Windows 10: Intel Security Issue Update: Progress Continues on Firmware Updates

Page 1 of 6 123 ... LastLast

  1. Posts : 28,623
    64-bit Windows 10 Pro build 17655
       08 Feb 2018 #1

    Intel Security Issue Update: Progress Continues on Firmware Updates


    Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.

    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

    This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.

    Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.

    Navin Shenoy
    Executive vice president and general manager of the Data Center Group at Intel Corporation


    Source: https://newsroom.intel.com/news/secu...mware-updates/
      My ComputersSystem Spec

  2.    08 Feb 2018 #1

    Thanks for staying on top of this, Brink. It's always interesting to watch how long things take to percolate through the OEMs and the motherboard makers. We may see another round of firmware update next month, I'm guessing. MS just came out with firmware updates on 2/6 to "undo" the first hurry-up round that came out earlier in January. I shared my recent fix experiences in a recent blog post: Timely Firmware Update Rescues Surface Pro 3 - Windows Enterprise Desktop. Thanks again,
    --Ed--
      My ComputersSystem Spec

  3.    08 Feb 2018 #2

    Has Microsoft said anything about eventually pushing out the CPU microcode update through Windows Update?
      My ComputerSystem Spec


  4. Posts : 19,846
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       09 Feb 2018 #3

    Intel Newsroom:

    Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.


    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

    This is especially top-of-mind because new categories of security exploits often follow a similar lifecycle. This lifecycle tends to include new derivatives of the original exploit as security researchers – or bad actors – direct their time and energy at it. We expect this new category of side channel exploits to be no different. We will, of course, work closely with the industry to address these situations if and when they arise, but it again underscores the importance of regular system updates, now and in the future.

    Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.
    https://newsroom.intel.com/news/secu...mware-updates/

    warning   Warning
    Before you do update your BIOS/UEFI, make sure you keep a copy of the one you have now, and make a system image, in case something goes south, or the BIOS update causes problems(like the unwanted reboots caused on some machines after the last microcode update), then you can revert back to the old one.
      My ComputersSystem Spec

  5.    09 Feb 2018 #4

    Cliff S said: View Post
    Intel Newsroom:

    https://newsroom.intel.com/news/secu...mware-updates/

    warning   Warning
    Before you do update your BIOS/UEFI, make sure you keep a copy of the one you have now, and make a system image, in case something goes south, or the BIOS update causes problems(like the unwanted reboots caused on some machines after the last microcode update), then you can revert back to the old one.
    Intel have Issued a new CPU MicroCode Guidance PDF Sheet yesterday . Found on this page 1/2 way down or the PDF is Below too....

    https://newsroom.intel.com/press-kit...ntel-products/

    microcode-update-guidance_02_09_18.pdf
      My ComputerSystem Spec


  6. Posts : 3,242
    3-Win-7Prox64 2-Win10Prox64
       09 Feb 2018 #5

    Hi,
    I sure wouldn't want MS pushing out a bios update
    Flashing bios is risky enough and personally I do not want an update attempting to flash my bios
    The update system is bad enough as it is start bricking mother boards and that will kiss the baby as far as 10 goes.
      My ComputersSystem Spec


  7. Posts : 249
    Windows 10 Home Fall Creators Update 64-bit
       09 Feb 2018 #6

    More "bla bla bla" from Intel. Looking forward to these microcodes failing aswell... I'm definitely not holding my breath, nor will I BIOS-rush any of my computers until the consensus is out. Fool me once, fool me twice and all that... You can try and eat me too, I'm quite salty.
      My ComputerSystem Spec

  8.    09 Feb 2018 #7

    ThrashZone said: View Post
    Hi,
    I sure wouldn't want MS pushing out a bios update
    Flashing bios is risky enough and personally I do not want an update attempting to flash my bios
    The update system is bad enough as it is start bricking mother boards and that will kiss the baby as far as 10 goes.
    I don't believe that Microsoft will ever get to the point of pushing out BIOS/EUFI updates. Nor do they need to...

    As far as I know...

    Windows has the ability to warm patch microcode on boot using the mcupdate_GenuineIntel.dll and mcupdate_AuthenticAMD.dll drivers (located at C:\Windows\System32) on boot, for Intel and AMD cpu's respectively. On my system the current versions are:

    Click image for larger version. 

Name:	mcupdate.jpg 
Views:	285 
Size:	19.6 KB 
ID:	176356

    These drivers are simple blocks of microcode and cpu identifying information - contain the latest microcode for the system cpu during boot. Windows loads the microcode from these drivers instead, overwriting the microcode that is included with the firmware, without being committed to flash. This takes place prior to the Windows initialization, so, seemingly there's no partial exposure issues.

    The draw back of having the latest microcode in the driver is that, at the time of reboot the latest microcode is lost. While for most people, this is not an issue; however, should one re-install Windows (starting fresh), the microcode maybe vulnerable to Spectre and other exploits, if and when the the BIOS/EUFI has not been updated that includes microcode that not vulnerable. Once the reinstalled Windows updated to the latest patches, it may have the latest microcode in the driver and no longer vulnerable. Provided Intel gets their act together...

    This is not a specific process that exists in Windows only, other operating systems, like Linux, MacOS, etc., act pretty much the same way on the x86 system with BIOS/UFI/EUFI firmware. One could make the argument that other operating system have been doing this longer than Windows...

    Personally, I don't see the need for updating the BIOS/EUFI with the latest operating systems. If the motherboard manufacturers have the fixed microcode for Intel/AMD CPUs, so will Microsoft and they will push it out with the next update. Relax people...
      My ComputerSystem Spec

  •    09 Feb 2018 #8

    Cr00zng said: View Post
    I don't believe that Microsoft will ever get to the point of pushing out BIOS/EUFI updates. Nor do they need to...

    As far as I know...

    Windows has the ability to warm patch microcode on boot using the mcupdate_GenuineIntel.dll and mcupdate_AuthenticAMD.dll drivers (located at C:\Windows\System32) on boot, for Intel and AMD cpu's respectively. On my system the current versions are:

    Click image for larger version. 

Name:	mcupdate.jpg 
Views:	285 
Size:	19.6 KB 
ID:	176356
    It does , I am not sure how effective it is , not going to get into that, but it is fairly easy to check it , especially if you use the attached Batch File (below), I made a few weeks back after seeing another post on this....(and posted here on 10 somewhere) , the Pic is my current Bios and Window's MC , however it does not mean I pass the GRC Flaw test for example on my X99 based 5820k CPU , which I suspect Queries the CPU itself.

    KB
    Attached Thumbnails Attached Thumbnails 17.PNG  
    Intel Security Issue Update: Progress Continues on Firmware Updates Attached Files
    • File Type: bat MC.bat (249 Bytes, 18 views)
      My ComputerSystem Spec


  • Posts : 569
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       10 Feb 2018 #9

    Cr00zng said: View Post
    As far as I know...

    Windows has the ability to warm patch microcode on boot...

    These drivers are simple blocks of microcode and cpu identifying information - contain the latest microcode for the system cpu during boot. Windows loads the microcode from these drivers instead, overwriting the microcode that is included with the firmware...

    Click image for larger version. 

Name:	mc.png 
Views:	23 
Size:	314.8 KB 
ID:	176412
      My ComputerSystem Spec


  •  
    Page 1 of 6 123 ... LastLast

    Related Threads
    Source: https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ UPDATE 1/17: Read more: https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/
    Source: https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/ Reference: Kernel memory leaking Intel processor design flaw - Windows 10 Forums See also: Download Intel-SA-00086 Detection Tool
    Source: https://newsroom.intel.com/news/intel-offers-security-issue-update/
    Solved Update issue.. UEFI firmware issue in Installation and Upgrade
    14703 Any suggestions??
    Solved INTEL SSDSC2CT120A3 firmware update in Drivers and Hardware
    Hello, I would like to update the firmware of my SSD, INTEL SSDSC2CT120A3, but Google gives me results of Intel® SSD 330 Series. I don't know if my SSD model is Intel® SSD 330
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 04:49.
    Find Us