New InSpectre release reveals if microcode updates are available

Martin Brinkmann
Apr 12, 2018
Software
|
50

We reviewed the InSpectre application by Gibson Research when it first came out in January 2018.

The program checked whether Meltdown or Spectre patches were installed on the Windows machine and gave an estimate on the performance impact those patched had on the system.

Microsoft released a security update for Windows in January to address some of the issues associated with the vulnerabilities. The company published instructions on finding out if Windows PCs were affected by Spectre or Meltdown; soon thereafter, third-party programs such as Ashampoo Spectre Meltdown CPU Checker or InSpectre were released to make this even easier for users and system administrators.

InSpectre Release #8

spectre meltdown vulnerability check

Gibson Research released several InSpectre updates that improved the application's functionality. Release 7 listed information about the CPUID, and yesterday's new release, Release 8, shows to you whether a microcode update is available or not.

Intel revealed recently that it won't publish microcode updates for processors that the company has not patched already. The company published a PDF document entitled "Microcode revision guidance" which reveals processors with and without microcode updates.

Gibson's program uses the list to highlight whether microcode updates are available for the device's CPU.

Usage is still very simple: download the latest version of the application from the official project website and run it after the download. InSpectre is a portable application that does not need to be installed. You can run it from any location, or put it on a USB Flash Drive to run it on any device you connect the Flash Drive to.

The program displays the vulnerability status of the system on start. It shows whether the system is protected against Meltdown or Spectre attacks, and the performance impact.

"Microcode Update Available"  highlights whether Intel released microcode updates for the processor.

Microsoft released an update for Windows 10 version 1709 that includes the microcode update for patched processors.

KB4090007 lists available products and CPUIDs. Windows users can download the update for Windows 10 version 1709 from the Microsoft Update Catalog website to protect against Spectre Variant 2 attacks.

The update is listed as critical but it has not been distributed via Windows Update or other automatic update services yet.

Closing Words

InSpectre offers one of the easiest ways to find out if a Windows system is fully patched against Spectre or Meltdown vulnerability attacks. The new version shows whether Intel released an microcode update for the process which should make things easier as well.

Now You: How is your system's protection status?

 

 

 

Summary
software image
Author Rating
1star1star1star1star1star
3.5 based on 15 votes
Software Name
InSpectre
Operating System
Windows
Software Category
Security
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. TelV said on March 6, 2019 at 5:21 pm
    Reply

    I get a red flag for Spectre, but the rest is OK.

    Has anyone tried the suggestion on the bleepingcomputer site to address the problem? https://www.bleepingcomputer.com/news/security/the-intel-microcode-boot-loader-protects-older-cpus-from-spectre/ (I’m always wary of using third party apps especially where making changes to the CPU is concerned).

    What bothers me as well is that when I try to install an Intel update it tells me it’s not applicable to my CPU (Haswell) even though it’s listed as a 4th generation model, notably a i5-4200M which isn’t listed anywhere :(
    https://www.intel.com/content/www/us/en/support/products/122139/processors/intel-core-processors.html

  2. fd said on December 22, 2018 at 1:59 am
    Reply

    Y/N/Y/slower

    But the second Yes is confusing, yes there is microcode update made available by microsoft for Ivy, but Gigabytes lates bios update for my mb is 2014

    At least it is mentioned in this text… lame…

  3. rc primak said on June 1, 2018 at 7:10 pm
    Reply

    Spectre & Meltdown Vulnerability Status

    System is Meltdown protected: YES (GREEN)
    System is Spectre protected: YES (GREEN)
    Microcode Update Available: YES (GREEN)
    Performance: GOOD (GREEN)
    CPUID: 406E3 (Bold BLACK)
    (full details below)

    This report actually shows that the system is fully patched, and the hardware and OS are providing the best possible protections. When Microsoft Updates updated my Intel Microcode, it hit the Registry settings and disabled Spectre protections. I use the built-in InSpectre tool to restore the Registry settings to enable the protections again. This restored my perfect score, as displayed above.

    In the Report, the availability of a microcode update listed in green does not mean you have to apply an update. It means that there is an update and that the update has been applied to this system.

    This is an Intel Skylake Gen-6 core-i5 system. It has other microcode issues affecting sound drivers and shutdown. Those are not repaired by any current hardware or OS fixes.

    I run both Linux and Windows on this system. Neither OS has fixes for the non-security performance issues which have always been part of the unique set of quirks of the Skylake Gen-6 Intel processors.

    – rc primak –

  4. chesscanoe said on May 16, 2018 at 5:35 am
    Reply

    It appears to me per KB4100347 that Inspectre may soon have a Release 9.

  5. Anonymous said on April 13, 2018 at 5:47 pm
    Reply

    Performance: GOOD

  6. Ray said on April 13, 2018 at 4:24 am
    Reply

    Great! The InSpectre app detected that my Skylake laptop had a microcode update available and Windows 10 offered an update that I had to manually install.

    I also have an Ivy Bridge desktop, but Windows 10 doesn’t have an update for it so I’m at the mercy of my manufacturer for a BIOS update. Not likely going to get one at this rate.

  7. OldNavyGuy said on April 13, 2018 at 1:40 am
    Reply

    In my case, CPUID 306C3 is in production, but Toshiba has yet to confirm a release date.

  8. Stefan said on April 13, 2018 at 12:03 am
    Reply

    Haven’t updated my Windows 7 x64 since August 2016. It runs smoothly and works as it should. Has secured it other ways.

    A friend of mine has updated his 7 x64 and he has so many bugs/problems with it….

    These Quality Rollups are a joke…as Microsoft !

    How can a patch protect against a hardware architecture that are vulnerable ? I don’t believe in what is said, at least not when it comes to “Spectre”. To me it sounds like propaganda.

  9. Andy said on April 12, 2018 at 7:55 pm
    Reply

    System is Meltdown protected: YES
    System is Spectre protected: NO!
    Microcode Update Available: YES
    Performance: GOOD
    CPUID: 306D4

    I installed the update and my CPUID changed to the one above but im still vulnerable!

    1. chesscanoe said on April 12, 2018 at 9:06 pm
      Reply

      I have the same result as you. Windows Update History says KB4099007 is successfully installed.

  10. pHROZEN gHOST said on April 12, 2018 at 6:27 pm
    Reply

    The latest version of the tool says I can run it in administrator mode and then use the buttons at the bottom. I am on the administrator account. This DOES NOT WORK … even if I right-click and run as administrator. Methinks more versions are ahead.

    Like others have found, this tool tells me there is a microcode update.However, Lenovo has another opinion on that …

    Lenovo is aware of the vulnerabilities in certain processors exploited by side channel analysis attacks (also known as “Meltdown” and “Spectre”). We have been working with processor and operating system partners to incorporate fixes as we receive them. Please visit Lenovo’s Security Advisory page for the latest information. This site will be updated frequently as new information becomes available.

    Needless to say, they have nothing available for my intel xeon processor.

    BTW, for those so eager to find a fix ASAP, be aware that there may be some phony fixes out there that leave you high and dry.

    What ain’t broke needs no fix.

  11. XenoSilvano said on April 12, 2018 at 6:03 pm
    Reply

    ha ha, I am in the clear #######! 😋

  12. n00b said on April 12, 2018 at 5:14 pm
    Reply

    Don’t use windows…

    1. Nico said on April 12, 2018 at 9:04 pm
      Reply

      Spectre & Meltdown have nothing to do with Windows, you know…
      It’s a bug in the CPU architecture. It’s mitigated through a combination of OS patches (also on Linux) and a microcode (BIOS) update.

  13. blobl said on April 12, 2018 at 5:12 pm
    Reply

    System is Meltdown protected: YES
    System is Spectre protected: YES
    Microcode Update Available: YES
    Performance: SLOWER
    CPUID: 206A7

  14. P said on April 12, 2018 at 4:55 pm
    Reply

    Bah! They screwed up the name, should have been Spectre Checker.

    1. tux said on April 12, 2018 at 5:13 pm
      Reply

      by they you mean 1 guy, steve gibson

  15. chesscanoe said on April 12, 2018 at 4:42 pm
    Reply

    Windows Update on Windows 10 x64 Home says KB4099007 is successfully installed. (Addendum to my previous post)

  16. Tom Hawack said on April 12, 2018 at 4:30 pm
    Reply

    Spectre & Meltdown Vulnerability Status

    System is Meltdown protected: NO!
    System is Spectre protected: NO!
    Microcode Update Available: YES
    Performance: GOOD
    CPUID: 206A7

    I’m so frightened, terrible, it’s giving me nightmares, I’ve been told that I yell while sleeping “Meltdown, no! Spectre, no no no please, I beg you on my knees…”. Huuuge.

  17. George said on April 12, 2018 at 4:17 pm
    Reply

    Thanks Intel:

    System is Meltdown protected: YES
    System is Spectre protected: NO!
    Microcode Update Available: NO!
    Performance: SLOWER
    CPUID: 1067A

    The Intel microcode updates required to allow this operating system to protect its user against the most severe Spectre attacks, and/or to minimize their impact upon the system’s performance, are not — and Intel has stated — will never be made available for this system’s processor. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

  18. Richard Allen said on April 12, 2018 at 4:15 pm
    Reply

    “How is your system’s protection status?” Much better NOW!

    On my desktop (Haswell Win7 Pro) I recently Uninstalled the January and February Security-Only Windows patches, I had not updated past Feb., and I have never installed any microcode. I had been doing the Security-Only updates since 2016.

    I decided to hold off on the patches to fix the problems caused by the Jan-Feb patches. January introduced the “Total Meltdown” bug that now requires a patch. The March update created a bug where “Network Interface Card settings can be replaced, or static IP address settings can be lost” and then there are possible issues with SMB memory leaks. And then… even if you don’t use Internet Explorer it’s best to keep it updated but the IE11 March update was replaced with another parch that fixes IE11 doesn’t start after installing the first IE11 patch from earlier in the month. WTF?

    All of the interns from the local pre-school that Redmond is using to work on the Windows 7 Updates should be doing something else, maybe designing a new Zune?

    Thank You Mr. Gibson, I’ll be using the app in the future, I hope, once all of the manure dust settles. Anyway, there are no known exploits for Meltdown or Spectre, never have been.

  19. Max said on April 12, 2018 at 4:01 pm
    Reply

    All are protected here with Haswell and Z97. Thanks to ASrock.

    Asus, Gigabyte, MSI – never again.

    1. A different Martin said on April 16, 2018 at 5:31 pm
      Reply

      Thanks for posting this, Max! I’ve got a friend with an ASRock Z97 Extreme4, and the last time I checked for him, the Spectre-patched BIOS hadn’t yet been released. (I think I must have checked just a few days earlier.) Have you noticed any new problems or quirks? Any minor non-Spectre bugs in the old BIOS that have been fixed?

  20. chesscanoe said on April 12, 2018 at 3:31 pm
    Reply

    I installed KB4099007 for 396D4 (production 0x2A). After a restart and running Steve Gibson’s Inspectre Version 8 again, it says my laptop failed for Spectre but it now shows my chip is 306D4. Checking KB40909007 for that last 306D4 points to production 0x2A again. Re-downloading KB4099007 and trying to install it again gives message it is already installed.

    1. andy said on April 15, 2018 at 1:22 pm
      Reply

      I have the same issue installing the update caused a massive slowdown and inspectre still says I’m unpatched!!

    2. chesscanoe said on April 12, 2018 at 4:41 pm
      Reply

      Windows Update on Windows 10 x64 Home says KB4099007 is successfully installed. (Addendum to my previous post)

      1. chesscanoe said on April 13, 2018 at 4:09 pm
        Reply

        Asus support told me today they are working on a BIOS update for my netbook which may be available in a few weeks, Additionally, Microsoft is working on a total solution with no projected completion date made public.

  21. mj said on April 12, 2018 at 3:20 pm
    Reply

    System is Meltdown protected: YES
    System is Spectre protected: NO!
    Microcode Update Available: YES
    Performance: GOOD
    CPUID: 306C3

    It says µcode is available, but frankly I can’t find it anywhere.

    My motherboard is MSI Z97-GAMING-5, so I’m hoping MSI ever get around to fixing a bios for haswell.

  22. mj said on April 12, 2018 at 3:18 pm
    Reply

    System is Meltdown protected: YES
    System is Spectre protected: NO!
    Microcode Update Available: YES
    Performance: GOOD
    CPUID: 306C3

    It says µcode is available, but frankly I can’t find it anywhere.
    My motherboard is MSI Z97-GAMING-5, so I’m hoping MSI ever get around to fixing it.

    1. Pete12 said on April 12, 2018 at 5:27 pm
      Reply

      Yes, same here !!
      Z97ASUS same CPUID …….

  23. Yuliya said on April 12, 2018 at 3:17 pm
    Reply

    Spectre & Meltdown Vulnerability Status

    System is Meltdown protected: NO!
    System is Spectre protected: NO!
    Microcode Update Available: YES
    Performance: GOOD
    CPUID: 406F1

    I enjoy having a working system.

    1. ilev said on April 12, 2018 at 6:04 pm
      Reply

      +1. Same as mine. Windows 7 updates blocked for 3 years now. i5-2410M CPU Sandy Bridge.

      1. tux said on April 12, 2018 at 7:45 pm
        Reply

        >it’s as if he likes being insecure

      2. John Fenderson said on April 13, 2018 at 1:42 am
        Reply

        We don’t know if he’s insecure or not. He’s just not patched against those exploits. There are other ways of covering that security hole.

    2. Dave Bush said on April 12, 2018 at 6:00 pm
      Reply

      +1, not falling for scare tactics.
      Updates causes more problems then cures.

    3. tux said on April 12, 2018 at 5:12 pm
      Reply

      enjoy your exploits

      1. pHROZEN gHOST said on April 12, 2018 at 5:43 pm
        Reply

        @tux, are you one of the exploiters?

      2. tux said on April 12, 2018 at 7:44 pm
        Reply

        no

    4. pHROZEN gHOST said on April 12, 2018 at 5:06 pm
      Reply

      I love your honesty (and humor) Yulia.

      Any patch could very well make things worse than they are now. We ALL know this.

  24. Pete12 said on April 12, 2018 at 3:02 pm
    Reply

    Strange, this tool shows my CPUID=306C3 and a Spectre-fix should be available !
    But I can not find it in the KB4090007-list , in fact ; can not find it at all ………..!!

    So, how reliable is this tool anyway ??
    btw; why is ASUS terrible late with BIOS-updates , Im still using BIOS-version 2902 from 2016 !!

    1. Nico said on April 12, 2018 at 8:58 pm
      Reply

      The fix is available means: Intel has released a microcode update for it. But it’s still up to the motherboard vendor to release a new BIOS update for your board.
      After I had contacted MSI yesterday (got a negative response) I’ve also contacted Asus this evening. Hoping for a positive answer from them…

      KB409007 is only for Skylake/Kabylake/Coffeelake CPU architectures. It’s useful if the motherboard vendor fails to release a BIOS update, or if the end-user isn’t ‘smart’ enough to actually update the BIOS.
      Maybe MS will release similar updates for older CPUs somewhere down the road.

      As a last resort there’s a VMware tool to inject microcode during Windows boot:
      https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver
      Of course, you also have to get the microcode from the Intel website somehow. I haven’t fully explored that path yet. I’m waiting until I get an answer from Asus.

    2. Martin Brinkmann said on April 12, 2018 at 3:20 pm
      Reply

      The KB is only for Windows 10 version 1709.

      1. Pete12 said on April 12, 2018 at 5:26 pm
        Reply

        1709 is my rig !
        After installing the tool still showing Not protected against Spectre ………….!!

  25. Nico said on April 12, 2018 at 1:55 pm
    Reply

    My main desktop (Skylake) is fully patched since a few days, but I also have some older desktops both here at home, at my father’s place and my in-laws where I’m still waiting for Asus and MSI to release new BIOS updates.
    Unfortunately MSI support already told me they won’t release an update for their Sandy Bridge and Clarkdale boards, although Intel has released microcodes for them.
    Don’t know about Asus yet about their Haswell, Ivy Bridge and Lynnfield boards, and a Bay Trail 2-in-1. For these Intel also released new microcodes.
    Only my Core2Duo E6600 will remain vulnerable, but it’s only very rarely used as an HTPC in the bedroom…

    1. spectre said on April 14, 2018 at 4:56 pm
      Reply
    2. Nico said on April 13, 2018 at 12:11 pm
      Reply

      In the meantime Asus tech support replied. It wasn’t a stone cold ‘no’ like MSI tech support gave, but I could read between the lines it’s unlikely they’ll still release BIOS updates for older motherboards.
      He did add Microsoft will try to solve it with an update. I don’t know where he got that info, but it’s indeed possible MS releases something similar to KB409007 for older CPU architectures.

      In the meantime I’m going to check that VMware tool I mentioned a little lower.

      1. wmguy said on April 14, 2018 at 1:13 am
        Reply

        That VMware tool works, thanks for mentioning it!

      2. nnjxska0 said on April 13, 2018 at 9:52 pm
        Reply

        How is it? Does that VMware tool works with microcode updates?

        Windows 7 / Sandy Bridge here with no BIOS update for my motherboard although microcode update for this specific CPU is available.

        At some point maybe Microsoft will release something like KB409007 for Sandy Bridge but I doubt it’s gonna be for Windows less than 10.

      3. Nico said on April 14, 2018 at 11:08 am
        Reply

        see https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver for instructions.
        I’ve tried it yesterday on a Lynnfield desktop (i5-750). First it gave a positive answer, but after another reboot the tool started saying the microcode wasn’t required. I’ve uninstalled the driver again and will retry when I have some time to play around with it again.

      4. Nico said on April 15, 2018 at 1:26 pm
        Reply

        So far I have negative results using the VMware tool.
        I’ve tried it on my Lynnfield, Clarkdale and Ivy Bridge desktops in combination with the 20180312 Intel microcode.dat. On the first 2 the tool reported a new microcode wasn’t required, and on the latter cpumcupdate reported a newer microcode had been loaded (confirmed by HWiNFO). Then again, running InSpectre and the MS PowerShell check, the Ivy Bridge system still reported to be vulnerable to Spectre.
        I assume the 20180312 microcodes do not contain the bugfix for Spectre yet, and we’ll have to wait till a next update on the Intel download center.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.