by Martin Brinkmann on August 22, 2018 in Windows – No comments
Will it ever end? Microsoft released new Intel microcode updates for Windows 10 that install or update protections against various Spectre variants.
The updates are available for Windows 10 versions 1803, 1709, 1703, 1607 and 1507, and currently only available on the Microsoft Update Catalog website.
Günter Born notes that the update will also become available through Windows Update and WSUS, but this does not appear to be the case at this point in time.
The updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346087 and KB4346088 update protections against attacks targeting vulnerabilities in Intel processors that affect most Intel processors.
If you don’t know whether your Intel processor is affected try the free tool InSpectre for Windows to find out about it. You may also run commands from a PowerShell prompt to display vulnerability information.
The summary page highlights what the update does:
Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms that are related to Spectre Variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”), Spectre Variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”), L1TF (CVE-2018-3615, CVE-2018-3646: “L1 Terminal Fault”). In addition to microcode updates previously released in KB4100347 to address Spectre Variant 2 (CVE 2017-5715: “Branch Target Injection”), this update also includes microcode updates from Intel for the following CPUs.
In other words, the new update adds protection against Spectre variants 3a and 4, and includes previous updates as well that Intel and Microsoft released earlier.
The updates are standalone updates for the version of Windows 10 they have been created for. The mitigations are active immediately on client systems; Server administrators need to make modifications to systems they administrate to apply the protections according to Microsoft.
Windows 10 version 1803 users who check Windows Update may get an updated version of KB4100347 at this point in time. It is unclear why this update is delivered since it has been replaced by the update mentioned below.
- Windows 10 version 1803: KB4346084 (Catalog link) — the update replaces KB4100347
- Windows 10 version 1709: KB4346085 (Catalog link) — the update replaces KB4090007
- Windows 10 version 1703: KB4346086 (Catalog link) — the update replaces KB4091663
- Windows 10 version 1607: KB4346087 (Catalog link) — the update replaces KB4091664
- Windows 10 version 1507: KB4346088 (Catalog link) — the update replaces KB4091666
Closing Words
I wish Microsoft would make it easier for users and administrators to follow what is going on. Why is there no page on the Microsoft website that lists operating system versions and the patches available for them to deal with Spectre threats?