KB4346084 Intel microcode updates for Windows 10 v1803 - August 21

I received KB4100347 for the Xeon E3-1231 v3.

Those of you not getting this update as you expect should check you set defer feature update to zero days. I didn't get the last similar update until I did this. Why I don't know since this update isn't a feature update.

Tonyb said:

ok so how do i get KB4100347 do i need to d-load it or will it come via windows update?

Should come by WU but you can find it via the Microsoft Update Catalog use IE and allow the install. You need the 2018-08 version for Windows 10 for 64-bit systems.

There is a thread on here with the direct download links.

winactive said:

You should be updated to 17134.228 (or 16299.611) and have KB4100347 (or KB4090007), that's all you can do.

looks like it is d-loading it now after the last update i got i must have not had the right version number on windows as now i'm getting it from windows update :) its auto d-loading thanks for all the help.

Tonyb said:

looks like it is d-loading it now after the last update i got i must have not had the right version number on windows as now i'm getting it from windows update :) its auto d-loading thanks for all the help.

You should get the updates independently unless one is a trigger for the other.

The August cumulative enables patching of newer threats but they do need a newer uCode in most cases. However, the two are not tied up with Intel's master list of patches.

Clearly as my Broadwell laptop is proving, I am unable to get the uCode I need for CVE 2018-3639 as neither my UEFI BIOS nor the new KB4100347 contain the necessary uCode (0x2B).

Acer have told me they are escalating the issue internally (or fobbing me off) and Microsoft aren't in step with Intel. If I have all the patch code I can turn them on or off as I see fit (based on mitigation vs performance). Without it, I'm unable to make that choice.

I do have a CH341 SPI Flash programmer that I can use to physically overcome the flash protection that the Insyde BIOS has, but it means cracking the plastic case open to remove the motherboard and I've had this machine open so many times that it's already on it's second set of case plastics as they become brittle and snap. Acer can just pull their fingers out or I have to wait for Microsoft to get their act together.

Via a combination of hiding updates or manually installing older versions of KB4100347 I can get control of which patches I apply. The problem is if uCode changes that mitigate Spectre vulnerabilities also contain bug fixes for CPU errata, you really need to be able to control the patch level. Plus you also need to manage the WU level at possibly something other than not entirely up to date.

yeah i hear you there i'm just at least thankful i have some level of patching here, thanks for all the help, once i got the last update i was getting my windows went to the version you stated , and i got this patch, makes me wonder, if the release another one, if it will auto d-load as well one would hope :). I gave up all hope of MSI ever patching this old system mobo.

Just got KB410037 instead of KB4346084, my i7 8700K already had a bios upgrade to microcode 96h. After that patch was installed Windows slowed down to a crawl. That KB tried to reconfigure the microcode back to 84 and Windows didn't like it so I removed the update, now back to normal. Well done MS.

Edit:- downloaded correct KB, everything back to normal,

winactive said:

No it's possible you have older CPU than Skylake as KB4346084 is only for Skylake/Kaby Lake/Coffee Lake as outlined above.

No, I have a core i7 8700K Coffee Lake CPU.

Burgurne said:

No, I have a core i7 8700K Coffee Lake CPU.

There's an iffy with the Coffee Lake CPUs I have a support ticket open with Intel about the stepping and which uCode they should receive. My CPU is listed as 906EA and has 0x96 but it should be 906EB according to Intel in which case it should have 0x8E