Skip to main content

Intel Releases New Microcode Updates for old CPU Bugs

(Image credit: Shutterstock)
(Image credit: Shutterstock)

Intel on Thursday released a microcode update for the latest speculative execution flaws, such as the MDS attacks, that have affected its CPUs. The update is now available for both consumer and server versions of Windows 10 build 1903, but users must install it manually.

Vulnerability Details

The list of vulnerabilities is below:

  • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)

Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:

  • Apollo Lake
  • Cherry View
  • Gemini Lake
  • Haswell Desktop
  • Haswell M
  • Haswell Xeon E3
  • Valley View

Now, the company has learned that some both older and newer CPU generations were also affected, including:

  • Denverton
  • Sandy Bridge
  • Sandy Bridge E, EP
  • Valley View
  • Whiskey Lake U

Microcode updates aren’t typically installed via the Windows operating system so it’s up to users to install them. You can find download details below: 

Many of the patches that aimed to mitigate the speculative execution attacks against Intel’s processors have also led to a performance hit. The new microcode updates may be no different, but in the end they could end up critical for the security of your system. For most cases, it would be wise to update regardless of the potential performance impact.

  • Beetlebox
    Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:
    Apollo Lake
    Cherry View
    Gemini Lake
    Haswell Desktop
    Haswell M
    Haswell Xeon E3
    Valley View

    I don't get it, please help me understand. The revised SA00233 was published in June and none of the microcode patches in KB4497165 (1909 x64) are newer than May 2019 with most that are pertinent to SA00233 being from Feb 2019 to Apr 2019 with the exception of Apollo Lake and Gemini Lake which date back to 2018.

    Now there have been microcode patches released in the fall of 2019 such as for Kaby Lake Y / U which as of 3rd Oct 2019 is 22 revisions higher than that in KB4497165.
    Reply
  • Kent Ferguson
    i just did a few simple benchmarks over the last day to resolve to myself the performance hit to my i7-4790k
    and actually i didn't even see the 4790k mentioned in the patch details...
    (although every other Haswell was mentioned, e.g. 4770k)
    but i installed it anyways and here are the results:

    CINEBENCH R20 (for those who can't see attached Screenshot)

    Keep in mind i only ran these tests once.
    i also have the latest BIOS for cpu microcode on Win10 1909

    Before “windows10.0-kb4497165-v4-x64” - fresh reboot Score 1908
    Using “InSpectre.exe” to disable Spectre & Meltdown - reboot Score 1930
    Renabled “InSpectre.exe” to enable Spectre & Meltdown
    Then Installed “windows10.0-kb4497165-v4-x64”- reboot Score 1946CINEBENCH R20 LINK
    Whatever this means is up to you, but i'm happy enough not to disable any patch for performance reasons.

    Cheers
    Reply
  • bit_user
    Kent Ferguson said:
    CINEBENCH R20 (for those who can't see attached Screenshot)

    Keep in mind i only ran these tests once.
    i also have the latest BIOS for cpu microcode on Win10 1909

    Before “windows10.0-kb4497165-v4-x64” - fresh reboot Score 1908
    Using “InSpectre.exe” to disable Spectre & Meltdown - reboot Score 1930
    Renabled “InSpectre.exe” to enable Spectre & Meltdown
    Then Installed “windows10.0-kb4497165-v4-x64”- reboot Score 1946CINEBENCH R20 LINK
    Whatever this means is up to you, but i'm happy enough not to disable any patch for performance reasons.
    Thanks, but consider that cinebench is mostly compute-bound. The sorts of things that are usually affected by these patches are intensive storage tasks and other device interactions (including the GPU, as in the case of games).

    So, anyone doing storage-intensive tasks or gaming should look to corresponding benchmarks.
    Reply