New
#220
Thanks,
JohnD
That's not undoing the microcode update, it's disabling the mitigation for all the threats. Subtly different.
I don't particularly rate that DPC latency checker, it often gives variable results, showing errors on systems that aren't misbehaving.
I applaud the fact that you have some kind of regression practice, but to blame the microcode update isn't accurate.
I agree about the MS forums, they'd have you checking your system files and then everyone scratching their heads.
Because your mcupdate_genuineIntel.dll is not the latest version, same as why all the AMD users are getting it too.
As I think I've pointed out, this is still not great because they aren't even the latest uCodes. So the update will patch the uCode to a level but the Cumulative updates that require newer uCode won't have any effect.
AFAIU the registry setting to disable ALL Spectre class vulnerabilities is just to disable a Memory management switch.
I think it will be possible to achieve granularity by using older versions of the patch to have the microcode at a level that should enable only certain mitigations. Other threats that do not require microcode may be more tricky. If not installing the Cumulative patches is the only way then that's not a sustainable position.
Of course, some of the mitigations do not carry a performance penalty, but blanket turning off of the memory management may disable those as well.
We could do with a little direction on that from Microsoft, in that what their intentions with the updates are going forward and why there are two patches, one with older versions.
Although the little utility app show performance as "GOOD" I'm noticing a small delay on my operations. Is not a huge slowdown but I can tell the difference and it's very uncomfortable to me. I don't like the option of putting the WU in pause, because other updates will come and this one will probably be bundled in the future in other one, or if not, it will probably be included in the next service pack.
That's why I want to know how to disable it. I will try to click on disable then reboot.
Thanks.
Looks like the Memory Management setting can be toggled against Spectre variant 2 only
and against variant 4, variant 2 and Meltdown (variant 3) together
https://support.microsoft.com/en-gb/...tive-execution
No actual clue as to how InSpectre handles this, I assume the first option is all that is detected and disabled / enabled because it hasn't been updated to detect firmware updates either after those for variant 2.
This is a .reg file I tried, to handle mitigations for Spectre and Meltdown:
To disable all mitigations you need to delete the two values:Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "FeatureSettingsOverride"=dword:00000008 "FeatureSettingsOverrideMask"=dword:00000003 ; https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in ; ; FeatureSettingsOverride values: ; 8 = Enable All (Speculative Store Bypass together with Spectre Variant 2 and Meltdown) ; 3 = Disable both Spectre Variant 2 and Meltdown ; 2 = Disable Meltdown (Kernel VA Shadow) ; 1 = Disable Spectre Variant 2 (Branch Target Injection) ; 0 = Enable Spectre Variant 2 and Meltdown ; ; FeatureSettingsOverrideMask value is always 3
- FeatureSettingsOverride and
- FeatureSettingsOverrideMask
In my Registry, since I haven't installed any microcode updates from Microsoft and my hp (Insyde) BIOS is in microcode version 0x2B, I do not have the two entries.
For more info from Intel, take a look here
Last edited by ddelo; 26 Aug 2018 at 06:57.
Check the Intel document, to see what microcode revision you should have.
If you don't have the one mentioned by Intel, check for a BIOS update at the manufacturer's site and install it. If one is not available, use the above reg file with values 8 and 3, in order to be protected.
My CPU is i7 4790K and it's not on the document :S