[German]Intel began rolling out microcode updates against meltdown and spectre attacks on its Ivy Bridge and Sandy Bridge family of processors a few days ago to OEMs. Here is an overview of the microcode updates that are now available.
A short overview
After Intel withdrew released microcode updates due to problems in January 2018, revised versions and re-releases of these packages will be distributed step-by-step to OEMs and software manufacturers for various CPU generations.
- OEMs integrate these microcode updates into their UEFI versions and release them as firmware updates (for BIOS/UEFI) for motherboards.
- For Linux, Intel’s microcode updates are provided in the Linux Processor Microcode Data File.
- And Microsoft has started collecting and deploying these microcode updates for Windows.
Within my article Microsoft Updates KB4091290/KB4090007/KB4052623 (March 1, 2018), I’ve published some background details about the difference of microcode updates, that may be integrated winto Linux/Windows, and firmware updates released to OEMs to be integrated into BIOS/UEFI.
(Source: Pexels Fancycrave CC0 License)
Spectre attack also for Intel SGX possible
In connection with Spectre, it was also became public at the end of February 2018 that Intel’s software guards extensions (SGX) developed as security technology are vulnerable in current Intel processors.
Intel’s SGX sets up so-called enclaves in the memory, the content of which should be protected from unauthorized access (malware, etc.). Intel SGX is usable since the Skylake processor family. A PDF document from Ohio State University shows that the enclaves can be attacked with SGXSpectre and SGXPectre. If you are interested: this article deals with this topic.
More microcode updates are released
In February 2018, Intel released microcode updates to protect against Spectre V2 for more recent CPUs (Coffee Lake, Kaby Lake, Skylake) for its OEMs. In a 14-page Microcode Revision Guidance (PDF document) dated 20 February 2018, Intel lists a series of microcode updates. Further Microcode updates were added in March 2018.
- On March 1, 2018 PCWorld published this article mentions, that Intel released microcode updates for Haswell- and Broadwell cpus.
- On March 9, 2018 PCWorld published this article, mentions microcode updates for Ivy Bridge and Sandy Bridge chips.
With the earlier firmware updates, Intel Microcode updates are available for many CPUs. This Intel PDF document contains all Intel Microcode updates against Spectre/Meltdown as of March 6, 2018.
The screenshot above shows the first page of this document. A microcode update for production purposes is colored with a green background. These updates can be rolled out by OEMs in UEFI/BIOS firmware updates for the motherboards. And Linux/Microsoft can provide this microcode update in the operating system.
How to determine the CPUID?
The Intel tables contain the CPUID and revision of the microcode update for the CPUs. Maybe you ask yourself, how to get this information for the current Windows system. Steve Gibson from Gibson Research released the Windows tool InSpectre for fre (download). Revision 7 is available since a few days and shows also the CPUID.
Design flaw in Intel CPUs set operating systems at risk
Microsoft releases Windows 10 Patch to fix Intel Bug
New Intel Spectre V2 microcode updates (02/20/2018)
Meltdown/Spectre Test Tools Overview
Meltdown and Spectre: What Windows users need to know
Test: Is my browser vulnerable for Spectre attacks?
Windows-Update KB4078130 deactivates Spectre 2-Patch
InSpectre: Test your machine against Meltdown/Spectre flaw
Microsoft Updates KB4091290/KB4090007/KB4052623 (March 1, 2018)