Windows Enterprise Desktop

Mar 14 2018   12:42PM GMT

MS Offers New Spectre Updates

Ed Tittel Ed Tittel Profile: Ed Tittel

Tags:
Firmware
Windows 10
Windows Security
Windows Update

Late yesterday, another post on the Windows Blogs for Windows 10 appeared. It offers additional news and insight, and something of a progress report, on Spectre and Meltdown issues. It’s from John Cable, MS Director of Program Management, Windows Servicing and Delivery. The title reads “March 2018 Windows security update — Expanding our efforts to protect customers.” But it isn’t until you get to the second heading that things get interesting. Labeled “Expanding … coverage … to address Spectre and Meltdown vulnerabilities” it tells us MS offers new Spectre updates. A bit of digging is required to understand what’s going on here, though.

Understanding How MS Offers New Spectre Updates

Bottom line: coverage for microcode updates through the Microsoft Catalog is expanding. For a full list of covered items, one is advised to consult KB4093836. The short list is Skylake, Kaby Lake and Coffee Lake processors. You actually must  visit KB409007 to see that list or a download link  from the Microsoft Update Catalog. All that said, I applied that update to my Skylake production desktop without difficulty. I didn’t notice any perceptible performance delays added thereby, but my day is still young!

Where does this leave the world in terms of Windows coverage for Intel processors, one might wonder? According to Wikipedia’s “List of Intel Processors,” not very far. Most of those processors came out some time after the start of 2015. The list of major CPUs by family name has the following timeline:

Sandy Bridge (2007) → Ivy Bridge (2012) → Haswell (2013) →
Broadwell (2014) → Skylake (2015) → Kaby Lake (2016) → Cannonlake\Coffee Lake (2017)

Only the items in red are covered for this vulnerability. My two Lenovo laptops have Sandy Bridge (i7-2640M) CPUs. The Surface Pro 3 has a Haswell (i7-4650U). The  Dell Venue Pro 11 7130 likewise Haswell (i5-4210Y), and my Dell XPS 2720 again Haswell (i7-4770S). My production desktop is Skylake (i7-6700). The boss’s mini-ITX has an Ivy Bridge (i7-3630QM), and the boy’s desktop has a Haswell (i7-4770K). That means that here where I live and work, only 1 in 8 machines is currently covered. Covering Haswell takes care of half the population. Lenovo promises to cover Sandy Bridge as soon as it can. But if MS doesn’t issue an Ivy Bridge update, that machine may never get coverage: Jetway, the mobo maker for that unit, shows little or no inclination to join the dance.

What’s Next?

I sincerely hope that Microsoft will dig back at least two more steps on the preceding timeline. That means providing coverage for at least Haswell and Broadwell processor families. Ideally, I’d like to see them go all the way back to Sandy Bridge. But, as always, only time we’ll tell. We’ll see!

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Henleu
    Sorry that I don't quite understand. I thought the Windows Updates in Jan2018 have already settled everything?
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: