
New Intel Microcodes for Windows 10 Released to Fix CPU Bugs - fortran77
https://www.bleepingcomputer.com/news/microsoft/new-intel-microcodes-for-windows-10-released-to-fix-cpu-bugs/
======
jkhliouio34u5
> _Intel Microcode updates are not installed via Windows Update and must be
> installed manually._

What does this mean? That only those who know that they need them should apply
them? What should I do (as a software developer) with my machine?

~~~
numpad0
A microcode update is a binary blob loaded to CPU on boot.

Modern Intel CPUs itself are sort of a runtime environment that has its
language and program RAM. By placing said blob onto BIOS(UEFI firmware) ROM,
CPU can find it, fetch it and load onto internal mini-RAM during power-up.

The structure of BIOS/firmware ROM differs among board manufacturers and it
cannot reliably be altered from Windows by Microsoft(its all the same in
actuality though). Thus the microcode update blob must be integrated into and
installed by manufacturer or as per their instructions.

Personally I don’t care. I only care about speed. I want the latest AGESA, but
I opt Meltdown patches be left off.

~~~
AnssiH
The OS can update the Intel microcode at runtime just fine as well, and e.g.
Linux and Windows offer such updates (like the one described by this very
article). So BIOS/UEFI update/involvement is not needed.

------
drewg123
Cloudfare wants me to solve a capcha to access the site (firefox). Amazingly,
if I turn off ublock origin, the capcha solves itself.

~~~
tyingq
It's regrettable that this is current state. Google equates a login and recent
activity with them as being a "legit person". Anything short of that means
you're a malicious bot. The traffic dominance of Cloudflare and Google
deserves some real independent scrutiny.

~~~
yjftsjthsd-h
That's an interesting thought: If Cloudflare didn't exclusively use Google to
determine if you're a human, I wouldn't mind them nearly as much.

~~~
techslave
they don’t. they also have their own cloudflare “token” thing. can’t remember
the name of it right now.

found it: privacy pass

~~~
loeg
Being asked to install arbitrary code to run in browser extension privileged
context is perhaps one of the only things they could have done worse than
google's captcha.

~~~
tonyztan
For what it's worth, the extension is open source:
[https://github.com/privacypass/challenge-bypass-
extension](https://github.com/privacypass/challenge-bypass-extension)

~~~
AstralStorm
And does not work almost always.

------
RachelF
I'll await some benchmarks before installing these. The last ones caused a 14%
performance hit.

~~~
SlowRobotAhead
I could be totally wrong, but this was part of my justification for buying our
new servers with AMD Epyc chips and not Intel. Mainly that the numbers made
more sense, but also recent vulnerabilities and mediation issues.

------
Santosh83
Will these at some point be available through Windows update? If not then how
does Microsoft expect the vast majority of non-tech savvy people to deploy
these protections?

~~~
GlitchMr
Yes.

------
voltagex_
[https://support.microsoft.com/en-
us/help/4497165/kb4497165-i...](https://support.microsoft.com/en-
us/help/4497165/kb4497165-intel-microcode-updates) has the full list of CPUs
supported by the update.

------
jammygit
...AMD seems hurt a lot less than intel by these exploits so far, and are also
releasing some really cool hardware. It might be good to buy some stock and
see how the next few years go?

~~~
unlinked_dll
IIRC (not a down and dirty systems guy, not familiar with parlance) AMD CPUs
weren't speculatively executing transitions to lower rings, which was the crux
of Meltdown (as opposed to Spectre).

The big thing with AMD from my outsiders' perspective was their gambit on
chiplets, which improved yields at 7nm quite immensely and could be done by
Intel at 10/5nm down the road.

In terms of money though the thing to look at is power consumption, which
dominates mobile and server spaces. Zen2 is a marvel because of its
efficiency, and should start to appear among the big purchasers for cloud
services in the coming months.

------
blendergeek
Can I install these from Linux?

~~~
doublepg23
It should make it to your distro in the form of an intel-ucode package or
similar name.

------
mehrdadn
Does this disable any features?

~~~
NullPrefix
Is speed a feature?

