[German]Does Microsoft withdraw or replace Intel Microcode updates for Windows released in July/August 2018? Here are a few things I've compiled with the request for feedback, maybe there is an explanation.
Advertising
Chaos at the July/August Microcode Updates
First some background information on the topic. In August 2018 Microsoft released Intel microcode updates Spectre and Spectre-like vulnerabilities (Foreshadow, L1TF) for Windows. I had written about about these updates provided for Windows 10 within my blog post Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018). For Windows 7 SP1 and Windows 8.1 and the server counterparts, the updates are listed in the blog post Patchday: Updates for Windows 7/8.1/Server (August 14, 2018). Also in July 2018 Microsoft has released such updates.
After publishing the German edition of the Windows 10 blog article linked above I got feedback from reader's that also the Intel Microcode Update KB4100347 is offered again on their machines (had already been released in the previous months). And some users are reporting, that this Intel microcode update has been offered on systems with AMD CPUs.
Then I got hints that the Intel Microcode Update KB4100347 probably causes boot issues on some Windows 10 machines. I collected the information within the blog post Microsoft: Issues with Updates KB4456688/KB4100347? – and added more information today. There's something in stock.
Registry entries incorrectly documented?
Furthermore, German blog reader Karl Wester-Ebbinghaus informed me in a comment to that the registry entries, which are necessary to activate the Spectre patches, are incorrectly documented by Microsoft. I added this within my blog post Security Advisory-Update ADV180018 and informed Microsoft employee Michael Niehaus via Twitter – let's see what happens.
Overall, I'd say there's some chaos right now. It reminds me of the first Intel microcode updates Microsoft released for Spectre and Meltdown in early January 2018. These had to be pulled shortly afterwards.
Advertising
Are updates revised/blocked in WSUS?
At least under WSUS something strange thins are happening at the moment – the updates seem to be withdrawn or revised. Today I received two reader mails (thanks to Axel and Markus for the hints) on that topic.
WSUS: Microcode updates set to rejected
The first information by Swiss blog reader Markus B. refers to an observation under WSUS. Markus wrote:
On the WSUS tonight the microcode updates from last week were set to rejected.
Do you have any other reports?
I noticed it while viewing the mails from WSUS.
Then Markus sent me the following text excerpts of the updated WSUS update notification.
New Update Alert
The following 15 new updates have been synchronized to WUS-V301 since Monday, August 27, 2018 22:36 (GMT).
Critical and Security Updates
No new critical or security updates were synchronized.
Other Updates
Definition update for Windows Defender Antivirus – KB2267602 (Definition 1.275.237.0)
To resolve problems in Windows, install this update. For a complete list of the fixes in this update, see the corresponding Microsoft Knowledge Base article for more information. After you install this component, you may need to restart your computer.
2018-07 Update for Windows 10 Version 1507 for x86-based systems (KB4091666)
2018-07 Update for Windows Server 2016 for x64-based systems (KB4091664)
2018-07 Update for Windows 10 Version 1803 for x86-based systems (KB4100347)
2018-07 Update for Windows 10 Version 1607 for x86-based systems (KB4091664)
2018-07 Update für Windows 10 Version 1607 für x64-basierte Systeme (KB4091664)
Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1.275.263.0)
2018-07 Update for Windows 10 Version 1507 for x64-based systems (KB4091666)
….
The above messages also include Intel Microcode updates (e.g. for July 2018), which I have discussed in the articles linked below.
Second mail about microcode updates
Also German blog-reader Axel H. has contacted me twice by e-mail today. He wrote me this:
Hello Günter,
in July/August several microcode updates from Microsoft appeared in WSUS, some with known numbers.
According to the description they are from July, but I could swear I didn't receive them until August…
These are the ones:
– 2018-07 Update for Windows 10 Version 1607 for x86-based Systems (KB4091664)
– 2018-07 Update for Windows 10 Version 1607 for x64-based Systems (KB4091664)
– 2018-07 Update for Windows 10 Version 1703 for x86-based Systems (KB4091663)
– 2018-07 Update for Windows 10 Version 1703 for x64-based Systems (KB4091663)
– 2018-07 Update for Windows 10 Version 1709 for x64-based Systems (KB4090007)
– 2018-07 Update for Windows 10 Version 1709 for x86-based Systems (KB4090007)
– 2018-07 Update for Windows 10 Version 1803 for x64-based Systems (KB4100347)
– 2018-07 Update for Windows 10 Version 1803 for x86-based Systems (KB4100347)Somehow I had a bad feeling and haven't released it yet. Today they were suddenly no longer in the list of not yet released updates. Since I didn't declined it must have been Microsoft.
As I understand it, this is exactly what blog reader Markus told me above. Axel continued:
At least I found out that KB4091664 has been replaced by KB4346087.
I have found an article written by you that deals with the new updates, but not that it will replace others.
I have not yet researched whether any KB article in English contains a revision. Actually, it is Microsoft's task to document all this in a timely manner. Axel told me in another mail an additional observation:
I don't have the new, so replacing updates in WSUS. At least not yet.
These are the information I collected from my blog posts and received from my two blog readers. Perhaps one of you has made similar observations and can confirm that. Or you know sources at Microsoft where microcode update revisions are documented. At the moment I can only classify it as a 'bit of chaos in the microcode updates'. Or how do you see it?
Addendum: Same questions at askwoody.com
Seems to be an incident, seconds after I published the above article, Susan Bradley posted this article on askwoody.com with some additional information. It seems that Microsoft withdraw several updates.
Similar articles
Foreshadow (L1TF) Intel CPU vulnerabilities
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Microsoft: Issues with Updates KB4456688/KB4100347?
Security Advisory-Update ADV180018
Trend Micro WFBS: issues with update KB4100347
Intel Microcode Updates KB4100347, KB4090007 (July 2018)
Windows 10 V1803: Microcode update KB4100347 (05/15/2018)
Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018)
Advertising
Pingback: Patch Lady – what’s up with the Microcode updates? @ AskWoody
Wtf…
I will check our WSUS
on thursday because I've manually imported all microcode updates as of 2018-08
Back in the Windows 98/XP days, waiting a couple of months before applying updates was a smart move. Moving forward to Windows 10, it seems we're back.
Apparently, Microsoft seems to be unable to deliver stable software. More often than not, updates render systems unusable and Microsoft doesn't seem to bother. At least, this is going on since Windows 10 RTM and Microsoft hasn't change course since then.
In regards to microcode updates, one should refrain from installing them at all as long as BIOS updates are available. If BIOS updates are not available, one should contact the device vendor how to proceed.
Did a test and I can confirm KB4091664 has killed Lenovo M90 and M83.
After restart windows installs the update, then rolls back the update, restarts again and you get a black screen with "an operating system wasn't found…"