Intel/AMD uCode fix for Spectre, HT bug fix and Meltdown.

I was going to say that to you but @inm8#2 got it first

I will put a notice about it as we speak now.

Edit:- Post is updated now

 

I just wanted to point out something here and please if you see that I'm wrong correct me then... after all I'm human


If you see the difference on performance [before the Spectre & Meltdown thingy events] then I'm sure that it will have effect changes on security too same as performance changes

I would like to add another thing is I tried to make it load as early as possible by doing this trick

Open the registry and go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpumcupdate] look at the [Start] key... usually you will find the value will be (2) [Which means Automatic] so... change it to (1) [Which means it will load with the system]

I tried to put (0) [Which means it will load at boot] but it didn't work and it failed to apply the new microcode.

 

I checked my system and can't seem to get OS support to true, the registry fixes should enable it but for some reason it doesn't, any ideas why?

Still running like a champ, better than ever, maybe AW related?

 

I tried the automated patch on my MSI 16L13 with the i7 7700K, and while it applied properly, it causes Windows Explorer to behave strangely when I connect a USB drive. ESET NOD32 recognizes it, and I get the popup asking if I want to scan the drive. However, the prompt that usually comes up from Windows itself does not. The drive is accessible and usable in Explorer, but it won't eject when I initiate the command to do so. Uninstalling the patch reverts everything back to normal.

Edit: After applying the registry fix noted here, everything seems to be working normally.

 

Thanks for the tip I'll try. I tried adding uCodes to InsydeFlash BIOS but the flashing refused to flash it saying Insecure Image and refused to flash.
There are some performance decrease and I felt Win 10 mitigated that decrease using some portion of RAM as a result I did see W10 consumed less RAM.

 

Yeah im just going to wait, OCN reporting errors even at stock. Intel needs to put in the effort and give us a stable microcode release

 

Changelog:-
- Updated post
- Included older CPU Microcode link for those who wants it

 

Intel Microcode revision list for client - datacenter/ workstation.PDF


I mean latest Cpu Microcode in OP should be safe. Not the one posted by Intel.

 

@THEBOSS619 I'm pulling the latest ucode file and reverting to older download links since Intel microcode pages has removed the latest uCodes.
CRC32: 92EBF2DE
MD5: 723A20FF20665A0F36B37D0F331F2B08
SHA-1: 49C28EC435542CDBAE698A0FE31662589D1CA66D
SHA-256: EF0B9BA83CE474CAC95AF16A7E906AE9C746DB0386F2E438E9445D335A02D976

 

I will add it to the google drive link because it is considered older since it is dated to [Fri Nov 17 01:21:16 CST 2017]

Thanks for the valuable file... it is true that they removed this specific microcode.

Do you know the reason why they removed it on there official Intel website?

 

All microcode were buggy and pulled due to issues. I highly recommend to revert to BA/BE uCode.

 

I got Ryzen uCode bin file and will be uploaded once the beta testing is over.

 

Here is the zip file with Ryzen uCodes, I didn't try it so anyone can test if its working correctly or not using HWINFO Summary window.
Note: Ryzen ucodes aren't tested so make sure you have image backup of Windows before proceeding.

 

@THEBOSS619 Do you know anyone has Ryzen CPUs to test if its working or not?

 

Thanks for the uCodes! I'm sure it will help AMD users but Unfortunately I don't know anyone who got Ryzen CPU .. once we have some reports that it is working without problems... I will put it on the Main post

 

Maybe @Deks is interested?

 

No offense, but I'm not about to play about with a microcode that could make my CPU non-operational and void my warranty in the process.
Besides, AMD being affected by these security issues are minor in comparison to Intel and easily addressed with OS security patches which don't really need microcode updates... at the very least, Ryzern should be much less susceptible as well considering one needs actual access to the CPU in question by working from the computer itself.

 

It doesn't void warranty at all, it doesn't mess with BIOS at all, the vmware ucode updater just applies the ucode at windows startup. If you observe performance issues, click on uninstall.bat and everything is removed.

 

@THEBOSS619 can your tool be used to downgrade CPU microcode to an older version?

I would like to use this uCode trick to overclock my locked Haswell CPU.

 

I don't think it will work unless you rename that older uCode to FF and put them in vmware updater for it to work!
I heard newer uCodes really lowered temps by 5-7C and allowed much stable clocks.
Ask @judal57

 

As @Vasudev said , But What you are asking for is not possible at all on software level to overclock a non K CPU's and it can only be made at BIOS level [Which means integrating the Microcode file to your BIOS file and flash it] , I don't know but theoretically it is not possible but practically... I might be wrong because I never tried it

Google is your friend

 

Actually 4710/4720HQ is unlocked BGA chip.

 

Totally true for 4th Gen there is some exceptions Forgot to mention that even 4700MQ is unlocked BGA chip also

 

FWIW, on Friday I flashed the Mighty Mini with ASRock's new BIOS which contains update uCode for Skylake CPUs. I can't say these results will be typical, but my idle temps on the CPU were in the 42-46C range, and VCore was at 1.126V. Much too hot for my liking. I was even considering a repaste this weekend.

After the flash, idling at 32-34C with 1.066VCore on the CPU

What a difference a flash makes!

 

New Linux* Processor Microcode Data File
Version: 20180312 (Latest) Date: 3/12/2018

@Vasudev Maybe you could make a new patch for those who run Win 7/8/8.1 and some versions Win 10. As you know Micro$haft have only Microcode patches ready for Fall Update.

 

With Microsoft's pushing out of the Intel CPU microcode updates through Windows Updates, Microsoft may have Windows covered moving forward, if you want their patch that is:

http://forum.notebookreview.com/thr...patches-and-more.812424/page-89#post-10694956

 

I'll wait for another week to see if there's any isolated/outstanding problems.

 

Well.. I will do it right now as we speak , Just to give chance for people who like to take risks and doesn't care if nuclear bomb happened on there house

I'm already testing it on my own laptop and will see if there is any difference within few days

 

Changelog:-
- Updated post
- Updated file to the latest version available
- Added the previous uCode file to my google drive in case anyone wanted to test older versions of uCodes
- Removed the big red note as media already did there job for warning all users

 

+rep

From what I have seen. Haswell and newer should be safe.

I have used the so called unsafe/problematic microcode for Kaby Lake without problems (+2 months). Same with newer 84.

Because Dellienware pushed out ****y firmware (with newest ucode) for older BGA models , doesn’t mean all the other OEMs models have problems.

 

thanks for said tool! All working as intended

 

I've been experiencing some instability with the latest microcode for my Skylake build. I updated to the latest Spectre fixed microcode version C2 using KB4090007 in Windows Update, and the instability I've been experiencing is when running Prime95 at the same time as Firestrike Graphics Test 1 on a loop (I was doing such a torturous routine because I'm testing air temperatures in my PC case, desktop PC) - within 10 to 15 minutes it would crash out of Firestrike. I investigated potential causes such as unstable CPU or GPU overclocks, but I was able to rule that out. I realised I had updated the CPU microcode recently, so decided to uninstall KB4090007 and so revert back to my old previous CPU microcode (version BA), and then retested stability with Prime95 and Firestrike running at the same time - it was stable for 40mins, whereas with the new Spectre fixed microcode it would always crash out of Firestrike within 10 to 15 minutes.

I also noticed since reverting to my older CPU microcode that gaming is smoother - BF1 (game) had more stutters with the newest C2 microcode.

At the moment I'm on the older 'unsafe' microcode, I'm not sure if I'll update to the latest one again as the new microcode seems a little bugged when both CPU & GPU are pushed to their absolute limits at the same time, it also created that stuttering in BF1.

EDIT: added strikethrough as I later found this not to be the cause! Is smoother in BF1 though.

 

Its the Windows implementation to protect against Spectre, its too cpu intensive and very strict. On linux the latest kernel with retpo reduce the impact of perf.
Disable Spectre protection using Inspectre and install new uCode. @Prema suggested this method.

 

Arghh, this is embarrassing, I was just running Prime95 & Firestrike loop just now to do further PC case temperature experiments and it crashed out of Firestrike, and this is with the old microcode. So, it's not the new microcode causing that instability - apologies for the confusion, I jumped to conclusions earlier, had a couple of fluke runs coinciding with updating to old microcode. I'll cross out my earlier post so people don't waste time & brain resources reading it!

However, BF1 did have less stutters with the old microcode, so I guess there's a little element of value to my recent posts perhaps! Sorry!

 

Others are reporting the same thing. Unable to maintain the same high OC doing the same test running at the edge of stability, they have to pull back a bit on the OC, and then a bit more, to be stable again.

So you are seeing "something", either unstable extra work being done now with the mitigations - some of the solutions used are kinda odd, adding jitter and inserting random instructions to "clear" residual data.

These might "work" but also might not work in all cases without using excess resources.

Your canary is dying, best to run out of the mine into the fresh air.

 

Ha, don't worry, I've not been down the mine that long!

(To be clear I'm on an old microcode version now, not the new Spectre protected microcode - the crashes are happening on both, it's just I thought wrongly that the crashes were due to the Spectre protected microcode - it's something else).

 

Have you tried roll back to earlier Windows backup point? Or tested your backup?

 

Yeah, good idea. Problem is, I can't be sure I ever ran Prime95 using all 8 threads & Firestrike together earlier on in my build, I can't remember so there's not really a point of reference here. I've definitely run Prime95 using only 4 threads & Firestrike together in the early days of my build, I have notes on that, might have to delve further into my notes to see if I've ever done 8 threads.

 

Well, that's why I thought I'd mention others are reporting instability at highest OC too, and they aren't so unsure of the source of the problem, it goes away when they revert the patch.

So, it might still be related to the new / old microcode differences.

 

I think we're at cross wires here, it sounds like you don't understand the history of what happened to my system, but I have described it in my earlier posts. The instability is happening both with & without the new microcode. I initially posted here saying that the new microcode was causing the instability, but now I have just recently posted saying that the instability is happening on both microcodes - i.e. it's not the microcode causing the problem. Getting fed up trying to explain my own posts now. I think most people will understand my posts - it's not the microcode causing the instability, I was mistaken earlier when I said it was the new microcode causing the issue. I'm not posting anymore about this now, as we're going round in circles, and muddying the waters for people reading this.

 

Yeah, I got that, your system has problems independent of the microcode, same problem with and without. Really, I got that just fine.

I'm letting you know instability is being introduced into otherwise stable systems by the new microcode patch from Microsoft.

That's it, really, I am understanding what you are saying, do you get that I am saying something is wrong with the Microsoft Microcode Patch stability outside your own mistaken experience?

That information will help you if you fix your own system instability issues, and then see instability issues come back when installing the Microsoft Microcode patch.

I'll leave it there, perhaps it will clear up for you now, if not later.

 

I really don't know what your logic is, it's not making sense. The microcode patch KB4090007 is what you're talking about is my guess. Now I installed that, that's how I updated to the new Spectre protected microcode. I have now uninstalled that patch & ergo do not have the latest microcode installed - it by nature reverted to the old microcode, and I'm still having the instability issue. This is going around in circles again, I don't understand your logic. Ha, I did say I wouldn't post again on this topic, and I probably will hold to that if your next post is as illogical as your previous.

 

Yeah, you've got a curious mind block on this

Nevermind, go ahead and fix your system instabilities, and then go from there. Good luck.

 

Well, I am tired, but still I bet if I bother to read this in the morning that I still won't know where you're coming from, I think I've explained the situation clearly, I don't think there are many variables in this discussion that my tired mind can become confused on - it just seems that you're confused from my perspective. Ha, sleep time now.

 

Hi all. Just curious what is the latest uCode to install for the I7 7700HQ? My CPU is idling at 50 to 55 C°. I'm not sure if I have the latest codes for my CPU. Please advise. Thank you

 

uCode won't reduce the temps. Simple run install.bat as admin and you can check previous and after updated uCode using HWINFO summary page or CPU section.

 

New Linux* Processor Microcode Data File Version: 20180425 (Latest) Date: 4/25/2018

 

Doing it today.. ASAP right now... I'm on my work time

 

Is anyone else having difficulty extracting this latest microcode.dat file? I've tried WinRAR and 7zip (w/ both I've found the files seem bundled differently)... or I'm f'ng it up somewhere. Thanks much~!

 

Just saw this this morning:

http://www.guru3d.com/news-story/ei...r-intel-discovered-four-of-them-critical.html

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
by Hilbert Hagedoorn on: 05/03/2018 10:55 AM | Source | 45 comment(s)



News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.

German c't / Heise reports and breaks the news today, as the new vulnerabilities have not been made public just yet. There would be 'no doubt' that these are real vulnerabilities. While technical details are missing, the attack scenarios resemble close to what the Spectre vulnerabilities are.

Currently, most at risk are shared hosting providers, once you have access to your rented server-container, you could exploit the processor to retrieve secure data. All eight vulnerabilities share the same design problem that the "Meltdown and Spectre" vulnerabilities detailed as well - they are, so to speak, Spectre Next Generation ergo Spectre NG. c't mentions they have concrete information about Intel's processors and their patch plans. However, there are some indications that other processors are affected as well, at least some ARM CPUs are also vulnerable to some extent. Further research into whether and to what extent the AMD processor architecture is vulnerable at (if at all), is not yet known.

Intel is reportedly actively and nervously working on Spectre NG patches behind the scenes; other patches are developed in collaboration with the operating system manufacturers (Microsoft / Linux etc). When exactly the first Spectre NG patches and firmware updates will become available is not yet clear. According to information, Intel is planning at least two patch waves: a first one should start in May; a second is currently scheduled for August. For at least one of the Specter NG patches is already a specific date as it was Google's Project Zero that has found one of the vulnerabilities, on May 7 - the day before the Windows Patchday - the 90-day warning period expires. So it's likely that when the first patch would be released for Microsoft Windows. Microsoft is preparing CPU patches: they appear to be in the form of optional Windows updates, and not so much microcode updated (firmware). The PC motherboard and server manufacturers probably need too long for BIOS updates.

Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes.