Microsoft announced this month it would be including Intel microcode (BIOS) updates meant to fix the graver version of the Spectre vulnerability as Windows Update packages made available via the Microsoft Update Catalog portal.
Microsoft greatly expanded the number of such packages, extending support from the initial Skylake 6th gen processor family to many more CPU series, information security training researchers said.
This means that many Windows users who utilize Intel CPUs but have not received BIOS updates from their motherboard manufacturer may now be able to install the Spectre variant 2 (CVE 2017-5715) patch just by downloading a Windows update package from Microsoft’s portal.
Information security professionals told; Microsoft did not initially plan to distribute microcode updates. These packages patch the Spectre vulnerability that Microsoft initially said it couldn’t fix at the software level, and deferred the patching operations to OEMs. The OS maker later changed its mind because some OEMs were missing in action, failing to integrate Intel’s microcode fixes.
Currently, Microsoft is embedding these Intel CPU microcode patches as updates to the operating system’s CPU driver, an unorthodox method of delivering microcode updates, which have previously been left to OEM vendors only, usually delivered as BIOS updates.
Microsoft’s custom updates are only meant for Windows 10 version 1709 and Windows Server, version 1709 (Datacenter, Standard) users, and not for Windows 7, 8, and 8.1 machines. Microsoft’s original Meltdown and Spectre patches must be already installed.
Users have to visit the Windows Update Catalog, search and download these update package manually, as they’re not included in the regular, self-installing Windows Update mechanism, information security training professionals said.
According to KB4090007, the Windows Update Catalog portal now includes Intel microcode patches for the following Intel processor models:
|Product Names (CPU)||Public Name||CPUID||Intel Microcode Update Revision||Microsoft Update Standalone Package Version|
|Skylake H/S||6th Generation Intel Core Processor Family||506E3||0xC2||V1.001, V1.003|
|Skylake U/Y & Skylake U23e||6th Generation Intel Core m Processors||406E3||0xC2||V1.001, V1.003|
|Skylake Server SP (H0, M0, U0)||Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T||00050654||0x2000043||V1.003|
|Skylake D (Bakerville)||Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT||00050654||0x2000043||V1.003|
|Skylake X (Basin Falls)||Intel® Core™ i9 79xxX, 78xxX||00050654||0x2000043||V1.003|
|Kaby Lake U||7th Generation Intel® Core™ Mobile Processors||000806E9||0x84||V1.003|
|Kaby Lake U23e||7th Generation Intel® Core™ Mobile Processors||000806E9||0x84||V1.003|
|Kaby Lake Y||7th Generation Intel® Core™ Mobile Processors||000806E9||0x84||V1.003|
|KBL-R U||8th Generation Intel® Core™ Mobile Processor Family||000806EA||0x84||V1.003|
|Kaby Lake G||7th Generation Intel® Core™ Processor Family||000906E9||0x84||V1.003|
|Kaby Lake H||7th Generation Intel® Core™ Processor Family||000906E9||0x84||V1.003|
|Kaby Lake S||7th Generation Intel® Core™ Processor Family||000906E9||0x84||V1.003|
|Kaby Lake X||7th Generation Intel® Core™ Processor Family||000906E9||0x84||V1.003|
|Kaby Lake Xeon E3||7th Generation Intel® Core™ Processor Family||000906E9||0x84||V1.003|
|Coffee Lake H 6+2||8th Generation Intel® Core™ Processor Family||000906EA||0x84||V1.003|
|Coffee Lake S 6+2||8th Generation Intel® Core™ Processor Family||000906EA||0x84||V1.003|
|Coffee Lake S 6+2 Xeon E3||8th Generation Intel® Core™ Processor Family||000906EA||0x84||V1.003|
|Coffee Lake S 6+2 x/KBP||8th Generation Intel® Core™ Processor Family||000906EA||0x84||V1.003|
|Coffee Lake S (4+2)||8th Generation Intel® Core™ Desktop Processor Family||000906EB||0x84||V1.003|
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.