Is there any official statement to see what cpus are affected by those attacks?
I'm interested more in Intel pentium g3248, g4560, Q6600 are those affected by both meltdown and spectre?
Is there any intel cpu not affected at all by those 2 attacks?
intellicious: Thank you very much for contacting the Intel® Processor communities. We will be more than glad to provide the information you are looking for.
In regard to your inquiry, a full list of Intel products impacted by this issue, along with other important details can be found here:
Any further questions, please let me know.
Is Intel going to provide CPU microcode security update for 2nd Gen Sandy Bridge CPUs? Hardware vendors like Lenovo will not provide BIOS updates for 2nd Gen CPU devices so the microcode update would have been delivered by Microsoft via Windows Update. Will this happen?
I do not work for Intel, but I will hazard a guess. Intel never released Windows 10 drivers for Sandy Bridge and related graphics, though Microsoft did take some Ivy Bridge drivers and massage them to create something close. Unfortunately I think Intel will repeat history and release Meltdown updates for Ivy Bridge and newer, leaving owners of Sandy Bridge out in the cold.
Intel is *very* strict when it comes to security issues. You can bet that microcode updates are being developed (if not already completed) for 2nd generation (Sandy Bridge) and perhaps even older processors - and Intel will, as they always do, deliver these updates to the O/S vendors for incorporation. Of course, it is still better (IMHO) to have the microcode updates installed by a BIOS...
However, that brings up a related problem. When I build/rebuild a Windows system, I look very closely at updates ostensibly for Intel hardware offered by Windows Update. I hide the one for ME -- due to your advice, thank you very much -- and instead use ones downloaded from Intel. But as you know, Microsoft has been offering spurious updates for older hardware, mainly pre-8 chipsets, that either cause trouble or don't do anything. I hope Intel offers the updates on its website, because I'm not sure I would accept them through Windows Update. If they're packaged in a Windows security update, there will be no problem.
The whole situation is a big mess. Many people believe, "thanks" to clueless articles in IT media, that applying OS patches only is enough to mitigate the vulnerabilities. If Microsoft/Intel rely on hw vendors to push the CPU microcode update via BIOS updates, we will end up with tons of vulnerable machines because typical user don't know how and why to do it, moreover the process is risky because you can brick device that is out of warranty. Hardware vendors usually don't care about older devices support, so they won't bother with BIOS updates.
The only solution is that Microsoft delivers the updated CPU microcode via Windows (7, 8.1 and 10) Update and Intel should push Microsoft hard to do that. Hardware vendors aren't reliable there at all.
I wish I could help--but I have this problem too--and an Intel motherboard (MB)--bought & built by me--not a company, So only releasing the updates to companies will not do me any good, even if my Intel products were still supported.
DQ77MK MB (S/N BTMK249005UU) with a Gen 3--- i7-3770 @3.4ghz running W7 Pro all bought in feb of 2013--not even 5 years old!
In my case, the MB has available updates the Intel® Management Engine firmware 184.108.40.20608 dated 5/26/2017 and this is the very last update ever for this MB!
https://downloadcenter.intel.com/download/26829/Intel-Management-Engine-Firmware-8-x-Update-for-Inte... Download Intel® Management Engine Firmware 8.x Update for Intel® Desktop Board DB75EN, DQ77KB, DQ77CP, and DQ77MK
It also has Intel® Management Engine (Intel® ME) version 220.127.116.116 driver dated 10/14/2013.
https://downloadcenter.intel.com/download/22093/Intel-Management-Engine-Driver-5M-for-7-Series-Chips... Download Intel® Management Engine Driver (5M) for 7 Series Chipset-Based Intel® Desktop Boards
Also--Intel in their Security center post, implies only Gen 3 and higher will be updated to 18.104.22.16802 and higher--scroll down 2/3's.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Intel® Product Security Center
Intel's Detection Tool found my system is Vulnerable.
After chatting with Intel support yesterday regarding the above 2 updates ME Driver and ME Firmware--the bottom line is:
"support---Thank you, this is a not supported product, it seems the firmware is independent of the operating system. Normally the firmware is updated before updating drivers. However I cannot guaranty it will work. Again, this product is not supported.4:19:09 PM
Me ---so--if I understand correctly--there is no ME fix for my board???4:20:37 PM
support--It is out of interactive support. I provided the last options we have for you. I recommend you to get a new system.4:21:49 PM"
So it appears--the ONLY way to protect my system is to load up with the best Malware and Firewall software, or replace the guts with newer updated gear.
Perhaps as some have suggested--Intel will not forget those of us who have invested in their products and apply a fix before the hackers figure out the path in--it won't be long I fear!
I have a motherboard Intel:
Board model: DG41WV
Board Version: AAE90316-104
Bios version: WVG4110H.86A.0015.2010.1111.1718
Where can I find the patch to solve the meltdown and spectre attack?
Thank in advance for your answer
My PC's CPU has Core 2 Duo E 6600 (Conroe) and Core 2 Quad Q 6700 (Kentsfield), is it influenced by Specter?
Yesterday, the CPU of 10 years ago had an announcement to cancel the correspondence, but even if I looked at the list, these CPUs were not mentioned.
I posted in # 8, 1/6/2018 asking about the ME firmware for my Desktop Board DQ77MK with a Gen 3--- i7-3770 @3.4ghz running W7 Pro. Numerous replies since then with dates that keep slipping.
The info I have came from here: https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.ht... https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.ht... dated 3/30/2018.
I have never updated Bios--unless MS Update service did unknown to me. The table lists a version required table. I read the contents of version 154 ( just to see what they look like) and it does not list a required installed prerequisite, So does this mean--if I have original Bios from the factory, which I have, I don't need to install another version, assuming the version for my board does not either?
Normally, it is necessary to install multiple BIOS releases along the way; too big a jump and problems can occur. At specific points in time, BIOS releases will contain security fixes or updates to the ME firmware and it is recommended that you properly update through these releases. I do not know what BIOS your board came with (different build batches came with different BIOS versions installed), so I do not know where you fall within this list, but this is the set of BIOS updates that need to be installed (in order): 39, 48, 52, 56, 66, 71, 72. If your board came with BIOS 56 installed, for example, than you would need to upgrade to BIOS 66 then 71 and then 72 (and then, of course, to the new version containing the updated microcode, whenever it appears). If your board has an earlier BIOS, then you may have more BIOS releases to work through.
There is an alternative to this. You can jump all the way to the latest version if you are willing to use the BIOS Recovery method (documented here: http://www.intel.com/content/www/us/en/support/boards-and-kits/000005630.html?wapkw=bios+recovery Intel Desktop Boards Recovery BIOS Update Instructions) to install the latest BIOS. If you wish to attempt this, here is my recommended process:
My final recommendation is that you upgrade to BIOS 72 now and then upgrade to the new BIOS when it is released. BIOS 72 contains updated ME firmware that contains fixes for the ME vulnerabilities described in the https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr INTEL-SA-00075 Advisory.
Hope this helps,
Scott--thanks very much for the detailed reply.
I have 0054 installed so my next one is 56. You have a much shorter list ( ie, you jump from 56 to 66) --perhaps because it is an example, but maybe you have a reason???
EDIT--I think I see your reasoning--In the Release Notes/ Fixed issues there are security issues fixed in your list--the other ones do not security issues. Is that correct?
If I use your short list--I'll install the versions individually It's only 4, IF I gotta install all of them--I may use the Recovery method.
The board download lists 17 versions to get to 72. https://downloadcenter.intel.com/download/22094/BIOS-Update-MKQ7710H-86A-?product=59044 Download BIOS Update [MKQ7710H.86A]
From what I see on the board list there is only one Intel® Management Engine (Intel® ME) version 22.214.171.1246 for Intel® Desktop Boards and that is between Bios 62 & 64--there is no 63 listed.
If it matters, Intel Detection Tool says I have installed the ME version 126.96.36.199.3608. It is not listed in Windows Update History File--so Perhaps the Intel Driver and Support Assistant Installer installed it. That Intel program is installed, and always gives me an error, perhaps because one of the error could be "Your component is discontinued or is not supported." The problem might be--I have 2608 installed--MAYBE those older Bios versions will not like and brick my Board??? I have read horror stories on the Lenovo Security forums about bricked motherboards--some owned by IT folks--iow they most likely RFM--but then maybe not
I see a header on my board labeled Intel MXBX reset header--is that the jumper that is referred to? I did not look thru the manual--I just looked at the connections on the board.
As I said, you should install through all releases that include security updates and/or ME firmware updates. The list I provided is not an example; I looked through the BIOS release notes for the MK BIOS and identified the updates that included either of these update types. I saw nothing in any of the other updates that would make me recommend that they be included as well. So, your choices are to either do the 4 versions in the list using the normal update methods or go for the BIOS Recovery option.
If you decide to do the 4 BIOS updates, you could put all 4 of these onto a USB flash disk and then use the (recommended) F7 method to install them (it presents a dialog that allows you to select which BIO file to install). If you haven't done so previously, I recommend that you reformat the USB flash disk per the instructions in step 1 of my BIOS Recovery procedure. Further, after installing the final BIOS update (MK0072.BIO), I recommend that you perform steps 13 through 19 of my BIOS Recovery procedure. This procedure ensures that any changes made in the BIOS Configuration parameters are properly handled (sometimes, over a large number of BIOS releases, the "current" parameter settings can get out of sync with the overall parameter set).
No, if you have a newer version of the ME firmware already installed, the ME firmware version in the BIOS update will simply be ignored.
No, it is not the MEBX header (leave that one alone). Your board will only have one yellow jumper (any others will typically be black), so finding it should be fairly easy.
Hope this helps,
Hi, You are truly an asset to this forum. Lots of straight answers you have provided since this Meltdown/Spectre problem when I joined.
Back again---I used the Express BIOS Update to install 56 (the next on the list after my current 54). All passed until it was installing the Firmware for the ME Engine. It sat there for a little bit with the end dash spinning like a wheel. The update that said there was "ERROR FWUP" (plus a few more letters on the next line they disappeared before I could write it down) that replaced the wheel.. After about 10 sec the screen was blank and it rebooted to W7. I shutdown and restarted it. W7 had the Welcome screen, then the screen went light blue, about the same time as the initial try--maybe longer a message window popped up said "Congrats--you have successfully updated your BIOS. I looked at the read me---it was just info about the program--- "Custom BIOS Update Release 1.3 12/21/2011" followed by requirements etc, Nothing about the error. I pressed Finish and it continued into W7. I shutdown, restarted W7, hit F2 at the boot screen. The BIOS version was still 54. It appears nothing got updated. When I exited, I Exit without Saving--since it appeared to not have installed 56.
EDIT--Maybe it did not recognize I have 64 bit and it tired to install a 32bit version.
and there is na ME Engine Driver " Version: 188.8.131.526 5M (Latest) Date: 10/14/2013" after ver 65 (10/3/2013) and 66 (3/18/2014). Maybe existing BIOS at the time was not effected?? end EDIT
Is install error is because my ME Engine is already at 3608--a higher level than 1336 version 56 wanted to install? As you know, the next ME Engine install is on 72--which is the last version---so maybe it will not install either--and perhaps 66 & 71 won't install either.
I was thinking of trying the BIOS Recovery method you posted, using the 56 BIO file (on a FAT 32, USB 2.0 NON-bootable memory stick), but I thought it might have the same problem--and a bit more complex to do. I found on the main board PDF where the jumper plug is, that is removed when in recovery mode.
I understand about using the rear panel USB 2.0 inputs, but what is gonna cause the .bio file to install into the BIOS. Other procedures mention about using a BOOTABLE memory stick. I do have a Bootable USB NTFS formatted with the W7 Pro installation on it for my Lenovo laptop. I don't it has ever worked on my Desktop.
What now boss---awaiting your instructions--hopefully I did not miss a step
When you told me the ME firmware version that you had, I suspected that this might occur (but hoped it didn't)...
What this is telling me is that, because you ran the tool to install the ME firmware fix for the INTEL-SA-00086 vulnerabilities, it isn't going to let you install any of the previous BIOS releases because they have older versions of the ME firmware. This means that you will have to use the BIOS Recovery process to jump to BIOS 72, as this BIOS (and the forthcoming new one) are the only ones that have the same or newer ME firmware included within it.
So, decision time. You can install BIOS 72 now, using the BIOS Recovery process outlined, and then, when the new BIOS is available, you can install it using the normal BIOS update process. Alternatively, you can just wait and, when the new BIOS is available, install it using the BIOS Recovery process. I recommend the former, since it immediately gets you all of the bug fixes and compatibility updates that have come out since your board was built, but you can choose to do the latter if you don't plan on doing anything at the BIOS level before this new BIOS appears.
P.S. When I say "normal BIOS update process", I mean the F7 method. I do not recommend the use of the Express BIOS Update executables.
OK thanks, I've got my USB 2.0 stick formatted FAT32 in a USB 2.0 slot, and the MK0072.bio file on it. I haven't pulled the BIOS Conf Jumper yet--but I'm ready to.
What are the odds this will work and not brick my board?
I ask because as you know ME Engine f/w 3608 is already installed. Is the recovery just going to write the main BIOS and either try to write the 3608 and fail, but after checking it will find 3608 is installed, overwrite the currently installed 3608 or not try to install it and consider it successful?
Per your # 8 warning--what if after 30 min I see no an onscreen message? What then?
I understand about steps 9-19--assuming it completes and displays line 9
I have no backup .bio file to load, do I need one?
Should I restore my current BIOS setting to Default before I update?
If there is any chance this will not install 72 with my current ME 3608 installed, then I will wait until the final BIOS comes out, which should work ok since it is expecting ME 3608.
Since ME firmware updates are not done all that often, it is completely normal to see BIOS updates that include the same ME firmware release that is already installed. In this case, however, things are far from normal. A ME firmware update was released independent of the BIOS. It was intended to be installed onto systems that already had the latest (72) BIOS installed, not a down-rev version as you had. The possibility exists that even BIOS 72 will not install. The forthcoming BIOS update may be the only one that will install. So, should you try to install 72 or should you wait? In theory, since the ME firmware is installed first, if it is rejected for being down-rev, the overall BIOS installation will be rejected; no harm, no foul. The chance of this resulting in a bricked BIOS is very small. Now, if you have a flash programmer, it is possible to use it to make a backup copy of the flash component, just in case. There is no other capability for making a backup, however.
Clear as mud?
Clear as crystal water actually
It flashed without any problems, and I even managed to get the jumper plug back on--underneath all those SATA cables without removed the chassis to a bench.
A totally different looking screen--no question when it popped up. No error mention of already installed 3608, I guess it just over wrote--it did not care what version it was perhaps, since is the latest update.
So I followed your steps thru 16. Tomorrow I will use the pix I took of 54 settings and change them in 72.
Thanks much for the help.
I know I should have asked this in the Board forum--I did not expect to be this long. Hopefully it will help other users who are reluctant to try.
Hey If I can do it, most anybody can--I would not have done without your help tho!
That's good to hear - and you're welcome. As for forums, I have moved this conversation into the Desktop Boards forum where it more-properly belongs.