Intel Microcode Updates for Windows 10
Microsoft has released Intel Microcode Updates for all supported versions of the company's Windows 10 operating system.
Microsoft revised the support page on January 30, 2020. The update brings support for additional processors. In particular, all updates, regardless of supported Windows 10 version, introduce support for the following CPUs:
- Denverton
- Sandy Bridge
- Sandy Bridge E, EP
- Valley View
- Whiskey Lake U
Administrators need to check the list of supported CPUs on the support pages to determine whether a device's CPU is supported by these updates. Third-party programs such as HwInfo or CPU-Z provide you with information on the installed processor.
If you use the free HwInfo, check the processor section at the top when you run the program on a Windows machine. The program lists the code name and product name near the top.
Here is the list off released updates:
Windows 10 version 1909:
Windows 10 version 1903
Windows 10 version 1809
Windows 10 version 1803
Windows 10 version 1709
Windows 10 version 1703
Windows 10 version 1607
Windows 10 version 1507
An update for Windows 10 version 2004 has not been released yet.
The microcode updates address certain vulnerabilities in Intel processors; both Microsoft and Intel recommend that customers install these updates as soon as possible to protect systems against potential attacks.
The updates are standalone according to Microsoft. Registry settings are available to turn specific mitigations on or off. The following two support pages provide additional information about that:
- Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
- Windows Server guidance to protect against speculative execution side-channel vulnerabilities
Now You: how do you handle these microcode updates? (via Born, Deskmodder)
Thanks Martin for the news.
I ran Chrome 80 + uBlock Origin + uBlock Origin Extra. No banners, ads, ads block notice…
So… how many Intel employees are spamming the comments with complaints about the banner to avoid us talking about the Swiss cheese Intel garbage?
“The microcode updates address certain vulnerabilities”
Very specific. I am certain that Intel chips are riddled with vulnerabilities.
I’m not having any problems but normally want to be as up-to-date as possible. If I do this and it causes a problem, will restoring a system image not do any good because the change is microcode level, or does a system image contain that also? Thanks.
Updated my Sandy Bridge processor and there is a noticeable hit on the performance, everything is quite a bit slower and programs tend to hang up. If I uninstall the update, will it revert the microcode to the previous revision?
I could stand a performance hit if there was actually any protection provided by the update. I ran the MDS tool after updating and it shows that the processor is still vulnerable to ALL of the attacks it tests!
Thanks for the heads up, Martin. I don’t know if microcode updates are pushed through Windows Update or Intel Drivers Update tool, so I went ahead and installed it from the Microsoft site.
you need js always off and add instances and remove them as needed. And keep the ‘cookies’ removed. Did you know our estranged kids have phones but they are unclean phones with upwards of 400 websites in storage cookies on browsers. If you dumb exes and their dumb boyfriends learn, teach your kids. But you have not learned. I see no ad banner here. This is a charity policy site.
I blocked ghacks.net from running scripts here.
people complaining are running scripts. Stupid to complain. This site is one of those which I see without js in my browser. So many sites just don’t show up and demand java script. So please check yourself, first. Meanwhile everythime I find, no complaints like this on those sites that show blank white and ‘you must enable js…’
I think its perfectly appropriate for people to complain about this type of change, especially when they had specifically been told that changes like this would not happen under the new ownership when people brought up said company’s practices with their other website properties in connection with the ownership change.
Some people probably read this site at least in part due to its old more respectful practices and some people may stop reading the site because that has changed. In a way, having a discussion about it before they leave, if they leave, is a courtesy on the part of the commenters. If site traffic diminishes, this will give site owners a better idea of why than if people just suddenly disappeared. Then, the owners can decide whether to roll back the changes, to keep them the same as they are now, or to double down on them as they see fit, but at least will be making their decision based upon more accurate data rather than having to take a stab in the dark and guess the reason.
All that said, I do see your point. That notice is easy enough to get rid of with the UBO dropper tool (or whatever the equivalent on other content blockers is). For those who aren’t comfortable doing that manually, they can prompt their content-blocker to update its filter lists immediately. For those who uncomfortable doing anything at all but want the prompt to go away, your content blocker should get rid of it automatically the next time it updates its filter lists, which if the user hasn’t changed it, I think happen once a week or so. You may have to add the appropriate filter list or lists of your choice if your content blocker doesn’t include one that addresees these type of issues by default.
Another approach is to disable java on the site entirely- it seems like overkill in this case (Like squatting a fly with a cannon), but its there as an option (I disable java on a couple sites where its the only way to get past a paywall or other annoying issue- its just not, as the prior poster pointed out, the only way to do it in this case.).
Additionally, as you noted, some sites can and do block traffic using methods that UBO can’t get around. I’m not going to act like GHacks is doing me a favor by not going to a system like that, but you are right when you say it could be worse (Even though it could also be better). I might also add that many sites censor conversations like this one- whereas it looks like GHacks is still willing to allow a little constructive ciriticsm, which is a good thing.
The ironic thing here is that new ownership presumably added that anti-adblocking nag banner and various tracking cookies to discourage the use of ad-blockers and monetize traffic better, but given that this is a relatively small site with a readership that knows its tech and really hates that stuff, it may actually result in less monetization overall when users who used to whitelist the site stop doing so and other users abandon ship entirely.
For me personally, its not a big deal. Almost all websites are like this. I expect it and do whatever I need to do with browser extensions and such so that my experience remains unchanged when sites pull stunts like this. No big deal- for me (Though if they ever go to something that I truly can’t get around without disabling my content blocker, I will stop reading the site at that point- *if*).
I respect the feelings of those for whom it is a big deal, though. Everyone draws the line in a different place on issues like this, and in some ways it is subjective or personal when it comes to deciding where the right place to draw the line is for each individual.
The adblock banners? Sadly I have to add this site to the no javascript list. Poor choices being made here.
What is the performance penalty of those patches?
For my laptop M-5Y10c Inspectre 8 says my performance is ‘good’
https://www.grc.com/inspectre.htm
Good question, Microsoft made no mention of it.
I read somewhere weeks prior to kb4497165 release that performance was expected to improve with latest code. And as an aside. with Windows 10 animation turned off, my laptop is doing a good job of fooling me into thinking I am on a supercomputer. :-)
heh, I saw that nag and I took away the javascript rights of ghacks, screw em.
yep. they think they are being cute using inline scripts to load that nag message but this is a tech blog and we aren’t idiots.
Trying to force anti-adblock nag messages onto a tech-savvy readership – way to go.
Remember in last October? New owner good for everyone?
“Softonic takes over many of the administrative tasks including managing the domain and hosting, advertisement, and communication with partners.”
“Softonic has indeed acquired Ghacks’ assets including data (email address) you may have shared with Ghacks but Softonic is not selling any of this data to any third parties and is taking all the organizational and technical measures to ensure the protection and security of the data.”
These were Martin’s words. Too bad that ghack.net’s Privacy Policy is now Softonic’s and they sell data to Google and Amazon, who provide them with “direct marketing related services.”
That and now this. Sorry, but we part. It was great while it lasted.
I’m all for the advertisements, they have to pay the bills somehow but when it comes to the tracking and IDing, sukadik!
lol these microcode update will only slow down cpus (sometimes a lot) for providing protection against practically (for home users) irrelevant attacks.
on support page, it says:
*Important
Install this update for the listed processors only.*
what if your CPU (4790k) is not listed there? then you shouldn’t install this update?
Don’t install these if your cpu is not listed.
alright, Thanks Martin.
This is way above my [absence of] pay grade, but here are my thoughts:
(1) What will the performance hit be *this* time?
(2) What has the cumulative impact of all speculative-execution mitigations been on the performance:price calculus for Intel vs. AMD?
(3) According to a Linux kernel maintainer, none of the speculative-execution vulnerabilities they addressed last year affected AMD kit.
(4) AMD is looking increasingly attractive compared to Intel in terms of security, performance, and price … and they will finally be coming out with a line of APUs that promises to provide serious competition for Intel in the laptop market. Based on what I’ve read, the new APUs are expected to be released to OEMs in April or May of this year. I’m looking forward to real-world reviews.
OFF OFF TOPIC: Not being blessed with eidetic memory, I often have to resort to mnemonics to remember computer-related things. (Example: for the old PCMCIA laptop add-on-card standard, it was “People Can’t Memorize Computer-Industry Acronyms.”) This article’s mention of the Whiskey Lake U line of CPUs reminded me of a trick I use to place different classes of Intel mobile CPUs:
U = Underpowered
Y = Yikes! Is that sucker ever underpowered!
Hey, it may not be entirely fair, but it works for me…
PS: I’m not a shill for AMD but rather for antitrust enforcement and fair competition on the merits, and the fact that Intel previously worked in concert with a number of major computer manufacturers to blackball AMD doesn’t sit well with me. I’m impressed that AMD won its case in a hostile post-US-v.-Microsoft legal environment, and it looks like they’ve put their $2 billion award to good use. With some genuine competition to Intel’s quasi-monopoly once again emerging, we consumers will reap the benefits. Now if we could just “dissuade” computer/hardware manufacturers from working in concert with Microsoft to effectively blackball Linux and BSD, *then* we’d be cooking with gas. (I’m lookin’ at *you*, EU Directorate General for Competition.)
You are seeing this message because ad or script blocking software is interfering with this page.
Disable any ad or script blocking software, then reload this page.
I know that I have ad and script blocking extensions. I didn’t disable them but I reloaded this page.
Off-Topic: Strange…I have Ghostery, AdGuard, and do not allow pop-ups on any of my browsers. See no pop-up/banner, no ads here. Just change your settings and get the proper add-ons and you too will be pop-up free. This advise drom a tech-challenged GGma.
You are seeing this message because ad or script blocking software is interfering with this page.
Disable any ad or script blocking software, then reload this page.
There are way too many ads, they are garbage and they are tracking me – that is why they are blocked.
How?
Keep up with tech news.
Read something about Intel drivers?
Download the Driver/Support program.
https://www.intel.com/content/www/us/en/support/detect.html
Run. Scan. Install. Reboot. Scan again just in case.
All is well.
stefann and ZeN.
odd.. i have umatrix, ubo, noscript and whatever else my security suite has… no popups or warning about adblockers.
… are you using enough blockers? XD
No pop-ups or anything else so far to me. Everything clean. Why are you cursing on Martin? He’s going an excellent job. Don’t understand you. It’s brash to me. Mind your words.
My post was regarding the fine use of words, no cursing from me, so mind your own words and maybe your business too.
The anti ad blocking message on the bottom of this page is so annoying! I rather stop visiting ghacks over disabling my ad block.
No good articles being posted here for a long time anyway…
OFF TOPIC: updating my filters on UBO “fixed” the banner. :)
This work for me too.
ublock: Settings>Filter List>Purge Cache>Update now.
No more banner 😎
Thanks,
Anonymous for explaining to me what I can do to avoid to set the security on a lower level when I do not want to get a smaller screen to read because of the banner.
Really great that you did that. Much appreciated.
Hopefully, your tip will continue to work.
OFF TOPIC: I have to agree with the other off topic comments. This banner won’t change my behavior, on the contrary.
Martin, Thanks for the heads up.
Do I understand it correctly that this specific security update is not automatically installed and that I have to look for main Windows 10 1909 x64 o.s. for intel core i5-3470 (Ivy Bridge-DT)?
And if not automatically installed by Microsoft with there (Monthly) updates can ghacks.net guide me on how to do an install by hand?
When I have to install this security update by hand can I find it in the list on
https://support.microsoft.com/en-us/help/4497165/kb4497165-intel-microcode-updates
the Ivy Bridge section and after seeing that the specific processor is listed then go to the
2020-01 Update for Windows 10 Version 1909 for x64-based Systems (KB4497165) website like you mentioned https://www.catalog.update.microsoft.com/Search.aspx?q=4497165
and then clicking on to popup ms page 2020-01 Update for Windows 10 Version 1909 for x64-based Systems (KB4497165) the https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=b3fb7000-1397-452f-81d3-4e9515450bfc
This so I can inspect the details and after that download and run?
Paulus, yes that appears to be the correct way to do it.
A really great thank you from me to Ghacks.net and even more to Martin Brinkman for being not only so ferry polite to read the question but also a special thank you for taking the time to not only reasearch the question but also for answering it.
And now I have the floor maybe I may also add that: Yes there are banners now pupping up nowadays and also Yes companies like Amazon are trying to understand our behavior and trying to make a buck nowadays, this because Martin had to sell ghacks.net because it became too much for him to handle. I am still impressed by how long Martin could handle it.
Nowhere ( Well almost nowhere) in the comments, I am reading that we are still ferry pleased that we have a website like Ghacks.net and that we can live with still a small disadvantage compared to other tech-savvy websites.
I thought that for most of the Ghacks.net readers banners, cookies, etc are no problem because there are so tech-savvy and VPN, Tor, (Many) browser add-ons and sandboxes (to name a few) have no secret for them so they can easily disguise the internet identity?
So why complaining maybe because there not so tech savvy as they boosting to be?
Or are they saying we want more articles about how to hide or identity?
I do not want to spark any kind of discussion or wanting to insult anybody the only thing I am trying to point out is what still a blessing in disguise ghack.net is.
I found it necessary to combine the information provided in HWINFO64 v.6.22-4060 along with Belarc Advisor in order to know what Version of 4497165 I needed from the Microsoft Update Catalog. The update went well on my Win10 Home x64 laptop.
A lin to “the list of supported CPUs on the support pages” would be nice.
These are listed on each of the support pages by Microsoft, and these are linked.
thanks for the information. greetings for the dominican republic.
Not liking the rather abrasive ‘you’re running ad-blocking s/w’ banner, Martin. Quite soulless.
OFF TOPIC : Martin told there would be NO changes on this site. I didn’t believe him, and i was right. Now i get a large popup at the bottom about javascript is disabled and that i use an adblocker. Javascript isn’t disabled and yes i use an adblocker because i am sick and tired of that **** ! So Martin, NO changes ?????
I thought all you so called tech-savvy whingers would be using pi-hole by now.
No adds or scripts for me, I can still enjoy the site.
If you donated in the past you should have a login for the site. When you login the ads do not load. Simple fix. Martin is this still possible for newer users?
This is no longer possible.
Shame on you Martin. you are not a man of your words. Fooled us to keep visiting this website that you sold. What a wreckage this website have become. So many articles about privacy, protection and tracking and now you are doing it, you become one of them. I saw it coming. So long ghacks. Good for us there are better alternatives out there.
Vox anonymous populi. Aren’t you and the few others aligned in the row of offended citizens overdoing it? The site has been sold, Martin is the administrator, go and complain elsewhere.
For those who filter sites with advertisement as the first criteria and the content after, rather than the other way around : go and cry in mama’s arms like good little kids. Sorry for being so straightforward but reactions like yours spread all over the Web and mainly on social sites, always ready to condemn or to adore, always excessively because excursiveness is so thrilling, makes you feel alive, right. Revolt is another matter, not fit to be deployed in this situation, a situation which is nothing but the odyssey of a site which has been sold with the implications, and an administrator which is to be appreciated for his comments and the site’s graphics, period. For the rest, refer to the owner, ‘le propriétaire, you know’ like Marylin Monroe would sing it. For my part I’d reconsider Ghacks should Martin abandon. Is thhat what we want? Do we want him to go back to his plane, is that what we want? This is a provocation!
“excess”, not “excursiveness” of course.
Forcing readers to disable their ad blockers is very rude, because the enabled ad blocker is a clear statement:
Besides that,
the average of online advertising CO2e emissions (e.g. 60 Mt CO2e in 2016) are 10% of the total infrastructure emissions and therefore a significant contributor to the environmental impact of the Internet ecosystem. Let alone advertising fraud can be considered a total waste of resources, both economically and environmentally. The share of fraudulent online advertising traffic is 13.87 Mt of CO2e emissions (in 2016).
¹) Any ad space on a website must be sold in 100 ms. Otherwise, a blank space is shown to the end user, and a revenue loss will occur. Therefore, real-time bidding (RTB) is needed. RTB is the technology performing the massive aggregation and ad space bidding supported by targeting algorithms. When RTB is used, a visit to a website generates a large number of background connections from that website.
Blocking advertisement contributes to reducing online advertising traffic and will improve the energy efficiency of the Internet.
Good for a lower carbon footprint and Best for your karma à¥
Quote Tom Hawack
>>>For those who filter sites with advertisement as the first criteria and the content after,[ff.]
As a sommelier you are a complete failure!
@Tom Hawack I definitely understand your statement, but many of their points aren’t completely invalid.
The reason many of us started relying on ad blockers (In browser, hosts and some even do it on network level) is because throughout the last decade it has been abused so much. We can’t blame people for using ad blocking options when there has been so many malicious actions caused by ads.
It’s why whitelisting has been a popular feature, which I’m sure many utilize to support their favorite content creators, writers and websites. I know I do. Also directly donating and supporting.
While I agree that Martin probably has very little control over the website now, I’d be surprised if they gave him any higher access than editor, the shock from long time readers is still a valid point.
This isn’t to disrespect or to shame anyone.
It does feel like GHacks is being flooded with freeware tools, which one can only assume it’s to boost Softonic’s traffic and whatever else that comes with that for them through Article links.
I’ll speak for myself. GHacks has been my go to for a long time now to find interesting new tools, apps, guides and information. Now I check it for the sake of what I could only describe as nostalgia, hoping it would return to its awesome glory.
If the ads become excessive, I might also remove GHacks from whitelist. I want to support good writers, developers, designers and content creators, but why make it a bad experience for everyone.
I hope it turns out for the better. I’m almost certain that Martin has expressed similar views behind the scenes to Softonic about all these changes, simply assuming that because of how he expressed opinion on such things in the past.
@Sam, I was and remain annoyed less by comments focusing on the mutation of Ghacks than by those shouting out to its administrator.
Ghacks has been free of advertisement for years, users got used to a haven of technological articles within the peaceful lands of zero parasites; normal to understand their frustration. On the other hand I’m always surprised to notice a hierarchy of values which consider an ad-free site before its very content. We all deal with ads on practically all Websites, pointing out Ghacks because it now has an advertisement policy similar to that of 99% of the web surprises me.
One thing is sure : complaints do mean the attachment of users to Ghacks, the interest, often of long-term afficionados of the site, abstraction done of professional yelers who wander about the Web in quest of a good opportunity, and they do exist.
You mention your own policy which is to whitelist certain sites given your criteria of quality. Be you congratulated. Given Ghacks’ new business model I wouldn’t consider “de-whitelisting” as an offense to faithfulness; but this is another topic.
The content, the articles’ diversity, quality and pertinence, the “Ghacks mood” I’ve known maybe ever since the site was launched , is here and i hope to stay. The ad environment is, IMO, secondary.
fixed in uBlock Filters, force update that list.
Confirmed.
Thanks for the tip!!
I’m using Windows 10 v. 1909 and the documentation says my processor is included. Should this show up in Microsoft Updates? Because it isn’t in mine.
Great! Sandy Bridge is now protected against MDS. Just checked it out. Works fine.
Thanks for the info, Martin.
Really? Installed it on my Sandy Bridge and the MDS Tool still shows it is vulnerable to ALL of the vulnerabilities. Did I do something wrong or looking at something different? I checked the microcode revision, it was previously 2E and it now shows 2F, so it did update, but what exactly does it offer in terms of protection?
Off-Topic: It’s a shame your site has become infested with doubleclick (Google Ads) and Amazon adsystem. You’re no better than Avast and other spying companies. Bye!
Just use an ad-blocker.
I liked the website layout back when it looked like a blog. Back when it it looked like this:
https://web.archive.org/web/20160329142039/http://www.ghacks.net/
If you don’t like how the website turned out, you can use an ad-block without feeling guilty.
Hi all, I’m sorry for not replying earlier to comments but we had to investigate the appearance of the banner first to make sure we understood fully what happened. We installed a script on the site to get a reading on the number of users that use ad-blockers.
You may remember that I used something like that in the past to find out how many visitors Ghacks really had and how much of an impact ad-blocking has on the site’s revenue.
It appears that the script showed the banner, something that we had no intention of showing on the site. The plugin has been removed and the banner should not be shown anymore as a consequence.
Told ya, just like I predicted. Its a little game called ‘just the tip’. Surprised they are still posting our objections.
I don’t see ads.
Only
You are seeing this message because ad or script blocking software is interfering with this page.
Disable any ad or script blocking software, then reload this page.
Blame it on Softonic, the owner of Ghacks. Martin and his collaborators fortunately continue to provide excellent articles.
As Balzac said, the bottle does not matter as much as the drunkenness; drunkeness understtod as an allegory of course. I’ll always prefer a good wine in a plastic beaker to pepsi in a wine glass (with or without the allegory!). Ads are the lot of practically all websites, dedicated tools exist.
Well, who sold the site to Softonic and said it’s “good for everyone”?
I think the quality has also gone down, there’s a lot of rather pointless “software tips” and not much depth.
agreed, knew that this would happen, sad really a once great site is now just like every other riddled with ads and scripts.
i found information within 3 clicks on win X without third party logs