Jump to content

CPU Microcode Update Driver


alacran

Recommended Posts

Quote

This Fling is a Windows driver that can be used to update the microcode on a computer system’s central processor(s) (“CPU”). This type of update is most commonly performed by a system’s firmware (“BIOS”). However, if a newer BIOS cannot be obtained from a system vendor then this driver can be a potential substitute.

VMware CPU Microcode Update Driver: https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver

Linux Processor Microcode Data File Version: 20180108 (Latest) Date: 1/8/2018: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t

I am on a i3 3225 Win7x64 PC, followed instruction on page https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions and was able to confirm on  "Event Viewer" "Successfully updated microcode on one or more CPUs".   

Unfortunatelly after running SpecuCheck I got this:

Quote

Microsoft Windows [Versión 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.

C:\>SpecuCheck.exe
SpecuCheck v1.0.5 -- Copyright(c) 2018 Alex Ionescu
https://ionescu007.github.io/SpecuCheck/ -- @aionescu
-------------------------------------------------------

Mitigations for CVE-2017-5754 [rogue data cache load]
-------------------------------------------------------
[-] Kernel VA Shadowing Enabled: yes
├───> with User Pages Marked Global: yes
└───> with PCID Flushing Optimization (INVPCID): no

Mitigations for CVE-2017-5715 [branch target injection]
-------------------------------------------------------
[-] Branch Prediction Mitigations Enabled: no
├───> Disabled due to System Policy (Registry): no
└───> Disabled due to Lack of Microcode Update: yes
[-] CPU Microcode Supports SPEC_CTRL MSR (048h): no
└───> Windows will use IBRS (01h): no
└───> Windows will use STIPB (02h): no
[-] CPU Microcode Supports PRED_CMD MSR (049h): no
└───> Windows will use IBPB (01h): no

C:\>

NOTE: Wasn't able to run PowerShell script on my win7x64 so that's why I ran SpecuCheck. Of course KB4056897 was installed on my system before doing all this.

VMware program did work (as I confirmed), but in file "microcode-20180108.tgz" Intel Microcode Data File for my i3 3225 was not patched for this vulnerabilities. So this means Intel is launching this file "microcode-20180108.tgz" to public and not all Microcode Data have been updated to fix this vulnerabilities and no mention to this on download page.

INTEL HAS LOST ALL CREDIBILITY FOR ME.

Somebody with a newer Processor should check this in order to verify if Intel has fixed this on recent Processors.

 

alacran

Edited by alacran
Add more info
Link to comment
Share on other sites


As we can see in following pictures VMware CPU Microcode Update Driver really works updating the Microcode.

Before applying VMware CPU Microcode Update Driver:

5a564964b0ca6_Beforeupdatemicrocode.png.dcd7b0dafc6920a4701568cca5afc71b.png

 

After applying VMware CPU Microcode Update Driver:

5a5649752519f_Afterupdatemicrocode.png.8654a2727a36d2acf58207a597146a8d.png

But Intel has not updated it to fix this vulnerabilities on recent version for my i3 3225, as SpecuCheck reported:

Specucheck.png.d05b62a8418c8152ef486fb33c3d7db7.png

 

alacran

 

 

 

 

 

Link to comment
Share on other sites

From an info I got on MDL only the CPU's on following list got a Microcode Update on Linux Processor Microcode Data File Version: 20180108 (Latest) Date: 1/8/2018 (absolutely necessary to make Windows patch to work).

Quote

CPUID=306C3 Rev=23 2017/11/20 CRC=16535FE4 Off=0 Size=5C00 Plat=1,4,5
CPUID=306D4 Rev=28 2017/11/17 CRC=734956F1 Off=0 Size=4800 Plat=6,7
CPUID=306E4 Rev=42A 2017/12/01 CRC=9B215C1F Off=0 Size=3C00 Plat=0,2,3,5,6,7
CPUID=306F2 Rev=3B 2017/11/17 CRC=B4A4C42D Off=0 Size=8400 Plat=0,1,2,3,5,6
CPUID=306F4 Rev=10 2017/11/17 CRC=40551AAB Off=0 Size=4400 Plat=7
CPUID=40651 Rev=21 2017/11/20 CRC=2B637CE4 Off=0 Size=5800 Plat=1,4,5,6
CPUID=40661 Rev=18 2017/11/20 CRC=A2AC454C Off=0 Size=6400 Plat=1,4,5
CPUID=40671 Rev=1B 2017/11/17 CRC=4763E424 Off=0 Size=3400 Plat=1,5
CPUID=406E3 Rev=C2 2017/11/16 CRC=C6C6F699 Off=0 Size=18400 Plat=6,7
CPUID=50654 Rev=200003C 2017/12/08 CRC=A4059069 Off=0 Size=6C00 Plat=0,1,2,4,5,7
CPUID=50662 Rev=14 2017/12/16 CRC=9161527A Off=0 Size=7C00 Plat=4
CPUID=50663 Rev=7000011 2017/12/16 CRC=B17C1102 Off=0 Size=5800 Plat=4
CPUID=506E3 Rev=C2 2017/11/16 CRC=328B43AF Off=0 Size=18400 Plat=1,2,4,5
CPUID=706A1 Rev=22 2017/12/26 CRC=CA264967 Off=0 Size=12000 Plat=0
CPUID=806E9 Rev=80 2018/01/04 CRC=6961A256 Off=0 Size=18000 Plat=6,7
CPUID=806EA Rev=80 2018/01/04 CRC=F6263DAE Off=0 Size=18000 Plat=6,7
CPUID=906E9 Rev=80 2018/01/04 CRC=6AA1DE93 Off=0 Size=18000 Plat=1,3,5
CPUID=906EA Rev=80 2018/01/04 CRC=84CABC68 Off=0 Size=17C00 Plat=1,5
CPUID=906EB Rev=80 2018/01/04 CRC=D24EDB7F Off=0 Size=18000 Plat=1

Source: https://forums.mydigitallife.net/threads/security-flaw-patch-for-intel-cpus-could-result-in-a-huge-performance-hit.76081/page-5#post-1402924

So it seems if your CPU is not in that list you are out of luck and they decided not to update your CPU Microcode.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...