steven36 Posted November 12, 2020 Share Posted November 12, 2020 Intel on Tuesday evening released their 20201110 CPU microcode package as their first collection of updated CPU microcode binaries since June and it's a big update. Following the disclosure of some 40 new security advisories for their products including the notable "PLATYPUS" vulnerability affecting Intel RAPL, they released the Intel 20201110 CPU microcode package for Linux users to address these security problems as well as other CPU bugs. INTEL-SA-00381 is addressed as an information disclosure vulnerability around the fast store forward predictor and an AVX flaw where a local attacker can obtain the register state of previous AVX executions. INTEL-SA-00389 is also addressed with the updated microcode and is in regards to the Intel RAPL vulnerabilities known as PLATYPUS. The updated microcode updates go along with the updated Linux kernel patches issued today, including the disabling of reading Intel CPU energy information by non-root users. Besides the CPU security updates, there are also a number of "functional issue" updates around CPU bugs spanning many different generations. For example, Ice Lake processors have fixes around VT-d and a Type-C port issue that could lead to system hangs. Xeon Scalable Cascade Lake has a fix for where interrupts may be lost when a core exits C6. There are also various other random CPU bug fixes in the microcode too. The Intel 20201110 microcode package is also the first time including binaries for Cooper Lake, Lakefield, Tiger Lake, and Comet Lake. The updated Intel CPU microcode files are available via GitHub. Side Note: got mine today on auto updates from Ubuntu Source Link to comment Share on other sites More sharing options...
steven36 Posted November 12, 2020 Author Share Posted November 12, 2020 Canonical Reverts Intel Microcode Update in Ubuntu Due to Boot Failures in Tiger Lake Systems Canonical has reverted the Intel Microcode update released on November 11th for all supported Ubuntu Linux releases to address a regression causing boot failures on some Intel Tiger Lake systems. New security vulnerabilities are affecting all Linux systems running certain Intel processors. On November 10th, Intel released a new Intel Microcode firmware for Linux systems, and new Linux kernel versions were made available as well to address these new flaws. As I reported the other day, Canonical was quick to patch the Intel Microcode packages in all of its supported Ubuntu releases, including Ubuntu 20.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM, and also released new kernel versions. Unfortunately, the Intel Microcode update caused a regression on certain processors in the Intel Tiger Lake family CPUs, causing the system to not boot. Therefore, Canonical now reverted the Intel Microcode update to the previous version only for the Tiger Lake processor family. The company behind Ubuntu also informs users that they can use the dis_ucode_ldr kernel parameter in the boot menu to disable the microcode firmware from loading in case of a system recovery operation. If you’re using one of the supported Ubuntu releases on a computer powered by an Intel Tiger Lake processor and you already installed yesterday’s Intel Microcode update, it is highly recommended that you update the system again to the new Intel Microcode version that’s already in the main repositories. If you installed yesterday’s Intel Microcode update and you’re experiencing boot failures on your Ubuntu system, you should use the kernel command-line option mentioned above to prevent the microcode firmware from loading and recover your system by updating via the terminal prompt using the following commands. sudo apt update && sudo apt full-upgrade Source Link to comment Share on other sites More sharing options...
steven36 Posted November 12, 2020 Author Share Posted November 12, 2020 They new update that came out on GitHub now microcode-20201112 for the Pentium Silver N/J5xxx, Celeron N/J4xxx chips security only fixes Security updates for INTEL-SA-00381. Security updates for INTEL-SA-00389. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md Link to comment Share on other sites More sharing options...
funkyy Posted November 12, 2020 Share Posted November 12, 2020 For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the right direction to download the microcode. They really don't make it easy/clear for folk. And this happens every time there has been a microcode update. 2 minutes ago, steven36 said: They new update that came out on GitHub now microcode-20201112 for the Pentium Silver N/J5xxx, Celeron N/J4xxx chips security only fixes Security updates for INTEL-SA-00381. Security updates for INTEL-SA-00389. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md I guess my processor isn't affected then? Thanks steven36. Link to comment Share on other sites More sharing options...
steven36 Posted November 13, 2020 Author Share Posted November 13, 2020 3 minutes ago, funkyy said: For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the right direction to download the microcode. They really don't make it easy/clear for folk. And this happens every time there has been a microcode update. I guess my processor isn't affected then? Thanks steven36. yes its effected it just they back porting fixes for older chips Link to comment Share on other sites More sharing options...
steven36 Posted November 13, 2020 Author Share Posted November 13, 2020 @funkyy Here are the list of processors for the Microcode update from Windows 10 updates https://support.microsoft.com/en-us/help/4497165/intel-microcode-updates I thought M$ blocked Kabylake on Windows 7 before it ran out of updates and Windows 8 .1 that still gets updates ? WSUS Offline Update still works for Windows 8.1 for KabyLake but they removed support for Windows 7 . Link to comment Share on other sites More sharing options...
straycat19 Posted November 13, 2020 Share Posted November 13, 2020 21 minutes ago, steven36 said: I thought M$ blocked Kabylake on Windows 7 before it ran out of updates and Windows 8 .1 that still gets updates ? They did but it was very easy to circumvent it and install retail versions of Windows 7. I still have systems running Windows 7 on Kabylake processors. Link to comment Share on other sites More sharing options...
steven36 Posted November 13, 2020 Author Share Posted November 13, 2020 2 minutes ago, straycat19 said: They did but it was very easy to circumvent it and install retail versions of Windows 7. I still have systems running Windows 7 on Kabylake processors. Maybe you can tell him how to update his microcode i remember you doing a post on it before , I dont hardly ever boot into windows anymore . To much hassle . Link to comment Share on other sites More sharing options...
random Posted November 13, 2020 Share Posted November 13, 2020 1 hour ago, funkyy said: For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the right direction to download the microcode. They really don't make it easy/clear for folk. And this happens every time there has been a microcode update. I guess my processor isn't affected then? Thanks steven36. The only realistic way to use the new microcodes for you is to mod your BIOS. I wouldn't recommend bothering. Even if you update to Win10, the OS won't really give you the latest, newest microcodes. For example, the latest microcodes offered for my Coffee Lake by Win10 is the 0xB4 version, which is (I think) from April 2019. The latest offered by my motherboard vendor, i.e. a BIOS update, is from April 2020, 0xD6, so a year more recent than the Microsoft offering. The latest one, as we speak, is 0xDE, from May 2020. Also, before you update, before you think of modding the BIOS etc. - there are no known in the wild exploits for Spectre/Meltdown/side channel vulnerabilities, since early 2018 - the newer microcodes are quite horrible performance-wise, even for newer CPUs like Coffee Lake. Intel messed with things like undervolting, default uncore/ring multipliers, and general performance is lower in multiple benchmarks. That doesn't mean you'll see it in games or other day to day tasks, at least if your CPU is powerful and new enough. But it does exist, and it's annoying. Link to comment Share on other sites More sharing options...
funkyy Posted November 13, 2020 Share Posted November 13, 2020 1 hour ago, steven36 said: Maybe you can tell him how to update his microcode i remember you doing a post on it before , I dont hardly ever boot into windows anymore . To much hassle . It's ok guys..I have a headache with this...I'll just live dangerously!!! Thanks anyway. Thanks Random...I am not anywhere near capable of tampering with the BIOS...that's way above my pay grade!! I'll just continue as I always do..in blissful ignorance!! Link to comment Share on other sites More sharing options...
steven36 Posted November 13, 2020 Author Share Posted November 13, 2020 24 minutes ago, random said: The only realistic way to use the new microcodes for you is to mod your BIOS. I wouldn't recommend bothering. Even if you update to Win10, the OS won't really give you the latest, newest microcodes. For example, the latest microcodes offered for my Coffee Lake by Win10 is the 0xB4 version, which is (I think) from April 2019. The latest offered by my motherboard vendor, i.e. a BIOS update, is from April 2020, 0xD6, so a year more recent than the Microsoft offering. The latest one, as we speak, is 0xDE, from May 2020. A whole lot more got updates this time Intel CPU products updated on September 1, 2020 Amber Lake Y Amber Lake-Y/22 Avoton Broadwell DE A1 Broadwell DE V1 Broadwell DE V2, V3 Broadwell DE Y0 Broadwell H 43e Broadwell Server E, EP, EP4S Broadwell Server EX Broadwell U Broadwell Y Broadwell Xeon E Cascade Lake Cascade Lake Server Cascade Lake-W Coffee Lake H (6+2) Coffee Lake S (6+2) Coffee Lake U43e Coffee Lake H (8+2) Coffee Lake S (4+2) Coffee Lake S (4+2) x/KBP Coffee Lake S (4+2) Xeon E Coffee Lake S (4+2) Xeon E (U0) Coffee Lake S (6+2) x/KBP Coffee Lake S (6+2) Xeon E Coffee Lake S (6+2) Xeon E (U0) Coffee Lake S (8+2) Coffee Lake S (8+2) x/KBP Coffee Lake S (8+2) Xeon E (R0) Coffee Lake S/H (8+2) [R0] Comet Lake U42 Comet Lake U62 Haswell Desktop Haswell H / Haswell Perf Halo Haswell Server EX Haswell U Haswell Xeon E3 Kaby Lake G Kaby Lake H Kaby Lake Refresh U 4+2 Kaby Lake S Kaby Lake U Kaby Lake U23e Kaby Lake X Kaby Lake Xeon E3 Kaby Lake Y Skylake H Skylake S Skylake Server Skylake U Skylake U23e Skylake Xeon E3 Skylake Y Valley View / Baytail Whiskey Lake-U42 Before just these Intel CPU products updated on Januiary 30, 2020 and February 25, 2020 Denverton Sandy Bridge Sandy Bridge E, EP Valley View Whiskey Lake U Intel CPU products updated on August 29, 2019 Apollo Lake Cherry View Gemini Lake Haswell Desktop Haswell M Haswell Xeon E3 Valley View Link to comment Share on other sites More sharing options...
steven36 Posted November 13, 2020 Author Share Posted November 13, 2020 Windows 10 KB4589212 adds 4 more CPUs to windows 10 updates NOV 10 This Intel microcode release adds four additional CPU families that will receive the latest fixes from Intel. Avoton Sandy Bridge E, EN, EP, EP4S Sandy Bridge E, EP Valley View / Baytrail https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/ Full list here https://support.microsoft.com/en-nz/help/4589212/intel-microcode-updates It’s also worth noting that Microsoft is pushing the Intel microcode updates along with Windows 10’s November 2020 cumulative updates. https://www.windowslatest.com/2020/11/12/windows-10-kb4589212-intel-microcode-update/ Baytrail this was released back in 2013 2nd gen Atom , 4th gen Intel Spectre 1&3 was patched with firmware + kernel update Spectre 2 required a BIOS update as well. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.