Intel announced yesterday that they have released updated microcodes for Skylake-based processors to OEMS and other partners that resolve the unpredictable behavior and reboots related to Spectre mitigation. On January 27th, Intel stated that they had discovered the cause of the reboots and have since been able to do so in other platforms.
This updated microcode was released for Skylake U, Y, U23e, H, & S CPUs, but is not currently available to the public. Instead of publicly releasing it, Intel has made it available to OEM customers and industry partners to that they can extensively test it before making it openly available.
In this updated advisory, Intel continues to advise customers not to install the currently available microcode as it will cause system instability.
In the interim, and pending release of updated microcode, our guidance for customers and partners remains largely unchanged:
We continue to recommend that OEMs, Cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions of microcode, as they may introduce higher than expected reboots and other unpredictable system behavior.
We also continue to ask that our industry partners focus efforts on evaluating the early versions of updated microcode solutions that we have started rolling out in Beta form.
For those concerned about system stability while we finalize these updated solutions, earlier this week we advised that we were working with our OEM partners to provide BIOS updates using previous versions of microcode not exhibiting these issues, but that also removed the mitigations for ‘Spectre’ variant 2 (CVE 2017-5715)
Microsoft also provided two resources for users to disable current microcode on platforms exhibiting unpredictable behavior:
For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 – client and server
For advanced users– refer to the following Knowledge Base (KB) articles
KB4073119: IT Pro Guidance
KB4072698: Server Guidance
Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system.
The Spectre patches have been a source of many problems since they were released, with Microsoft going as far as to issue an emergency out-of-band update that rolled back mitigation for the Spectre V2 bug. While we do not know when the updated Skylake microcodes will be fully available, hopefully they will be the answers people have been looking for.
This couldn’t come soon enough as malware may be coming soon that uses released POC exploits that target Spectre and Meltdown vulnerabilities. In the interim make sure to have an updated security solution installed and be careful what you open and install.
- February 8, 2018