Intel Microcode Patches Now on the Microsoft Update Catalog

Share this…

Microsoft announced this month it would be including Intel microcode (BIOS) updates meant to fix the graver version of the Spectre vulnerability as Windows Update packages made available via the Microsoft Update Catalog portal.

Microsoft greatly expanded the number of such packages, extending support from the initial Skylake 6th gen processor family to many more CPU series, information security training researchers said.

 

Microsoft-Logo

This means that many Windows users who utilize Intel CPUs but have not received BIOS updates from their motherboard manufacturer may now be able to install the Spectre variant 2 (CVE 2017-5715) patch just by downloading a Windows update package from Microsoft’s portal.

Information security professionals told; Microsoft did not initially plan to distribute microcode updates. These packages patch the Spectre vulnerability that Microsoft initially said it couldn’t fix at the software level, and deferred the patching operations to OEMs. The OS maker later changed its mind because some OEMs were missing in action, failing to integrate Intel’s microcode fixes.

Currently, Microsoft is embedding these Intel CPU microcode patches as updates to the operating system’s CPU driver, an unorthodox method of delivering microcode updates, which have previously been left to OEM vendors only, usually delivered as BIOS updates.

Microsoft’s custom updates are only meant for Windows 10 version 1709 and Windows Server, version 1709 (Datacenter, Standard) users, and not for Windows 7, 8, and 8.1 machines. Microsoft’s original Meltdown and Spectre patches must be already installed.

Users have to visit the Windows Update Catalog, search and download these update package manually, as they’re not included in the regular, self-installing Windows Update mechanism, information security training professionals said.

According to KB4090007, the Windows Update Catalog portal now includes Intel microcode patches for the following Intel processor models:

Product Names (CPU) Public Name CPUID Intel Microcode Update Revision Microsoft Update Standalone Package Version
Skylake H/S 6th Generation Intel Core Processor Family 506E3 0xC2 V1.001, V1.003
Skylake U/Y & Skylake U23e 6th Generation Intel Core m Processors 406E3 0xC2 V1.001, V1.003
Skylake Server SP (H0, M0, U0) Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T 00050654 0x2000043 V1.003
Skylake D (Bakerville) Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT 00050654 0x2000043 V1.003
Skylake X (Basin Falls) Intel® Core™ i9 79xxX, 78xxX 00050654 0x2000043 V1.003
Kaby Lake U 7th Generation Intel® Core™ Mobile Processors 000806E9 0x84 V1.003
Kaby Lake U23e 7th Generation Intel® Core™ Mobile Processors 000806E9 0x84 V1.003
Kaby Lake Y 7th Generation Intel® Core™ Mobile Processors 000806E9 0x84 V1.003
KBL-R U 8th Generation Intel® Core™ Mobile Processor Family 000806EA 0x84 V1.003
Kaby Lake G 7th Generation Intel® Core™ Processor Family 000906E9 0x84 V1.003
Kaby Lake H 7th Generation Intel® Core™ Processor Family 000906E9 0x84 V1.003
Kaby Lake S 7th Generation Intel® Core™ Processor Family 000906E9 0x84 V1.003
Kaby Lake X 7th Generation Intel® Core™ Processor Family 000906E9 0x84 V1.003
Kaby Lake Xeon E3 7th Generation Intel® Core™ Processor Family 000906E9 0x84 V1.003
Coffee Lake H 6+2 8th Generation Intel® Core™ Processor Family 000906EA 0x84 V1.003
Coffee Lake S 6+2 8th Generation Intel® Core™ Processor Family 000906EA 0x84 V1.003
Coffee Lake S 6+2 Xeon E3 8th Generation Intel® Core™ Processor Family 000906EA 0x84 V1.003
Coffee Lake S 6+2 x/KBP 8th Generation Intel® Core™ Processor Family 000906EA 0x84 V1.003
Coffee Lake S (4+2) 8th Generation Intel® Core™ Desktop Processor Family 000906EB 0x84 V1.003