Microsoft releases microcode updates for Windows 10 version 1809 and newer

Microsoft released microcode updates, designed to protect Windows 10 systems against Spectre-based attacks, for Windows 10 version 1809, Windows 10 version 1903 and 1909, Windows 10 version 2004, 20H2 and 21H1 this week.

The microcode updates for all other Windows 10 versions have not been updated and remain on the November 2020 state.

Microcode updates come in two forms: as firmware updates or as updates for the operating system. The updates address flaws or issues in processors, and are loaded when the system is started.

Windows updates come with patches for Intel, mcupdate_GenuineIntel.dll, and AMD processors, mcupdate_AuthenticAMD.dll.

Important: Microsoft recommends that users/administrators verify that a particular update is designed for system hardware, in this case the processor, before installing it. The company lists supported processors on the support pages.

Microsoft will release the updated microcode patches for the listed Windows 10 versions via Windows Updates eventually. It may take a while before these are made available; administrators may download updates from the Microsoft Update Catalog already to install them manually on systems.

Here are the links to the Knowledgebase articles:

Intel CPU products mentioned on the support page of the latest update:

  • 10th Generation Intel® Coreâ„¢ Processor Family
  • Comet Lake S (6+2)
  • Comet Lake S (10+2)
  • Comet Lake U62
  • Comet Lake U6+2
  • Ice Lake Y42/U42 ES2 SUP
  • Lakefield

The Microsoft Update Catalog links are listed below:

Identify the right Windows 10 version and edition on the Microsoft Update Catalog website, e.g. Windows 10 version 20H2 with a 64-bit architecture, and the download button next to it afterwards.

windows-10 january 2021 microcode updates

The site opens a popup window with the download link. The msu files have a size between 2 and 3 Megabytes. All that is left to do after the download completes is to execute the downloaded file to install the update on the system.

windows update standalone install

The system needs to be restarted to complete the process.

Now You: do you install the microcode updates directly or wait for them to become available via Windows Update? (via Deskmodder)

Summary
Microsoft releases microcode updates for Windows 10 version 1809 and newer
Article Name
Microsoft releases microcode updates for Windows 10 version 1809 and newer
Description
Microsoft released microcode updates, designed to protect Windows 10 systems against Spectre-based attacks, for Windows 10 version 1809, Windows 10 version 1903 and 1909, Windows 10 version 2004, 20H2 and 21H1 this week.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Carl Gustav said on January 28, 2021 at 10:04 am
    Reply

    Downloaded immediately from the Microsoft website, thanks for the info.

  2. Paulus said on January 28, 2021 at 5:28 pm
    Reply

    Hoi Martin, Great articel again.
    I have a qustion for you.

    You wrought ” Microsoft will release the updated microcode patches for the listed Windows 10 versions via Windows Updates eventually.”

    But please can you be any more specific than that please?
    Do you think it will be the February 2021 updates of maybe with the 21H1 or maybe later?

    1. Martin Brinkmann said on January 28, 2021 at 6:05 pm
      Reply

      I think it is February 2021, think I read it somewhere but cannot find the source anymore.

  3. Yuliya said on January 28, 2021 at 6:29 pm
    Reply

    I have disabled these mitigations and strongly advice anyone to do so. Nothing but complete nonsense and fear mongering for a non-eksitent theoretical attack.

    1. Ben said on January 29, 2021 at 12:35 am
      Reply

      The Hindenburg exploding, the Titanic sinking, World Wars, 9/11 and other events were also “theoretical” and “non-existent”, until they actually occurred. Just because something hasn’t happened yet doesn’t mean it won’t happen in the future.

    2. pwned said on January 29, 2021 at 11:24 am
      Reply

      In reality there are know exploits being used in the wild for most of these vulnerabilities. Some exploits are not know to be actively exploited but that doesn’t mean they aren’t and they are just unknown, until some future date where they will be found and made public..

      Its true that if you really worry about technology security the only solution is not to own any technology at all, because its all full of holes that its possible to exfiltrate data by many techniques from even air gapped computers.

      Telling others to disable mitigations, is unwise at any rate, so do get informed, read tech security news daily, or otherwise avoid making uninformed commentary.

    3. Vlad said on January 30, 2021 at 11:05 am
      Reply

      @Yuliya

      If you are a hacker, then I can understand why you don’t want us to get security updates, otherwise if you are simply crazy, then I can’t understand that sort of thinking.

      Either way, I’m sure you think you know what’s best for you.

    4. pHROZEN gHOST said on January 31, 2021 at 11:46 pm
      Reply

      This is a surprising comment from someone I thought was more on the level than most. I fear that the pandemic must have gotten under your skin and jaded you. Please get better.

  4. Anonymous said on January 28, 2021 at 9:04 pm
    Reply

    Disabled with InSpectre? Is disabling both options in that program enough to undo all current mitigations?

  5. Peterc said on January 28, 2021 at 11:13 pm
    Reply

    I am officially bitching about how hard it is to use the tables provided in Microsoft’s microcode update pages to determine whether the update is applicable to a given system.

    • Windows’ built-in GUI features (Settings>System>About and Device Manager>Processors) don’t seem to provide the requisite information.

    • Once I had the CPU’s full name (easily found in Settings>System), Intel’s page at ark.intel.com provided a “Device ID” that didn’t match the format used in the table.

    • CPU-Z doesn’t seem to provide much the info needed.

    • HWInfo64 doesn’t provide all of it either, and you have to hunt down and identify the bits that *are* provided.

    • GRC’s InSpectre utility returned a CPU ID in the same format used by Microsoft — HWInfo64 prepended leading zeroes to it — as well as the current microcode revision (which I didn’t spot anywhere else, though I may have been careless).

    Unless I’m being really stupid and overlooking something obvious, there needs to be a single utility that pulls in all of the requisite CPU/Platform/Microcode information and presents it in the same format used by Microsoft in its tables. It should be provided by Microsoft, but if they don’t do it, someone else should. The current (*apparent*) need to assemble information from a variety of sources is too much work, even for people who know where to look.

    As for whether and when I might apply the current update, I’m probably going to wait for an update to InSpectre and then double-check its take on how performance might be affected. And then I’m going to double-check what the real-world risk is to an individual user like me that no one (that I know of!) has any reason to target.

    Anyway, I welcome any tips or corrections.

    1. Carl Gustav said on January 29, 2021 at 10:40 am
      Reply
      1. Martin Brinkmann said on January 29, 2021 at 10:51 am
        Reply

        Thanks for the link!

      2. pwned said on January 29, 2021 at 3:25 pm
        Reply

        @Carl Gustav

        That post is great and all but it misses the execution policy.

        Set-ExecutionPolicy Bypass -Scope Process

        And no noob friendly instructions how to create a .ps1 file. ;)

  6. Jody Thornton said on January 29, 2021 at 12:25 am
    Reply

    I’m hoping these updates won’t make their way to Windows 8 and Server 2012. I’ll be keeping an eye out.

  7. pwned said on January 29, 2021 at 11:30 am
    Reply

    It is not surprising that microcode updates for all affected CPU’s are purposefully being left out, because Microsoft is a planned obsolesce monger.

    They dont actually care about users security even though there is some evidence to the contrary, though its all smoke and mirrors.

    People should be investing in coreboot/libreboot compatible machines and use QubeOS rather than Windows.

    I dont need these updates, they already exist since they were made available, and Windows are only good for closing.

  8. pwned said on January 29, 2021 at 3:40 pm
    Reply

    Also a good read regarding microcodes, just to illustrate the point I was trying to make earlier when replying to @Yuliya

    https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/

    1. Anonymous said on March 6, 2021 at 2:22 am
      Reply

      This exploit is REALLY difficult to attack:

      https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/the-intel-csme-dam-vulnerability-cve-2018-3659-and-cve-2018-3643-whitepaper.pdf

      It needs some sophisticated reconnaissance operation and research about the target
      and unless that is a hight value target i cant imagine WHY any hacker will do that
      over social engineering or something much easier and cheaper.

      @Yuliya is right a lot of fear mongering here.

  9. Pony said on January 29, 2021 at 7:43 pm
    Reply

    If you not belongs to wide network enterprise cpu. Then you dont need install the microcodes. Im worry only for the adress fix of mitm, i thought that networking bug was fixed with the latest cumulative updates.

  10. John G. said on January 30, 2021 at 5:48 am
    Reply

    @Martin thanks! :]

  11. pHROZEN gHOST said on January 31, 2021 at 6:20 pm
    Reply

    For the “Doubting Thomas” types out there who believe insurance is a waste of money, when your house burns down, will you have saved enough money to cover ALL of your losses?

  12. GLHacks said on February 27, 2021 at 1:01 pm
    Reply

    Hi, I have Windows 10 Enterprise LTSC Version 1809 Build 17763.1697 fully updated and I have been waiting in vain for the update to be installed via Windows Update, but this has not happened.

    If I check the mcupdate_GenuineIntel.dll file I see that its digital signature is dated February 2019 !

    Does anyone have an explanation ?

    PS: my processor, Intel Core i7-3632QM is in the list of Cpu supported by the update.

  13. DnpNunes said on March 13, 2021 at 12:42 am
    Reply

    my system is AMD based why the hell do i need this update showing up to install????

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.