Intel Updates Microcode Guide To Address Meltdown Attacks -- Redmondmag.com

Intel Updates Microcode Guide To Address Meltdown Attacks

By Kurt Mackie
02/23/2018

Intel this week released an updated "Microcode Revision Guidance" document (PDF) that includes more detailed information about the state of its firmware patches to address potential Meltdown and Spectre attack scenarios.

The chipmaker additionally noted in an announcement that it has "released production microcode to our OEM [original equipment manufacturer] customers" for processors using its Coffee Lake, Kaby Lake and additional Skylake technologies. Intel is addressing sixth-, seventh- and eighth-generation processors now, plus Intel Core X. It's also addressing Xeon Scalable and Xeon D processors for datacenters.

Meltdown and Spectre are attack methods demonstrated publicly by researchers in January that affect most computer processors. Addressing these vulnerabilities involves applying a firmware (or microcode) patch to the CPU and also an operating system update to Windows and Linux systems.

Typically, the microcode patches from the chip vendors get tested by OEMs first before public release, but these releases haven't been without problems. For instance, there have been bricked AMD-based machines after Windows updates, and there have been reboot problems associated with Intel-based machines after some microcode updates were applied.

Intel's updated "Microcode Revision Guidance" perhaps will be helpful for IT pros. They need to check which microcode updates were approved for "production" use by the OEMs, which typically are computer makers such as Dell, HP, Toshiba and the like. In some cases, if their computer vendor isn't deemed to be an OEM (that is, it's just a PC builder that puts together computer parts), then they'll have to get approved microcode updates from the CPU makers, such as AMD, Intel, Nvidia and more. In that case, the key information to go by for Intel chip users is the "Production Status" column in Intel's guidance document.

The patches released so far typically have been for Meltdown attack scenarios. Spectre is considered to be a harder problem for the computer industry to fix, and the released patches may not be addressing it. While malware using the techniques hadn't been detected "in the wild" by researchers who disclosed the techniques back in January, AV-Test detected some malware samples earlier this month that could be using the techniques.

Organizations likely will have tracking burdens regarding the OS and microcode updates for Meltdown and Spectre. Microsoft recently added some Meltdown and Spectre update tracking capabilities into its Windows Analytics tool for organizations to that end, but using it involves permitting some "telemetry" information sharing. The updates, when applied, will have the effect of slowing down systems in some cases, depending on the workload.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.