Intel’s Spectre Microcode Fixes Are Coming to Microsoft’s Update Catalog [Only for Skylake Devices Running on Fall Creators Update]
Microsoft has published another post today giving an update on fixes for the Spectre and Meltdown chip bugs. The company is releasing Intel microcode updates that will initially be available for some Skylake devices running the latest Windows 10 Fall Creators Update. Microsoft added that additional microcode updates will be released as Intel makes them available to the Windows maker.
KB4090007 will be released for some Skylake devices on Fall Creators Update
Today's KB4090007 will bring fixes for Spectre Variant 2 (CVE 2017-5715) for the Fall Creators Update. The update is initially only available for:
- Skylake H/S, 6th Generation Intel Core Processor Family (CPUID 506E3)
- Skylake U/Y & Skylake U23e, 6th Generation Intel Core m Processors (CPUID 406E3)
While it usually doesn't take this long to deliver patches, the Spectre and Meltdown flaws were devastating mainly because there are no straightforward fixes. Trying to patch speculative execution side-channel attacks takes a number of software and hardware updates that could result in data loss or hit performance, as we have seen since the patches for these chip bugs started rolling out.
Microsoft's John Cable of the Windows Servicing and Delivery team said in this latest update that the company will "continue to work with chipset and device makers as they offer more vulnerability mitigations".
The company had in February released patches for 32-bit (x86) platforms after initially rolling out fixes for 64-bit versions of Windows 10. Today's update is actually the company pushing out Intel's firmware updates to protect Windows 10 against Spectre variant 2. Most devices should receive this class of updates directly from their device manufacturer. The fix being rolled out by Microsoft is only available through Microsoft Update Catalog (KB4090007) and won't be pushed out through Microsoft's Windows Update system.
Since these microcode updates aren't being shipped through Windows Update, they need to be downloaded manually from the Microsoft Update Catalog. Microsoft warned that these Intel microcode updates are only valid for the aforementioned Skylake devices. The company said that trying to install this update on a device with an unsupported CPU will result in an error message. Microsoft had previously also released a free tool for enterprises to better assess Meltdown and Spectre update status with device-level insights.
Here's Microsoft updated statement:
Windows devices need both software and firmware updates to help protect them against these new vulnerabilities. Recently we added software coverage for x86 editions of Windows 10, and we continue to work to provide updates for other supported versions of Windows. You can find more information and a table of updated Windows editions in our Windows customer guidance article. We will update this documentation when new mitigations become available.
While firmware (microcode) security updates are not yet broadly available, Intel recently announced that they have completed their validations and started to release microcode for newer CPU platforms. Today, Microsoft will make available Intel microcode updates, initially for some Skylake devices running the most broadly installed version of Windows 10 - the Windows 10 Fall Creators Update - through the Microsoft Update Catalog, KB4090007. We will offer additional microcode updates from Intel as they become available to Microsoft. We will continue to work with chipset and device makers as they offer more vulnerability mitigations.
- KB4090007 can be downloaded from here.