Intel Security Issue Update: Progress Continues on Firmware Updates

Cr00zng · 10 Feb 2018

Kbird said:

It does , I am not sure how effective it is , not going to get into that, but it is fairly easy to check it , especially if you use the attached Batch File (below), I made a few weeks back after seeing another post on this....(and posted here on 10 somewhere) , the Pic is my current Bios and Window's MC , however it does not mean I pass the GRC Flaw test for example on my X99 based 5820k CPU , which I suspect Queries the CPU itself.

KB

On my i5-3350P system, the Windows MC is replacing the BIOS microcode:

Intel Security Issue Update: Progress Continues on Firmware Updates-microcode.jpg

The BIOS version in the Ivy Bridge system is F11 from 2012. The newer F12 version is available, but it is from 2013 and has no microcode update. AFAIK....

On the other hand, in the i5-8400 system the BIOS microcode is not replaced by Windows MC:

Intel Security Issue Update: Progress Continues on Firmware Updates-i5-8400-mc.jpg

Both systems have the exact same mcupdate*.dll files, including the dates. The chances are that Microsoft rolled back the microcode update at the end of January, that had been released at the beginning of January, but will not override newer version of the microcode.

The BIOS version in the i5-8400 is 0606, dated as:

Intel Security Issue Update: Progress Continues on Firmware Updates-z370-.jpg

The 0607 version is available as of 02.02.18, but it does not include microcode updates.

The HWiNFO64 is nice, it does detect the BIOS (rather EUFI) version correctly, but the date is incorrect:

Intel Security Issue Update: Progress Continues on Firmware Updates-i5-8400-hwinfo.jpg

Cr00zng · 10 Feb 2018

Kbird said:

It does , I am not sure how effective it is , not going to get into that, but it is fairly easy to check it , especially if you use the attached Batch File (below), I made a few weeks back after seeing another post on this....(and posted here on 10 somewhere) , the Pic is my current Bios and Window's MC , however it does not mean I pass the GRC Flaw test for example on my X99 based 5820k CPU , which I suspect Queries the CPU itself.

KB

Thanks for MC.bat file...

EdTittel · 10 Feb 2018

Happy to see my old trusty Lenovo units, T520 and X220 Tablet, show up recently on the company's list of platforms for which microcode patches are planned. For those who also own Lenovo devices, here's the link to their list of planned patches, still forthcoming: Reading Privileged Memory with a Side Channel. Still no word from Asrock, though.
HTH,
--Ed--

zooburner · 10 Feb 2018

Is the 'Intel SA-00086' bug the same as meltdown. I ran the checker from Intel and it says my processor is not vulnerable.
But when i run InSpectre (from GRC) it says I am not meltdown protected. ?

Are they completely different vulnerabilities ?

Cliff S · 10 Feb 2018

zooburner said:

Is the 'Intel SA-00086' bug the same as meltdown. I ran the checker from Intel and it says my processor is not vulnerable.
But when i run InSpectre (from GRC) it says I am not meltdown protected. ?

Are they completely different vulnerabilities ?

Nope, different, little bit older, animal:

Description:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 6.x/7.x/8.x/9.x/10.x//11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Intel Product Security Center

johngalt · 10 Feb 2018

Glad to see Intel actually planning on supporting legacy CPUs - my Bloomfield is on there, as well as my previous process, Core 2 Quad 6600....

Hopefully they will actually get patches. As well as betting BIOS source code out to vendors for legacy board series, like x58, x79, etc.

Cliff S · 10 Feb 2018

johngalt said:

Glad to see Intel actually planning on supporting legacy CPUs - my Bloomfield is on there, as well as my previous process, Core 2 Quad 6600....

Hopefully they will actually get patches. As well as betting BIOS source code out to vendors for legacy board series, like x58, x79, etc.

Intel yes, vendors... on hardware older than 2 years though?
That's a good one, sorry John, I had to let that one out though....

johngalt · 10 Feb 2018

eVGA has already stated (and I've posted the link here from eVGA tech LeeM) that they will update older BIOSs for machines they can now, and are awaiting source code from Intel for others (including my X58 line) before updating them.

AMDMan2016 · 10 Feb 2018

Waiting patiently for my bios updates for my G11CD-K system and my HP Omen 15-ce019dx laptop then I can relax as those 2 will be hopefully all fine lol, other household machines that are older just gonna keep Avast on and updated, and all other software updated probably best I can do, as doubt the older ones will get a bios or microcode update

Cliff S · 10 Feb 2018

johngalt said:

eVGA has already stated (and I've posted the link here from eVGA tech LeeM) that they will update older BIOSs for machines they can now, and are awaiting source code from Intel for others (including my X58 line) before updating them.

Great to hear, there are vendors that stand behind the older hardware.
But I doubt ASUS will update my X54C laptop

(Sandy Bridge B960 chip)