Windows 10 Microcode updates KB4090007, KB4091663, KB4091664 and KB4091666

Martin Brinkmann
Apr 25, 2018
Updated • Apr 25, 2018
Windows, Windows 10
|
21

Microsoft has updated several microcode updates for the company's Windows 10 operating system that push so-called microcode updates to devices the update is installed on which protect against attacks targeting Spectre Variant 2.

Spectre and Meltdown are vulnerabilities that affect a wide range of devices. Microsoft released patches in early January 2018 but they caused all kinds of issues on some devices running Windows. To make matters worse, manufacturers such as Intel had to provide updates as well and these needed to be installed to protect systems effectively.

Tip: You can run InSpectre or Ashampoo Spectre Meltdown Checker on Windows to find out if a Windows PC is vulnerable to attacks.

KB4090007, KB4091663, KB4091664 and KB4091666

KB4090007 KB4091663 KB4091664 KB4091666

Microsoft released KB4090007, KB4091663, KB4091664 and KB4091666 in March 2018 but the initial versions of the updates did not support all processors that Intel created microcode updates for.

Microsoft lists all processors that the patches support. The April 24, 2018 update adds support for the following processor families: Broadwell DE A1, Broadwell DE V1, Broadwell DE V2,V3, Broadwell DE Y0, Broadwell H 43e, Broadwell U/Y, Broadwell Xeon E3, Haswell (including H, S), Xeon E3, Haswell Perf Halo, Haswell Server E, EP, EP4S, Haswell ULT (thanks Deskmodder and Günter Born)

Skylake, Kaby Lake and Coffee Lake processor families were supported already.

Tip: Run InSpectre if you want to know if microcode updates are available. That is a lot easier than having to figure that out on your own.

The microcode updates from Intel protect various versions of Windows 10 from attacks but they are not available on Windows Update or WSUS yet.

Microsoft published the updates on the Microsoft Update Catalog website from where they can be downloaded and installed.

Here are the manual download links:

Note that there is no update for Windows 10 version 1511.

Windows 10 users and administrators may want to download the updates and install them on machines provided that they are powered by processors that microcode updates are available for.

Yesterday's microcode updates cover most processor families that Intel wants to support with microcode updates. If you check the master list that Intel released, you will notice that some products are still missing and that some (older) processors won't receive the updates at all.

It is likely that Microsoft will update the updates to integrate support for processor families that are not supported yet. I suggest you monitor the relevant KB article pages so that you know when updates are released.

Now You: are your systems protected against Meltdown or Spectre attacks?

Summary
Windows 10 Microcode updates KB4090007, KB4091663, KB4091664 and KB4091666
Article Name
Windows 10 Microcode updates KB4090007, KB4091663, KB4091664 and KB4091666
Description
Microsoft has updated several microcode updates for the company's Windows 10 operating system that push so-called microcode updates to devices the update is installed on which protect against attacks targeting Spectre Variant 2.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. EP said on May 1, 2018 at 11:50 pm
    Reply

    the InSpectre tool has not been updated to work correctly with the 1803 release to determine whether or not the spectre vulnerability has been patched or not. wait for release 9 of that tool to see if that one will work with the 1803 version.

    1. Mateo said on May 2, 2018 at 2:03 pm
      Reply

      Thanks for your comment. Anyway, Microsoft does not have a microcode update for the 1803: https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

  2. Mateo said on May 1, 2018 at 5:20 pm
    Reply

    KB4090007 update for 1709 was installed with the Intel microcode to mitigate Spectre. I just installed the 1803 and, after using the InSpectre tool, I see that I am vulnerable again and there is no update available from Microsoft.

  3. Thorky said on April 27, 2018 at 7:36 am
    Reply

    I really don’t understand it: is my E3-1245 v3 Xeon compatible with KB4090007? Can I install that patch without any harm for my Windows 10?

  4. chesscanoe said on April 26, 2018 at 4:43 pm
    Reply

    I installed KB4090007 on my Windows 10 x64 Version 1709 (US build 16299-402) for chip 306D4 (Inspectre version 8) and per Belarc Advisor saying I have 1000 megahertz Intel Core M -5Y10c. Everything seems working well.

  5. Stefan said on April 26, 2018 at 6:32 am
    Reply

    No matter how many software patches they send out to “protect” against a failed hardware architecture it can be exploited.

    What about all backdoors in the hardware we use ? Why isn’t that “patched” ?

  6. Jeff said on April 26, 2018 at 5:57 am
    Reply

    Still no microcode updates for Windows 7 and 8.1 even though MS said they would ship them. Windows 7 is used far more than 10 so that should have been the priority.

    1. A different Martin said on April 27, 2018 at 1:09 am
      Reply

      @Jeff: “Still no microcode updates for Windows 7 and 8.1 even though MS said they would ship them. Windows 7 is used far more than 10 so that should have been the priority.”

      “Should have been the priority” from whose perspective? Microsoft’s customers? Public consumer-protection enforcement authorities, like the Federal Trade Commission? Or Microsoft’s shareholders? The respective answers are “Yes,” “Go away and quit bugging us,” and “Are you kidding me?” (The second and third answers are actually closely related.)

    2. M. Paquet said on April 26, 2018 at 5:16 pm
      Reply

      Indeed. I raise my hat to that.

  7. BM said on April 26, 2018 at 2:49 am
    Reply

    It may be my mis-interpretation, but if the InSpectre tool says that my system is protected from both, then even if it also says that Microcode is available, I don’t need to download the Microsoft update – correct?

    The system in question was a very recent fresh install of MS Win 10.

    So, if correct, presumably, with both vulnerabilities identified as “protected”, the update was captured in the install, or recent update from MS (though none are labelled KB40900007).

    Just want to make sure I am clear on this before I’d jump on a manual install of that update (running Win10 update check does not flag any missing updates).

    1. Martin Brinkmann said on April 26, 2018 at 6:26 am
      Reply

      I’m not 100% sure but if you see protected for both, you should be all set.

      1. BM said on April 27, 2018 at 6:04 am
        Reply

        Martin. Thanks. What I expected but wanted to be sure.

  8. old_cpu_user said on April 26, 2018 at 1:12 am
    Reply

    I have an Ivy Bridge processor, which is not on the list in this batch Microsoft updates.

    However Intel published a guidance document back in March ( this one https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf ) where Ivy Bridge and some other processors in the box for the “Production Status” column has the word “Production” and a yellow background. Some other processors like Kaby Lake one’s also has the word “Production” but with a green background.

    Does anyone know what that color difference means? Does the yellow mean Intel is still working on it? Or something else.

    1. Arcionquad said on April 28, 2018 at 1:35 am
      Reply

      Intel now says that Ivy Bridge (CPUID 306A9) is in production — green. Will Microsoft re-issue KB4090007 or give us a new update?

      https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

      1. old_cpu_user said on May 2, 2018 at 10:32 pm
        Reply

        That is great news! I suppose there is some delay due to testing between when Intel has given the microcode a green light and when Microsoft (hopefully) can push out an update. I hope Ghacks continues to cover this issue.

    2. Ray said on April 27, 2018 at 11:15 pm
      Reply

      “Production” with a yellow background means that the chipset is now ready to be patched when it previously wasn’t available.

      As of the time of this comment, Windows hasn’t added Ivy Bridge to its microcode KB yet.

  9. Franck said on April 25, 2018 at 11:12 pm
    Reply

    Thank you very much !

  10. pHROZEN gHOST said on April 25, 2018 at 9:55 pm
    Reply

    2018-04 Update for Windows 10 Version 1709 for x64-based Systems (KB4090007).

    This looks good. And … under description it says …

    Architecture: AMD64 (KORNfusing?!?!?!?)

    Meanwhile, the help link mentions Intel processors supported. It does not support my Xeon E5.

    I’ll pass on this one.

    1. pHROZEN gHOST said on April 26, 2018 at 6:10 pm
      Reply

      Regardless of the situation, using AMD in the name is quite confusing.

    2. seeprime said on April 26, 2018 at 9:00 am
      Reply

      AMD developed the 64-bit CPU. Intel’s designs are based on AMD’s work. So, it’s often referred to as AMD64. At one time AMD was ahead of Intel, technology-wise.

      1. DaveyK said on April 26, 2018 at 10:27 am
        Reply

        It’s also because the IA64 moniker (Intel Architecture 64) was already in use at the time and referred to Itanium. Hence with AMD designing the 64bit extensions for x86, it is sometimes referred to a AMD64, in much the same way that the 32bit version of x86 has the moniker IA32 (Intel Architecture 32).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.