Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake

(Image credit: Shutterstock (721076332))

As spotted by Linux publication Phoronix, Intel released CPU microcode updates for processors all the way back to Coffee Lake on Friday afternoon. Unfortunately, the changelog doesn't delve into details other than that the new microcode fixes an undisclosed security issue.

The security issue didn't make the list on Patch Tuesday, a colloquial term referring to companies that released patches on the second Tuesday of each month. Furthermore, Phoronix noted that there hadn't been any mentions of a CPU microcode update or any new Intel Security Advisory for the month. 

Security Advisories are fixes for vulnerabilities that Intel has discovered affecting its products. Given the sudden CPU microcode release, it's safe to assume that the security vulnerability is likely a new one that Intel hasn't publicly communicated yet. However, it's not unheard of for chipmakers to roll out security updates or microcode before the issue comes to light.

Nayeli Rico, a BIOS engineer at Intel, uploaded the release notes and source code for the microcode-20230512 release 20 hours ago. The description reads: "Security updates for [INTEL-SA-NA]." The "SA" acronym likely stands for Security Advisory; meanwhile, "NA" probably stands for "Not Available." 

Whatever the security vulnerability may be, it evidently affects many of Intel's platforms, including the latest consumer Intel 13th Generation Core Raptor Lake and 4th Generation Xeon Sapphire Rapids server chips. However, it's the first time that recent lineups, such as Alder Lake-N and Atom C series (Arizona Beach), received a microcode update. The lengthy list includes desktop processors dating as far back as the Coffee Lake days and mobile chips starting from Kaby Lake going forward.

Without proper documentation, we cannot assess the scope of the security issue. Intel's list only mentions the platforms that will receive the new microcode. It doesn't expressly state whether the issue only impacts the platforms mentioned in the list or if legacy processors before Coffee Lake are also susceptible.

Motherboard vendors typically include new microcode in their firmware updates. However, unless it's a pressing issue, sometimes it takes a bit when manufacturers release new firmware. Occasionally, it's faster for chipmakers to push the microcode update through a Windows update. However, this medium type has disadvantages since it doesn't alter the hardware or the firmware. Instead, the operating system must load the microcode during each restart.

In the meantime, the new CPU microcode update has already arrived on Linux, and Phoronix is already conducting tests to measure the performance impact on Intel's mobile Alder Lake-P and desktop Raptor Lake processors. Windows users should receive the microcode shortly.

Zhiye Liu
RAM Reviewer and News Editor

Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

  • Elusive Ruse
    Goddammit! You were not supposed to find out!
  • Metal Messiah.
    Releasing the patches some time before disclosing the vulnerability has become a standard practice at this point, and it can give people some time to upgrade. It's actually not a bad idea to release patches before disclosing any specific vulnerability.
  • Peter Cockerell
    However, this medium type has disadvantages since it doesn't alter the hardware or the firmware. Instead, the operating system must load the microcode during each restart.
    Not sure I get this. As far as I understand it, microcode updates are stored in volatile memory on the processor. This means they always have to be loaded at restart, no matter where they come from. The only thing that varies is how early in the boot process (or after boot) they're applied
  • Matt_ogu812
    Elusive Ruse said:
    Goddammit! You were not supposed to find out!
    ‘Oh what a tangled web we weave/When first we practice to deceive,’