Intel Security Issue Update: Progress Continues on Firmware Updates

Page 1 of 6 123 ... LastLast
    Intel Security Issue Update: Progress Continues on Firmware Updates

    Intel Security Issue Update: Progress Continues on Firmware Updates


    Posted: 08 Feb 2018

    Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.

    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

    This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.

    Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.

    Navin Shenoy
    Executive vice president and general manager of the Data Center Group at Intel Corporation


    Source: https://newsroom.intel.com/news/secu...mware-updates/
    Brink's Avatar Posted By: Brink
    08 Feb 2018


  1. Posts : 4,224
    Windows 10
       #1

    Thanks for staying on top of this, Brink. It's always interesting to watch how long things take to percolate through the OEMs and the motherboard makers. We may see another round of firmware update next month, I'm guessing. MS just came out with firmware updates on 2/6 to "undo" the first hurry-up round that came out earlier in January. I shared my recent fix experiences in a recent blog post: Timely Firmware Update Rescues Surface Pro 3 - Windows Enterprise Desktop. Thanks again,
    --Ed--
      My Computers


  2. Posts : 349
    Windows 10
       #2

    Has Microsoft said anything about eventually pushing out the CPU microcode update through Windows Update?
      My Computer


  3. Posts : 27,166
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #3

    Intel Newsroom:

    Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.


    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

    This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.

    Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.
    https://newsroom.intel.com/news/secu...mware-updates/

    warning   Warning
    Before you do update your BIOS/UEFI, make sure you keep a copy of the one you have now, and make a system image, in case something goes south, or the BIOS update causes problems(like the unwanted reboots caused on some machines after the last microcode update), then you can revert back to the old one.
      My Computers


  4. Posts : 2,324
    Win10
       #4

    Cliff S said:
    Intel Newsroom:

    https://newsroom.intel.com/news/secu...mware-updates/

    warning   Warning
    Before you do update your BIOS/UEFI, make sure you keep a copy of the one you have now, and make a system image, in case something goes south, or the BIOS update causes problems(like the unwanted reboots caused on some machines after the last microcode update), then you can revert back to the old one.
    Intel have Issued a new CPU MicroCode Guidance PDF Sheet yesterday . Found on this page 1/2 way down or the PDF is Below too....

    https://newsroom.intel.com/press-kit...ntel-products/

    microcode-update-guidance_02_09_18.pdf
      My Computers


  5. Posts : 7,724
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       #5

    Hi,
    I sure wouldn't want MS pushing out a bios update
    Flashing bios is risky enough and personally I do not want an update attempting to flash my bios
    The update system is bad enough as it is start bricking mother boards and that will kiss the baby as far as 10 goes.
      My Computers


  6. Posts : 1,560
    Windows 10 Home 20H2 64-bit
       #6

    More "bla bla bla" from Intel. Looking forward to these microcodes failing aswell... I'm definitely not holding my breath, nor will I BIOS-rush any of my computers until the consensus is out. Fool me once, fool me twice and all that... You can try and eat me too, I'm quite salty.
      My Computer


  7. Posts : 750
    Windows 10 Pro 64-bits
       #7

    ThrashZone said:
    Hi,
    I sure wouldn't want MS pushing out a bios update
    Flashing bios is risky enough and personally I do not want an update attempting to flash my bios
    The update system is bad enough as it is start bricking mother boards and that will kiss the baby as far as 10 goes.
    I don't believe that Microsoft will ever get to the point of pushing out BIOS/EUFI updates. Nor do they need to...

    As far as I know...

    Windows has the ability to warm patch microcode on boot using the mcupdate_GenuineIntel.dll and mcupdate_AuthenticAMD.dll drivers (located at C:\Windows\System32) on boot, for Intel and AMD cpu's respectively. On my system the current versions are:

    Intel Security Issue Update: Progress Continues on Firmware Updates-mcupdate.jpg

    These drivers are simple blocks of microcode and cpu identifying information - contain the latest microcode for the system cpu during boot. Windows loads the microcode from these drivers instead, overwriting the microcode that is included with the firmware, without being committed to flash. This takes place prior to the Windows initialization, so, seemingly there's no partial exposure issues.

    The draw back of having the latest microcode in the driver is that, at the time of reboot the latest microcode is lost. While for most people, this is not an issue; however, should one re-install Windows (starting fresh), the microcode maybe vulnerable to Spectre and other exploits, if and when the the BIOS/EUFI has not been updated that includes microcode that not vulnerable. Once the reinstalled Windows updated to the latest patches, it may have the latest microcode in the driver and no longer vulnerable. Provided Intel gets their act together...

    This is not a specific process that exists in Windows only, other operating systems, like Linux, MacOS, etc., act pretty much the same way on the x86 system with BIOS/UFI/EUFI firmware. One could make the argument that other operating system have been doing this longer than Windows...

    Personally, I don't see the need for updating the BIOS/EUFI with the latest operating systems. If the motherboard manufacturers have the fixed microcode for Intel/AMD CPUs, so will Microsoft and they will push it out with the next update. Relax people...
      My Computer


  8. Posts : 2,324
    Win10
       #8

    Cr00zng said:
    I don't believe that Microsoft will ever get to the point of pushing out BIOS/EUFI updates. Nor do they need to...

    As far as I know...

    Windows has the ability to warm patch microcode on boot using the mcupdate_GenuineIntel.dll and mcupdate_AuthenticAMD.dll drivers (located at C:\Windows\System32) on boot, for Intel and AMD cpu's respectively. On my system the current versions are:

    Intel Security Issue Update: Progress Continues on Firmware Updates-mcupdate.jpg
    It does , I am not sure how effective it is , not going to get into that, but it is fairly easy to check it , especially if you use the attached Batch File (below), I made a few weeks back after seeing another post on this....(and posted here on 10 somewhere) , the Pic is my current Bios and Window's MC , however it does not mean I pass the GRC Flaw test for example on my X99 based 5820k CPU , which I suspect Queries the CPU itself.

    KB
    Attached Thumbnails Attached Thumbnails Intel Security Issue Update: Progress Continues on Firmware Updates-17.png  
    Intel Security Issue Update: Progress Continues on Firmware Updates Attached Files
    • File Type: bat MC.bat (249 Bytes, 19 views)
      My Computers


  9. Posts : 591
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       #9

    Cr00zng said:
    As far as I know...

    Windows has the ability to warm patch microcode on boot...

    These drivers are simple blocks of microcode and cpu identifying information - contain the latest microcode for the system cpu during boot. Windows loads the microcode from these drivers instead, overwriting the microcode that is included with the firmware...

    Intel Security Issue Update: Progress Continues on Firmware Updates-mc.png
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:52.
Find Us




Windows 10 Forums