KB4100347: Intel microcode updates
-
KB4100347: Intel microcode updates
-
-
Thanks for the heads up. I'll be watching WU for this one. I wonder if it will precede the v. 1803 update, or will be part of the delivery?
-
Not sure, did not show via windows update (probably to soon) so manually updated on one machine (already on 1803) no noticeable difference other than showing as patched now.
will wait and see on the others.. (all 1803)
-
-
-
FWIW, V.1803 just updated on my system without this KB for the processor being downloaded or installed. Could it have been part of the Feature Update? Don't know, but the system works fine (so far).
-
no, jamis. the KB4100347 update was released a few weeks after v1803 first came out on April 30 so it's not originally included in the 1803 feature update.
that KB4100347 patch for v1803 updates the mcupdate_GenuineIntel.dll file found in the Windows\System32 folder.
-
If someone more technically minded could explain how the patch works compared to having the microcode in firmware I'd be extremely grateful.
Concerns are;
1. if software patch can be bypassed readily (InSpectre easily disables the Spectre patching to soft patched machines.)
2. if there is a performance penalty with an unnecessarily patched .dll as well as the firmware patch.
I have had firmware patches applied to my machines as soon as they were available. KB4100347 installs whether or not the system is patched in firmware. It may also install where it is not applicable.
I know there are users with Arrandale/Clarkdale that the microcode is in production but it is not in the v1.000 patch for v1803, nor the v3.000 of KB4090007 for v1709.
-
If someone more technically minded could explain how the patch works compared to having the microcode in firmware I'd be extremely grateful.
Concerns are;
1. if software patch can be bypassed readily (InSpectre easily disables the Spectre patching to soft patched machines.)
2. if there is a performance penalty with an unnecessarily patched .dll as well as the firmware patch.
I have had firmware patches applied to my machines as soon as they were available. KB4100347 installs whether or not the system is patched in firmware. It may also install where it is not applicable.
I know there are users with Arrandale/Clarkdale that the microcode is in production but it is not in the v1.000 patch for v1803, nor the v3.000 of KB4090007 for v1709.
I can confirm that InSpectre removes the Spectre mitigations for firmware microcode updates (i.e. updated BIOS).
Upon re-reading the advisory, it does seem to be a combination of microcode updates and OS registry settings that enable the mitigation.
So a BIOS microcode update is not sufficent to enable mitigation alone, which also explains the delivery of KB4100347 to machines that already have the microcode.
mcupdate_GenuineIntel.dll can be removed or renamed with a permissions change; it's used by overclockers.
So pretty much I think this mitigation is a chocolate fireguard. That's my take.
-
-
Well it does seem odd.. I have a dual 17134 and 14393 setup.. with latest bios update... on the former I'm protected but not on oldie (according to InSpectre) - I do run oldie with limited priviledges tho'(if that makes a difference)
-
Well it does seem odd.. I have a dual 17134 and 14393 setup.. with latest bios update... on the former I'm protected but not on oldie (according to InSpectre) - I do run oldie with limited priviledges tho'(if that makes a difference)
No it doesn't make a difference only that 14393 builds don't get any OS/standalone support for the microcodes. It's not a user level patch.