New InSpectre release reveals if microcode updates are available
We reviewed the InSpectre application by Gibson Research when it first came out in January 2018.
The program checked whether Meltdown or Spectre patches were installed on the Windows machine and gave an estimate on the performance impact those patched had on the system.
Microsoft released a security update for Windows in January to address some of the issues associated with the vulnerabilities. The company published instructions on finding out if Windows PCs were affected by Spectre or Meltdown; soon thereafter, third-party programs such as Ashampoo Spectre Meltdown CPU Checker or InSpectre were released to make this even easier for users and system administrators.
InSpectre Release #8
Gibson Research released several InSpectre updates that improved the application's functionality. Release 7 listed information about the CPUID, and yesterday's new release, Release 8, shows to you whether a microcode update is available or not.
Intel revealed recently that it won't publish microcode updates for processors that the company has not patched already. The company published a PDF document entitled "Microcode revision guidance" which reveals processors with and without microcode updates.
Gibson's program uses the list to highlight whether microcode updates are available for the device's CPU.
Usage is still very simple: download the latest version of the application from the official project website and run it after the download. InSpectre is a portable application that does not need to be installed. You can run it from any location, or put it on a USB Flash Drive to run it on any device you connect the Flash Drive to.
The program displays the vulnerability status of the system on start. It shows whether the system is protected against Meltdown or Spectre attacks, and the performance impact.
"Microcode Update Available"Â highlights whether Intel released microcode updates for the processor.
Microsoft released an update for Windows 10 version 1709 that includes the microcode update for patched processors.
KB4090007 lists available products and CPUIDs. Windows users can download the update for Windows 10 version 1709 from the Microsoft Update Catalog website to protect against Spectre Variant 2 attacks.
The update is listed as critical but it has not been distributed via Windows Update or other automatic update services yet.
Closing Words
InSpectre offers one of the easiest ways to find out if a Windows system is fully patched against Spectre or Meltdown vulnerability attacks. The new version shows whether Intel released an microcode update for the process which should make things easier as well.
Now You: How is your system's protection status?
I get a red flag for Spectre, but the rest is OK.
Has anyone tried the suggestion on the bleepingcomputer site to address the problem? https://www.bleepingcomputer.com/news/security/the-intel-microcode-boot-loader-protects-older-cpus-from-spectre/ (I’m always wary of using third party apps especially where making changes to the CPU is concerned).
What bothers me as well is that when I try to install an Intel update it tells me it’s not applicable to my CPU (Haswell) even though it’s listed as a 4th generation model, notably a i5-4200M which isn’t listed anywhere :(
https://www.intel.com/content/www/us/en/support/products/122139/processors/intel-core-processors.html
Y/N/Y/slower
But the second Yes is confusing, yes there is microcode update made available by microsoft for Ivy, but Gigabytes lates bios update for my mb is 2014
At least it is mentioned in this text… lame…
Spectre & Meltdown Vulnerability Status
System is Meltdown protected: YES (GREEN)
System is Spectre protected: YES (GREEN)
Microcode Update Available: YES (GREEN)
Performance: GOOD (GREEN)
CPUID: 406E3 (Bold BLACK)
(full details below)
This report actually shows that the system is fully patched, and the hardware and OS are providing the best possible protections. When Microsoft Updates updated my Intel Microcode, it hit the Registry settings and disabled Spectre protections. I use the built-in InSpectre tool to restore the Registry settings to enable the protections again. This restored my perfect score, as displayed above.
In the Report, the availability of a microcode update listed in green does not mean you have to apply an update. It means that there is an update and that the update has been applied to this system.
This is an Intel Skylake Gen-6 core-i5 system. It has other microcode issues affecting sound drivers and shutdown. Those are not repaired by any current hardware or OS fixes.
I run both Linux and Windows on this system. Neither OS has fixes for the non-security performance issues which have always been part of the unique set of quirks of the Skylake Gen-6 Intel processors.
– rc primak –
It appears to me per KB4100347 that Inspectre may soon have a Release 9.
Performance: GOOD
Great! The InSpectre app detected that my Skylake laptop had a microcode update available and Windows 10 offered an update that I had to manually install.
I also have an Ivy Bridge desktop, but Windows 10 doesn’t have an update for it so I’m at the mercy of my manufacturer for a BIOS update. Not likely going to get one at this rate.
In my case, CPUID 306C3 is in production, but Toshiba has yet to confirm a release date.
Haven’t updated my Windows 7 x64 since August 2016. It runs smoothly and works as it should. Has secured it other ways.
A friend of mine has updated his 7 x64 and he has so many bugs/problems with it….
These Quality Rollups are a joke…as Microsoft !
How can a patch protect against a hardware architecture that are vulnerable ? I don’t believe in what is said, at least not when it comes to “Spectre”. To me it sounds like propaganda.
System is Meltdown protected: YES
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: GOOD
CPUID: 306D4
I installed the update and my CPUID changed to the one above but im still vulnerable!
I have the same result as you. Windows Update History says KB4099007 is successfully installed.
The latest version of the tool says I can run it in administrator mode and then use the buttons at the bottom. I am on the administrator account. This DOES NOT WORK … even if I right-click and run as administrator. Methinks more versions are ahead.
Like others have found, this tool tells me there is a microcode update.However, Lenovo has another opinion on that …
Lenovo is aware of the vulnerabilities in certain processors exploited by side channel analysis attacks (also known as “Meltdown†and “Spectreâ€). We have been working with processor and operating system partners to incorporate fixes as we receive them. Please visit Lenovo’s Security Advisory page for the latest information. This site will be updated frequently as new information becomes available.
Needless to say, they have nothing available for my intel xeon processor.
BTW, for those so eager to find a fix ASAP, be aware that there may be some phony fixes out there that leave you high and dry.
What ain’t broke needs no fix.
ha ha, I am in the clear #######! 😋
Don’t use windows…
Spectre & Meltdown have nothing to do with Windows, you know…
It’s a bug in the CPU architecture. It’s mitigated through a combination of OS patches (also on Linux) and a microcode (BIOS) update.
System is Meltdown protected: YES
System is Spectre protected: YES
Microcode Update Available: YES
Performance: SLOWER
CPUID: 206A7
Bah! They screwed up the name, should have been Spectre Checker.
by they you mean 1 guy, steve gibson
Windows Update on Windows 10 x64 Home says KB4099007 is successfully installed. (Addendum to my previous post)
Spectre & Meltdown Vulnerability Status
System is Meltdown protected: NO!
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: GOOD
CPUID: 206A7
I’m so frightened, terrible, it’s giving me nightmares, I’ve been told that I yell while sleeping “Meltdown, no! Spectre, no no no please, I beg you on my knees…”. Huuuge.
Thanks Intel:
System is Meltdown protected: YES
System is Spectre protected: NO!
Microcode Update Available: NO!
Performance: SLOWER
CPUID: 1067A
The Intel microcode updates required to allow this operating system to protect its user against the most severe Spectre attacks, and/or to minimize their impact upon the system’s performance, are not — and Intel has stated — will never be made available for this system’s processor. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)
“How is your system’s protection status?” Much better NOW!
On my desktop (Haswell Win7 Pro) I recently Uninstalled the January and February Security-Only Windows patches, I had not updated past Feb., and I have never installed any microcode. I had been doing the Security-Only updates since 2016.
I decided to hold off on the patches to fix the problems caused by the Jan-Feb patches. January introduced the “Total Meltdown” bug that now requires a patch. The March update created a bug where “Network Interface Card settings can be replaced, or static IP address settings can be lost†and then there are possible issues with SMB memory leaks. And then… even if you don’t use Internet Explorer it’s best to keep it updated but the IE11 March update was replaced with another parch that fixes IE11 doesn’t start after installing the first IE11 patch from earlier in the month. WTF?
All of the interns from the local pre-school that Redmond is using to work on the Windows 7 Updates should be doing something else, maybe designing a new Zune?
Thank You Mr. Gibson, I’ll be using the app in the future, I hope, once all of the manure dust settles. Anyway, there are no known exploits for Meltdown or Spectre, never have been.
All are protected here with Haswell and Z97. Thanks to ASrock.
Asus, Gigabyte, MSI – never again.
Thanks for posting this, Max! I’ve got a friend with an ASRock Z97 Extreme4, and the last time I checked for him, the Spectre-patched BIOS hadn’t yet been released. (I think I must have checked just a few days earlier.) Have you noticed any new problems or quirks? Any minor non-Spectre bugs in the old BIOS that have been fixed?
I installed KB4099007 for 396D4 (production 0x2A). After a restart and running Steve Gibson’s Inspectre Version 8 again, it says my laptop failed for Spectre but it now shows my chip is 306D4. Checking KB40909007 for that last 306D4 points to production 0x2A again. Re-downloading KB4099007 and trying to install it again gives message it is already installed.
I have the same issue installing the update caused a massive slowdown and inspectre still says I’m unpatched!!
Windows Update on Windows 10 x64 Home says KB4099007 is successfully installed. (Addendum to my previous post)
Asus support told me today they are working on a BIOS update for my netbook which may be available in a few weeks, Additionally, Microsoft is working on a total solution with no projected completion date made public.
System is Meltdown protected: YES
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: GOOD
CPUID: 306C3
It says µcode is available, but frankly I can’t find it anywhere.
My motherboard is MSI Z97-GAMING-5, so I’m hoping MSI ever get around to fixing a bios for haswell.
System is Meltdown protected: YES
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: GOOD
CPUID: 306C3
It says µcode is available, but frankly I can’t find it anywhere.
My motherboard is MSI Z97-GAMING-5, so I’m hoping MSI ever get around to fixing it.
Yes, same here !!
Z97ASUS same CPUID …….
Spectre & Meltdown Vulnerability Status
System is Meltdown protected: NO!
System is Spectre protected: NO!
Microcode Update Available: YES
Performance: GOOD
CPUID: 406F1
I enjoy having a working system.
+1. Same as mine. Windows 7 updates blocked for 3 years now. i5-2410M CPU Sandy Bridge.
>it’s as if he likes being insecure
We don’t know if he’s insecure or not. He’s just not patched against those exploits. There are other ways of covering that security hole.
+1, not falling for scare tactics.
Updates causes more problems then cures.
enjoy your exploits
@tux, are you one of the exploiters?
no
I love your honesty (and humor) Yulia.
Any patch could very well make things worse than they are now. We ALL know this.
Strange, this tool shows my CPUID=306C3 and a Spectre-fix should be available !
But I can not find it in the KB4090007-list , in fact ; can not find it at all ………..!!
So, how reliable is this tool anyway ??
btw; why is ASUS terrible late with BIOS-updates , Im still using BIOS-version 2902 from 2016 !!
The fix is available means: Intel has released a microcode update for it. But it’s still up to the motherboard vendor to release a new BIOS update for your board.
After I had contacted MSI yesterday (got a negative response) I’ve also contacted Asus this evening. Hoping for a positive answer from them…
KB409007 is only for Skylake/Kabylake/Coffeelake CPU architectures. It’s useful if the motherboard vendor fails to release a BIOS update, or if the end-user isn’t ‘smart’ enough to actually update the BIOS.
Maybe MS will release similar updates for older CPUs somewhere down the road.
As a last resort there’s a VMware tool to inject microcode during Windows boot:
https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver
Of course, you also have to get the microcode from the Intel website somehow. I haven’t fully explored that path yet. I’m waiting until I get an answer from Asus.
The KB is only for Windows 10 version 1709.
1709 is my rig !
After installing the tool still showing Not protected against Spectre ………….!!
My main desktop (Skylake) is fully patched since a few days, but I also have some older desktops both here at home, at my father’s place and my in-laws where I’m still waiting for Asus and MSI to release new BIOS updates.
Unfortunately MSI support already told me they won’t release an update for their Sandy Bridge and Clarkdale boards, although Intel has released microcodes for them.
Don’t know about Asus yet about their Haswell, Ivy Bridge and Lynnfield boards, and a Bay Trail 2-in-1. For these Intel also released new microcodes.
Only my Core2Duo E6600 will remain vulnerable, but it’s only very rarely used as an HTPC in the bedroom…
https://github.com/2ex/FSWBU
In the meantime Asus tech support replied. It wasn’t a stone cold ‘no’ like MSI tech support gave, but I could read between the lines it’s unlikely they’ll still release BIOS updates for older motherboards.
He did add Microsoft will try to solve it with an update. I don’t know where he got that info, but it’s indeed possible MS releases something similar to KB409007 for older CPU architectures.
In the meantime I’m going to check that VMware tool I mentioned a little lower.
That VMware tool works, thanks for mentioning it!
How is it? Does that VMware tool works with microcode updates?
Windows 7 / Sandy Bridge here with no BIOS update for my motherboard although microcode update for this specific CPU is available.
At some point maybe Microsoft will release something like KB409007 for Sandy Bridge but I doubt it’s gonna be for Windows less than 10.
see https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver for instructions.
I’ve tried it yesterday on a Lynnfield desktop (i5-750). First it gave a positive answer, but after another reboot the tool started saying the microcode wasn’t required. I’ve uninstalled the driver again and will retry when I have some time to play around with it again.
So far I have negative results using the VMware tool.
I’ve tried it on my Lynnfield, Clarkdale and Ivy Bridge desktops in combination with the 20180312 Intel microcode.dat. On the first 2 the tool reported a new microcode wasn’t required, and on the latter cpumcupdate reported a newer microcode had been loaded (confirmed by HWiNFO). Then again, running InSpectre and the MS PowerShell check, the Ivy Bridge system still reported to be vulnerable to Spectre.
I assume the 20180312 microcodes do not contain the bugfix for Spectre yet, and we’ll have to wait till a next update on the Intel download center.