Intel on Thursday released a microcode update for the latest speculative execution flaws, such as the MDS attacks, that have affected its CPUs. The update is now available for both consumer and server versions of Windows 10 build 1903, but users must install it manually.
The list of vulnerabilities is below:
- CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:
- Apollo Lake
- Cherry View
- Gemini Lake
- Haswell Desktop
- Haswell M
- Haswell Xeon E3
- Valley View
Now, the company has learned that some both older and newer CPU generations were also affected, including:
- Sandy Bridge
- Sandy Bridge E, EP
- Valley View
- Whiskey Lake U
Microcode updates aren’t typically installed via the Windows operating system so it’s up to users to install them. You can find download details below:
- Windows 10 version 1903/1909: KB497165
- Windows 10 version 1809: KB4494174
- Windows 10 version 1803: KB4494451
- Windows 10 version 1709: KB4494452
- Windows 10 version 1703: KB4494453
- Windows 10 Version 1607: KB4494175
- Windows 10 Version 1507: KB4494454
Many of the patches that aimed to mitigate the speculative execution attacks against Intel’s processors have also led to a performance hit. The new microcode updates may be no different, but in the end they could end up critical for the security of your system. For most cases, it would be wise to update regardless of the potential performance impact.
I don't get it, please help me understand. The revised SA00233 was published in June and none of the microcode patches in KB4497165 (1909 x64) are newer than May 2019 with most that are pertinent to SA00233 being from Feb 2019 to Apr 2019 with the exception of Apollo Lake and Gemini Lake which date back to 2018.
Now there have been microcode patches released in the fall of 2019 such as for Kaby Lake Y / U which as of 3rd Oct 2019 is 22 revisions higher than that in KB4497165.
and actually i didn't even see the 4790k mentioned in the patch details...
(although every other Haswell was mentioned, e.g. 4770k)
but i installed it anyways and here are the results:
CINEBENCH R20 (for those who can't see attached Screenshot)
Keep in mind i only ran these tests once.
i also have the latest BIOS for cpu microcode on Win10 1909
Before “windows10.0-kb4497165-v4-x64” - fresh reboot Score 1908
Using “InSpectre.exe” to disable Spectre & Meltdown - reboot Score 1930
Renabled “InSpectre.exe” to enable Spectre & Meltdown
Then Installed “windows10.0-kb4497165-v4-x64”- reboot Score 1946CINEBENCH R20 LINK
Whatever this means is up to you, but i'm happy enough not to disable any patch for performance reasons.
So, anyone doing storage-intensive tasks or gaming should look to corresponding benchmarks.