execution side-channel vulnerability that comes in 3 varieties. Fortunately, a new CPU microcode update is not needed. But for people using virtual machines in a could environment, additional steps might need to be taken.
On August 14, 2018, Intel and industry partners shared more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF).
L1TF is a speculative execution side channel cache timing vulnerability. In this regard, it is similar to previously reported variants. There are three varieties of L1TF that have been identified. Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.
The microcode updates released earlier this year when coupled with operating system and hypervisor software available from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need. Intel recommends people keep their systems up to date to protect against the evolving threat landscape.
Intel Side Channel Vulnerability L1TF
Q3 2018 Intel Speculative Execution Side Channel Update
...but an OS patch is, and has already been included in the latest cumulative update.
Cumulative Update KB4343909 Windows 10 v1803 Build 17134.228 - Aug. 14Key changes include:
- Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
The rather worrying gap that is developing is the ability to check that these patches are applied.
InSpectre was a ready reckoner but hasn't been updated to check for variant 3a & 4 plus the NG threats (of which I believe we've seen 5 of 8 initially hinted at but not disclosed)
Lazy FP, BCBS and these three variants of L1TF (ForeShadow)
Also, RSB and NetSpectre have been disclosed in addition to the NG threats.
I'm afraid I'm not as up to date with the AMD situation but I don't have AMD CPUs.
The Powershell script has been updated to 1.0.9, advice on install is here but it's not for the novice and certainly not one-click
https://support.microsoft.com/en-us/...erabilities-in