New
#20
I received KB4100347 for the Xeon E3-1231 v3.
Those of you not getting this update as you expect should check you set defer feature update to zero days. I didn't get the last similar update until I did this. Why I don't know since this update isn't a feature update.
Should come by WU but you can find it via the Microsoft Update Catalog use IE and allow the install. You need the 2018-08 version for Windows 10 for 64-bit systems.
There is a thread on here with the direct download links.
You should get the updates independently unless one is a trigger for the other.
The August cumulative enables patching of newer threats but they do need a newer uCode in most cases. However, the two are not tied up with Intel's master list of patches.
Clearly as my Broadwell laptop is proving, I am unable to get the uCode I need for CVE 2018-3639 as neither my UEFI BIOS nor the new KB4100347 contain the necessary uCode (0x2B).
Acer have told me they are escalating the issue internally (or fobbing me off) and Microsoft aren't in step with Intel. If I have all the patch code I can turn them on or off as I see fit (based on mitigation vs performance). Without it, I'm unable to make that choice.
I do have a CH341 SPI Flash programmer that I can use to physically overcome the flash protection that the Insyde BIOS has, but it means cracking the plastic case open to remove the motherboard and I've had this machine open so many times that it's already on it's second set of case plastics as they become brittle and snap. Acer can just pull their fingers out or I have to wait for Microsoft to get their act together.
Via a combination of hiding updates or manually installing older versions of KB4100347 I can get control of which patches I apply. The problem is if uCode changes that mitigate Spectre vulnerabilities also contain bug fixes for CPU errata, you really need to be able to control the patch level. Plus you also need to manage the WU level at possibly something other than not entirely up to date.
yeah i hear you there i'm just at least thankful i have some level of patching here, thanks for all the help, once i got the last update i was getting my windows went to the version you stated , and i got this patch, makes me wonder, if the release another one, if it will auto d-load as well one would hope :). I gave up all hope of MSI ever patching this old system mobo.
Just got KB410037 instead of KB4346084, my i7 8700K already had a bios upgrade to microcode 96h. After that patch was installed Windows slowed down to a crawl. That KB tried to reconfigure the microcode back to 84 and Windows didn't like it so I removed the update, now back to normal. Well done MS.
Edit:- downloaded correct KB, everything back to normal,