Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Win Update

Page 30 of 31 FirstFirst ... 2028293031 LastLast
  1.    #290

    Leoplate25 said: View Post
    Hey, people! Did i update the ME firmware right?

    Intel(R) ME code versions:

    BIOS Version 1005
    MEBx Version 0.0.0.0000
    GbE Version 0.5
    Descriptor Version 1.0
    Vendor ID 8086
    FW Version 12.0.35.1427 H Consumer
    LMS Version 1846.12.0.1173
    MEI Driver Version 1912.12.0.1247

    PMC FW Version 300.2.11.1020

    PCH Information
    PCH Version 11
    PCH Device ID A305
    PCH Step Data B1
    PCH SKU Type Production Pre-QS Revenue
    PCH Replacement Counter 0
    PCH Replacement State Disabled
    PCH Unlocked State Disabled

    FW Capabilities 0x31119140

    Protect Audio Video Path - PRESENT/ENABLED
    Intel(R) Dynamic Application Loader - PRESENT/ENABLED
    Intel(R) Platform Trust Technology - PRESENT/DISABLED
    Persistent RTC and Memory - PRESENT/ENABLED


    Capability Licensing Service Enabled
    End of Manufacturing Enable Yes
    Local FWUpdate Enabled
    OEM ID 00000000-0000-0000-0000-000000000000
    Integrated Sensor Hub Initial Power State Disabled
    Intel(R) PTT Supported Yes
    Intel(R) PTT initial power-up state Disabled
    OEM Tag 0x00
    PAVP Supported Yes
    Post Manufacturing NVAR Config Enabled Yes
    TLS Disabled

    FW Type Production
    Last ME reset reason Global system reset
    BIOS Config Lock Enabled
    GbE Config Lock Enabled
    Host Read Access to ME Enabled
    Host Write Access to ME Disabled
    Host Read Access to EC Disabled
    Host Write Access to EC Disabled
    SPI Flash ID 1 EF4018
    SPI Flash ID 2 Not Available
    BIOS boot State Post Boot
    Slot 1 Board Manufacturer 0x00000000
    Slot 2 System Assembler 0x00000000
    Slot 3 Reserved 0x00000000
    M3 Autotest Disabled
    Minimum Allowed Anti Rollback SVN 1
    Image Anti Rollback SVN 5
    Trusted Computing Base SVN 1
    Re-key needed False
    HW Binding Enabled


    FPF UEP ME FW
    *In Use
    --- --- -----
    Enforcement Policy 0x00 0x00 0x00
    EK Revoke State Not Revoke Not Revoke Not Revoke
    PTT Enabled Enabled Enabled
    OEM ID 0x00 0x00 0x00
    OEM Key Manifest Present Not Present Not Present Not Present
    OEM Platform ID 0x00 0x00 0x00
    OEM Secure Boot Policy 0x400 0x400 0x400
    CPU Debugging Enabled Enabled Enabled
    BSP Initialization Enabled Enabled Enabled
    Protect BIOS Environment Disabled Disabled Disabled
    Measured Boot Disabled Disabled Disabled
    Verified Boot Disabled Disabled Disabled
    Key Manifest ID 0x00 0x00 0x00
    Persistent PRTC Backup Power Enabled Enabled Enabled
    RPMB Migration Done Disabled Disabled Disabled
    SOC Config Lock Done Not Done Done
    SPI Boot Source Enabled Enabled Enabled
    TXT Supported Disabled Disabled Disabled

    ACM SVN FPF 0x00
    BSMM SVN FPF 0x00
    KM SVN FPF 0x00
    OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
    OEM Public Key Hash UEP 0000000000000000000000000000000000000000000000000000000000000000
    OEM Public Key Hash ME FW 0000000000000000000000000000000000000000000000000000000000000000
    PTT Lockout Override Counter FPF 0x00


    Thanks!!!
    Yes! you have updated correctly, and you have now the latest firmware

    - - - Updated - - -

    ddelo said: View Post

    In my opinion, I don't think they're needed, if the running microcode is up to date.
    I big to differ, these values still enable other mitigations than the retpoline,

    The best is to set it to 72 waiting for the microcode

    - - - Updated - - -

    HempOil said: View Post
    Hi JenyJ,

    As I said in my post, I applied some registry tweaks. Specifically, these ones:

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    As far as I can tell, the only thing I accomplished was to disable hyper-threading (which protects against ZombiLoad). It did not take care of SSBD. Am I missing something?
    What is your CPU?
      My ComputerSystem Spec

  2.    #291

    JenyJ said: View Post
    Yes! you have updated correctly, and you have now the latest firmware
    ASUS says this: *We suggest you update ME Driver to the latest Version 12.0.35.1427 simultaneously.
    Please download the file and check the MD5 code first.
    MD5:b71d997fa3d7c8a0dab55de4b4eacd11

    How to check that?
      My ComputerSystem Spec

  3.    #292

    Leoplate25 said: View Post
    ASUS says this: *We suggest you update ME Driver to the latest Version 12.0.35.1427 simultaneously.
    Please download the file and check the MD5 code first.
    MD5:b71d997fa3d7c8a0dab55de4b4eacd11

    How to check that?
    The last driver in intel site is 1909 Download Intel(R) Management Engine Driver for Windows 8.1* and Windows(R) 10

    The last WHQL verion 1916 here https://station-drivers.com/download...ivers.com).zip

    Extract and run SetupMe.exe as admin
      My ComputerSystem Spec

  4.    #293

    JenyJ said: View Post
    The last driver in intel site is 1909 Download Intel(R) Management Engine Driver for Windows 8.1* and Windows(R) 10

    The last WHQL verion 1916 here https://station-drivers.com/download...ivers.com).zip

    Extract and run SetupMe.exe as admin
    And that's it? What is MD5? Thanks!!!
      My ComputerSystem Spec

  5.    #294

    Leoplate25 said: View Post
    And that's it? What is MD5? Thanks!!!
    MD5 is a hash7 checksum / to check the file, you don't need to do it

    Zip files already use CRC32 and the files has no errors for sure

    Just extract the 1916 zip file and run SetupME.exe as admin

    I am sorry guys, gotta sleep now
      My ComputerSystem Spec

  6.    #295

    JenyJ said: View Post
    MD5 is a hash7 checksum / to check the file, you don't need to do it

    Zip files already use CRC32 and the files has no errors for sure

    Just extract the 1916 zip file and run SetupME.exe as admin

    I am sorry guys, gotta sleep now
    Thanks! Have a good night!
      My ComputerSystem Spec

  7.    #296

    ddelo said: View Post

    In my opinion, I don't think they're needed, if the running microcode is up to date.
    Retpoline is enabled by default.
    Attached Thumbnails Attached Thumbnails Untitled.png  
      My ComputerSystem Spec


  8.    #297

    JenyJ said: View Post
    I big to differ, these values still enable other mitigations than the retpoline,
    The best is to set it to 72 waiting for the microcode

    First things first, to clarify things, as lots of people read these posts: Retpoline is just performance improvement code, that does not protect against anything. So enabling it or not via registry, is just for performance improvement and nothing more!

    Second: That is your opinion and I fully respect it...but before making a comment every time I post mine, please read my entire statement.
    I said "In my opinion, I don't think they're needed, if the running microcode is up to date.", which means that either via BIOS/UEFI or Microsoft update, the running microcode should be the latest recommended by Intel. That is the key issue, updated microcode and not registry entries.
    The only thing that the registry entries do today is to enable SSBDWindowsSupportEnabledSystemWide, which is very good, but on the other hand, just an OS thing, bearing in mind that Speculative Store Bypass Disable is a hardware vulnerability and needs microcode update.
    So, with an up to date microcode, yes, you don't need the registry entries and that has been proven since the first day Spectre and Meltdown were announced as a threat!
    Registry entries are a plus, but not essential on their own, as opposed to up to date microcode, to mitigate vulnerabilities.

    And as a final note, that is not an argument between us, just a matter of opinions, regarding registry alterations. What users must have in mind is that they must try to keep their system's microcode up to date.
      My ComputerSystem Spec

  9.    #298

    ddelo said: View Post
    First things first, to clarify things, as lots of people read these posts: Retpoline is just performance improvement code, that does not protect against anything. So enabling it or not via registry, is just for performance improvement and nothing more!

    Second: That is your opinion and I fully respect it...but before making a comment every time I post mine, please read my entire statement.
    I said "In my opinion, I don't think they're needed, if the running microcode is up to date.", which means that either via BIOS/UEFI or Microsoft update, the running microcode should be the latest recommended by Intel. That is the key issue, updated microcode and not registry entries.
    The only thing that the registry entries do today is to enable SSBDWindowsSupportEnabledSystemWide, which is very good, but on the other hand, just an OS thing, bearing in mind that Speculative Store Bypass Disable is a hardware vulnerability and needs microcode update.
    So, with an up to date microcode, yes, you don't need the registry entries and that has been proven since the first day Spectre and Meltdown were announced as a threat!
    Registry entries are a plus, but not essential on their own, as opposed to up to date microcode, to mitigate vulnerabilities.

    And as a final note, that is not an argument between us, just a matter of opinions, regarding registry alterations. What users must have in mind is that they must try to keep their system's microcode up to date.
    Retpoline is only for older CPUs before skylake, like yours, Newer CPUs uses RSB Mitigation which is hard-coded. Read this paper https://software.intel.com/security-...echstories.org

    Most of the people don't care about retpoline!
    Last edited by JenyJ; 4 Weeks Ago at 04:03.
      My ComputerSystem Spec

  10.    #299

    JenyJ said: View Post
    Retpoline is only for older CPUs before skylake, like yours, Newer CPUs uses RSB Mitigation which is hard-coded. Read this paper https://software.intel.com/security-...echstories.org

    Most of the people don't care about retpoline!

    Same thing...again! Please read my entire statement and don't jump into conclusions.

    First things first, to clarify things, as lots of people read these posts: Retpoline is just performance improvement code, that does not protect against anything. So enabling it or not via registry, is just for performance improvement and nothing more!

    I never said anywhere that Retpoline is for everybody.... And to make it more clear, please read the last section of this thread

    JenyJ said: View Post
    Keeping the registry empty and installing the new Microcode will not enable the MDS mitigation, according to Microsoft.
    If I'm missing something, I would really appreciated if you could substantiate this claim!
    Because in Microsoft's article "Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities", says:
    To enable mitigations for Microarchitectural Data Sampling...…. change the Registry! Meaning (according to my interpretation) that Registry change is just an enabler and not the mitigation itself (which we both agree is the new microcode) and besides that, I don't see anywhere that if you don't add the registry keys you will not enable MDS mitigation. Unless I'm missing something, referenced somewhere else by MS, in which case I would be grateful if you could post the link!

    And to make it more clear:

    SpeculationControl output without Registry entries:
    Click image for larger version. 

Name:	MDS_WithoutRegEntries.png 
Views:	0 
Size:	49.0 KB 
ID:	234286


    SpeculationControl output with Registry entries:
    Click image for larger version. 

Name:	MDS_WithRegEntries.png 
Views:	0 
Size:	53.2 KB 
ID:	234287
      My ComputerSystem Spec


 
Page 30 of 31 FirstFirst ... 2028293031 LastLast

Related Threads
UPDATE 5/14: Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Source: https://support.microsoft.com/en-us/help/4495667 Direct download links for KB4495667 MSU file from Microsoft Update Catalog:
UPDATE 4/2: Cumulative Update KB4490481 Windows 10 v1809 Build 17763.404 - April 2 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4489899/windows-10-update-kb4489899 Direct download links for...
UPDATE 1/8: Cumulative Update KB4480116 Windows 10 v1809 Build 17763.253 - Jan. 8 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4483235 Direct download links for KB4483235 MSU file from Microsoft...
UPDATE 3/1: Cumulative Update KB4482887 Windows 10 v1809 Build 17763.316 - March 1 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044 Direct download links for...
UPDATE 2/12: Cumulative Update KB4487044 Windows 10 v1809 Build 17763.316 - Feb. 12 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4476976 Direct download links for KB4476976 MSU file from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:39.
Find Us