KB4100347: Intel microcode updates

  1. aramil's Avatar
    Posts : 92
    Windows 10 pro 64bit
       #1

    KB4100347: Intel microcode updates


    KB4100347: Intel microcode updates
    Applies to: Windows Server version 1803Windows 10 version 1803



    Summary

    Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”]). This update includes microcode updates from Intel for the following CPUs: https://support.microsoft.com/en-gb/...windows-server

    http://www.catalog.update.microsoft....aspx?q=4100347
      My Computer

  2. jamis's Avatar
    Posts : 468
    Windows10 Home 64 bit v. 20H2 bld. 19042.985
       #2

    Thanks for the heads up. I'll be watching WU for this one. I wonder if it will precede the v. 1803 update, or will be part of the delivery?
      My Computer

  3. aramil's Avatar
    Posts : 92
    Windows 10 pro 64bit
    Thread Starter
       #3

    Not sure, did not show via windows update (probably to soon) so manually updated on one machine (already on 1803) no noticeable difference other than showing as patched now.

    will wait and see on the others.. (all 1803)
      My Computer

  4. Brink's Avatar
    Posts : 57,757
    64-bit Windows 10 Pro for Workstations build 21390
       #4
      My Computers

  5. jamis's Avatar
    Posts : 468
    Windows10 Home 64 bit v. 20H2 bld. 19042.985
       #5

    FWIW, V.1803 just updated on my system without this KB for the processor being downloaded or installed. Could it have been part of the Feature Update? Don't know, but the system works fine (so far).
      My Computer


  6. Posts : 1,413
    Windows 7 Home Premium x64
       #6

    no, jamis. the KB4100347 update was released a few weeks after v1803 first came out on April 30 so it's not originally included in the 1803 feature update.

    that KB4100347 patch for v1803 updates the mcupdate_GenuineIntel.dll file found in the Windows\System32 folder.
      My Computers


  7. Posts : 384
    Windows 10 Home x64
       #7

    If someone more technically minded could explain how the patch works compared to having the microcode in firmware I'd be extremely grateful.

    Concerns are;

    1. if software patch can be bypassed readily (InSpectre easily disables the Spectre patching to soft patched machines.)

    2. if there is a performance penalty with an unnecessarily patched .dll as well as the firmware patch.

    I have had firmware patches applied to my machines as soon as they were available. KB4100347 installs whether or not the system is patched in firmware. It may also install where it is not applicable.

    I know there are users with Arrandale/Clarkdale that the microcode is in production but it is not in the v1.000 patch for v1803, nor the v3.000 of KB4090007 for v1709.
      My Computers


  8. Posts : 384
    Windows 10 Home x64
       #8

    winactive said:
    If someone more technically minded could explain how the patch works compared to having the microcode in firmware I'd be extremely grateful.

    Concerns are;

    1. if software patch can be bypassed readily (InSpectre easily disables the Spectre patching to soft patched machines.)

    2. if there is a performance penalty with an unnecessarily patched .dll as well as the firmware patch.

    I have had firmware patches applied to my machines as soon as they were available. KB4100347 installs whether or not the system is patched in firmware. It may also install where it is not applicable.

    I know there are users with Arrandale/Clarkdale that the microcode is in production but it is not in the v1.000 patch for v1803, nor the v3.000 of KB4090007 for v1709.
    I can confirm that InSpectre removes the Spectre mitigations for firmware microcode updates (i.e. updated BIOS).

    Upon re-reading the advisory, it does seem to be a combination of microcode updates and OS registry settings that enable the mitigation.

    So a BIOS microcode update is not sufficent to enable mitigation alone, which also explains the delivery of KB4100347 to machines that already have the microcode.

    mcupdate_GenuineIntel.dll can be removed or renamed with a permissions change; it's used by overclockers.

    So pretty much I think this mitigation is a chocolate fireguard. That's my take.
      My Computers

  9. Superfly's Avatar
    Posts : 3,357
       #9

    Well it does seem odd.. I have a dual 17134 and 14393 setup.. with latest bios update... on the former I'm protected but not on oldie (according to InSpectre) - I do run oldie with limited priviledges tho'(if that makes a difference)
      My Computer


  10. Posts : 384
    Windows 10 Home x64
       #10

    Superfly said:
    Well it does seem odd.. I have a dual 17134 and 14393 setup.. with latest bios update... on the former I'm protected but not on oldie (according to InSpectre) - I do run oldie with limited priviledges tho'(if that makes a difference)
    No it doesn't make a difference only that 14393 builds don't get any OS/standalone support for the microcodes. It's not a user level patch.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:46.
Find Us




Windows 10 Forums