Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.
Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. Intel released microcode updates for its processors to provide operating systems with greater control over certain aspects of this speculative execution; however, the company's initial releases were found to cause problems.
Intel has since fixed the microcode bugs, but until this point Microsoft has said that Windows users should turn to their system vendors to actually get the new microcode.
Microcode updates have two main distribution channels. The first is system firmware; the firmware can update the processor during system boot. The value this has is that it's independent of the operating system, and it ensures that the system is always using the current microcode when it's in use. The downside is that many vendors do not provide firmware updates for systems more than a few years old, and even when firmware updates are available, they typically need to be manually hunted down and installed.
The second route to distribution is through the operating system installing new microcode. Windows has microcode drivers for Intel and AMD processors and will update their microcode when it starts up. These drivers are periodically updated to include the latest microcodes. For reasons that aren't entirely clear, Microsoft hasn't been offering the latest Intel microcode updates through its driver, leaving the firmware the only option.
However, that changes today. Microsoft is offering a microcode update on the Windows Catalog. Initially, this only covers certain Skylake processors, but Microsoft says it will expand as more microcodes become available. The company doesn't yet appear to be committing to shipping this update through Windows Update; it must still be downloaded and installed manually from the Catalog.
Microsoft is also warning, again, that all Windows updates now require the use of a compatible, up-to-date anti-virus program. The changes made to the operating system to address the Meltdown flaw are significant and have revealed many bugs and incompatibilities in anti-virus software. To ensure that the patch isn't applied to machines with an incompatible anti-virus program, the update—and every subsequent update—requires a special registry key to exist. This registry key is created by anti-virus software to indicate that it's compatible with the Meltdown fixes.
Systems without a compatible anti-virus application won't have the registry key, and, hence, those won't receive any further Windows Updates. This includes systems with no anti-virus software at all. Windows 8.1 and 10 both include integrated anti-virus software that'll set the key and enable updates appropriately; Windows 7 users without anti-virus software will have to install suitable software themselves. Microsoft's own Security Essentials works, as do various third-party options.
reader comments
79