Microsoft Offers Resources To Block Flawed Intel Firmware Updates

Microsoft on Friday published a software update and guidance on how to block Intel's flawed firmware updates for potential Spectre variant 2 attacks.

At issue is a broad security problem affecting most CPUs, generally known as the "Meltdown" and "Spectre" attack methods. No known attacks have been publicized yet using those techniques but the flaws were openly documented by researchers, so systems are thought to be vulnerable. Industry has generally responded to the potential threats by issuing both operating system patches (for instance, from Microsoft and Apple) and CPU firmware updates (also known as "microcode") from chipmakers Intel, AMD and ARM.

Intel admitted last week that firmware updates it released for its Broadwell and Haswell processors to block these types of attacks were causing reboot issues for some users. It suggested that its OEM partners should stop issuing these flawed updates and wait for new updates from Intel.

A description of which Intel processors were issued the potentially flawed microcode is available in Intel's Microcode Revision List document. Not all Intel Broadwell processors were issued the revised microcode. Intel had previously said that other processors were affected by the reboot problems, too, namely "Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms." When asked about those processors last week, an Intel spokesperson indicated that Intel was prioritizing its Broadwell and Haswell fixes with OEMs first.

Late last week, Microsoft issued Knowledge Base article KB4078130 to give organizations some tools to block the flawed Intel firmware updates from arriving. One of the tools is a standalone out-of-band update (KB4078130) that's available for download from the Microsoft Update Catalog. Users wanting it have to go and get it. This update for Intel-based systems will disable the "mitigation against CVE-2017-5715 -- 'Branch target injection vulnerability,'" which is the Spectre variant 2 attack method. The update addresses the reboot issue apparently by blocking the fix.

For "advanced users," Microsoft is also offering manual workarounds via registry edits, namely:

Those workarounds disable the Spectre variant 2 attack mitigations for Intel systems. The idea is to disable the mitigations until Intel delivers the fixed microcode. At that time, users presumably would have to remove the blocks they had set, perhaps by uninstalling KB4078130 or undoing registry edits. Update 1/30: A Microsoft spokesperson clarified that if KB4078130 gets installed, then organizations wanting to get the updated microcode from Intel when it's ready will have to make a registry change. Here's how the spokesperson described it:

For clarification, KB4078130 will not have to be uninstalled. It simply automated the manual steps outlined in Microsoft's guidance. Once Intel provides a microcode update, the mitigation will need to be enabled via the registry key as described in Microsoft's customer guidance.

Microsoft recommends enabling Intel's code when ready: "We recommend that Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

  • Q&A: The Challenges of Securing All Those Newly Remote Workers

    Security expert Dale Meredith identifies cybersecurity challenges, best practices and major concerns resulting from all the employees forced into home offices by COVID-19.

  • Astronaut Survival Training: A Crash Course in Sea Survival

    Lots of things can go wrong during a commercial spaceflight -- especially once your capsule leaves space. An unplanned ocean landing is just one of those worst-case scenarios.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.