xezs.xezs :
YoAndy :
TJ Hooker :
@YoAndy the fix for these vulnerabilities on Intel platforms is a OS and FW patch in tandem. The OS patch would have to come through MS, but the FW (BIOS) would come through your mobo manufacturer, i.e. ASRock.
Edit:
https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
"Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer."
Yes for bios and microcode update that's correct.
Just admit you were wrong.
About what? We are having a conversation, And no I'm not wrong I know that you don't know but "Windows can update CPU microcode on boot" and it actually does I'm not sure about you but we all know that most security updates are at the OS level and windows is releasing all the updates and doing it automatically(if windows update is enabled).
Patching operating systems and i did agree that the Microcode updates can be loaded onto the CPU by firmware (usually called BIOS) and yes those could be downloaded manually by going to the computer manufacturer site like Dell or HP, or motherboard manufacturers.
Microcode updates can be loaded onto the CPU by firmware (usually called BIOS even on computers that technically have UEFI firmware instead of old-style BIOS) or by the operating system. Microcode updates do not persist across reboot, so in the case of a dual-boot system, if the microcode update isn't delivered via BIOS, both operating systems have to provide the update. So we can always let windows do it for us and that's what most people are doing, so doing manually trough a motherboard manufacturer still makes no sense to me.
To allow Windows to load updated microcode onto the CPU, we have to make sure Windows Update is enabled and set to install updates. Is that simple..
Microsoft says firmware updates are only required to protect against what’s being described as Spectre variant 2. For Meltdown and Spectre variant 1, Microsoft has isolated kernel and user mode page tables and hardened Edge and Internet Explorer 11 to protect against JavaScript exploits. Windows updates for 41 editions of the operating system are now available, and Microsoft expects the four remaining supported editions will be patched soon
Now there is a side story if you are using older computers with older hardware, if system received patches for the Meltdown bug, but has received incomplete patches for the Spectre bug.
This was to be expected, as Google said last month that Spectre is harder to exploit, but also harder to patch.
What this means is that you need additional chipset firmware updates. Microsoft and Google say that OEMs will need to provide users with these additional firmware updates to complete the Windows OS-level Spectre patches. Depending on your computer's age, some OEM might not make these firmware updates available, meaning you'll be stuck with an incomplete Spectre patch.
http://www.techradar.com/how-to/how-to-protect-against-the-meltdown-and-spectre-cpu-security-flaws