Processors
Intel® Processors, Tools, and Utilities
14368 Discussions

Spectre and meltdown attacks affected cpus

IInte3
Novice
11,696 Views

Is there any official statement to see what cpus are affected by those attacks?

I'm interested more in Intel pentium g3248, g4560, Q6600 are those affected by both meltdown and spectre?

Is there any intel cpu not affected at all by those 2 attacks?

48 Replies
idata
Employee
3,301 Views

intellicious: Thank you very much for contacting the Intel® Processor communities. We will be more than glad to provide the information you are looking for.

 

 

In regard to your inquiry, a full list of Intel products impacted by this issue, along with other important details can be found here:

 

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

 

 

Any further questions, please let me know.

 

 

Regards,

 

Alberto R

 

0 Kudos
PVone1
Beginner
3,301 Views

Is Intel going to provide CPU microcode security update for 2nd Gen Sandy Bridge CPUs? Hardware vendors like Lenovo will not provide BIOS updates for 2nd Gen CPU devices so the microcode update would have been delivered by Microsoft via Windows Update. Will this happen?

Thanks.

0 Kudos
ppara5
Valued Contributor I
3,301 Views

I do not work for Intel, but I will hazard a guess. Intel never released Windows 10 drivers for Sandy Bridge and related graphics, though Microsoft did take some Ivy Bridge drivers and massage them to create something close. Unfortunately I think Intel will repeat history and release Meltdown updates for Ivy Bridge and newer, leaving owners of Sandy Bridge out in the cold.

0 Kudos
n_scott_pearson
Super User
3,301 Views

Intel is *very* strict when it comes to security issues. You can bet that microcode updates are being developed (if not already completed) for 2nd generation (Sandy Bridge) and perhaps even older processors - and Intel will, as they always do, deliver these updates to the O/S vendors for incorporation. Of course, it is still better (IMHO) to have the microcode updates installed by a BIOS...

...S

0 Kudos
ppara5
Valued Contributor I
3,301 Views

However, that brings up a related problem. When I build/rebuild a Windows system, I look very closely at updates ostensibly for Intel hardware offered by Windows Update. I hide the one for ME -- due to your advice, thank you very much -- and instead use ones downloaded from Intel. But as you know, Microsoft has been offering spurious updates for older hardware, mainly pre-8 chipsets, that either cause trouble or don't do anything. I hope Intel offers the updates on its website, because I'm not sure I would accept them through Windows Update. If they're packaged in a Windows security update, there will be no problem.

0 Kudos
PVone1
Beginner
3,301 Views

The whole situation is a big mess. Many people believe, "thanks" to clueless articles in IT media, that applying OS patches only is enough to mitigate the vulnerabilities. If Microsoft/Intel rely on hw vendors to push the CPU microcode update via BIOS updates, we will end up with tons of vulnerable machines because typical user don't know how and why to do it, moreover the process is risky because you can brick device that is out of warranty. Hardware vendors usually don't care about older devices support, so they won't bother with BIOS updates.

The only solution is that Microsoft delivers the updated CPU microcode via Windows (7, 8.1 and 10) Update and Intel should push Microsoft hard to do that. Hardware vendors aren't reliable there at all.

0 Kudos
RDieh
Beginner
3,301 Views

I wish I could help--but I have this problem too--and an Intel motherboard (MB)--bought & built by me--not a company, So only releasing the updates to companies will not do me any good, even if my Intel products were still supported.

DQ77MK MB (S/N BTMK249005UU) with a Gen 3--- i7-3770 @3.4ghz running W7 Pro all bought in feb of 2013--not even 5 years old!

In my case, the MB has available updates the Intel® Management Engine firmware 8.1.71.3608 dated 5/26/2017 and this is the very last update ever for this MB!

https://downloadcenter.intel.com/download/26829/Intel-Management-Engine-Firmware-8-x-Update-for-Intel-Desktop-Board-DB75EN-DQ77KB-DQ77CP-and-DQ77MK?product=59044 Download Intel® Management Engine Firmware 8.x Update for Intel® Desktop Board DB75EN, DQ77KB, DQ77CP, and DQ77MK

It also has Intel® Management Engine (Intel® ME) version 8.1.40.1416 driver dated 10/14/2013.

https://downloadcenter.intel.com/download/22093/Intel-Management-Engine-Driver-5M-for-7-Series-Chipset-Based-Intel-Desktop-Boards?product=59044 Download Intel® Management Engine Driver (5M) for 7 Series Chipset-Based Intel® Desktop Boards

Also--Intel in their Security center post, implies only Gen 3 and higher will be updated to 8.1.72.3002 and higher--scroll down 2/3's.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Intel® Product Security Center

Intel's Detection Tool found my system is Vulnerable.

After chatting with Intel support yesterday regarding the above 2 updates ME Driver and ME Firmware--the bottom line is:

"support---Thank you, this is a not supported product, it seems the firmware is independent of the operating system. Normally the firmware is updated before updating drivers. However I cannot guaranty it will work. Again, this product is not supported.4:19:09 PM

Me ---so--if I understand correctly--there is no ME fix for my board???4:20:37 PM

support--It is out of interactive support. I provided the last options we have for you. I recommend you to get a new system.4:21:49 PM"

So it appears--the ONLY way to protect my system is to load up with the best Malware and Firewall software, or replace the guts with newer updated gear.

Perhaps as some have suggested--Intel will not forget those of us who have invested in their products and apply a fix before the hackers figure out the path in--it won't be long I fear!

Ron

0 Kudos
CVeer1
Beginner
3,301 Views

Well said. I agree. Can not depend on Hardware vendors.. particularly for normal home users unlike corporate /company who is PAID support.

0 Kudos
MIani
Beginner
3,301 Views

I have a motherboard Intel:

Board model: DG41WV

Board Version: AAE90316-104

Bios version: WVG4110H.86A.0015.2010.1111.1718

Where can I find the patch to solve the meltdown and spectre attack?

Thank in advance for your answer

Regards

0 Kudos
STaka8
Beginner
2,996 Views

My PC's CPU has Core 2 Duo E 6600 (Conroe) and Core 2 Quad Q 6700 (Kentsfield), is it influenced by Specter?

Yesterday, the CPU of 10 years ago had an announcement to cancel the correspondence, but even if I looked at the list, these CPUs were not mentioned.

0 Kudos
RDieh
Beginner
2,996 Views

I posted in # 8, 1/6/2018 asking about the ME firmware for my Desktop Board DQ77MK with a Gen 3--- i7-3770 @3.4ghz running W7 Pro. Numerous replies since then with dates that keep slipping.

The info I have came from here: https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.html https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.html dated 3/30/2018.

 

I have never updated Bios--unless MS Update service did unknown to me. The table lists a version required table. I read the contents of version 154 ( just to see what they look like) and it does not list a required installed prerequisite, So does this mean--if I have original Bios from the factory, which I have, I don't need to install another version, assuming the version for my board does not either?
0 Kudos
n_scott_pearson
Super User
2,996 Views

Normally, it is necessary to install multiple BIOS releases along the way; too big a jump and problems can occur. At specific points in time, BIOS releases will contain security fixes or updates to the ME firmware and it is recommended that you properly update through these releases. I do not know what BIOS your board came with (different build batches came with different BIOS versions installed), so I do not know where you fall within this list, but this is the set of BIOS updates that need to be installed (in order): 39, 48, 52, 56, 66, 71, 72. If your board came with BIOS 56 installed, for example, than you would need to upgrade to BIOS 66 then 71 and then 72 (and then, of course, to the new version containing the updated microcode, whenever it appears). If your board has an earlier BIOS, then you may have more BIOS releases to work through.

There is an alternative to this. You can jump all the way to the latest version if you are willing to use the BIOS Recovery method (documented here: http://www.intel.com/content/www/us/en/support/boards-and-kits/000005630.html?wapkw=bios+recovery Intel Desktop Boards Recovery BIOS Update Instructions) to install the latest BIOS. If you wish to attempt this, here is my recommended process:

  1. Insert a USB 2.0 flash disk (do not use USB 3.0 flash disks) into a Windows-based PC (do not use Linux- or MACOS-based PCs) and reformat this flash disk, using the FAT32 file system and with the Quick option disabled.
  2. Place the downloaded .BIO file (in your case, it should be MK0072.BIO) onto this flash disk.
  3. Properly eject this flash disk from the PC using either the Eject capability provided in Windows File Manager or using the Safely Remove Hardware and Eject Media ICON in the Windows System Tray.
  4. If not already, power off the PC containing the MK board.
  5. Remove the yellow BIOS Configuration jumper from the board.
  6. Insert the USB 2.0 flash disk into one of the black USB 2.0 ports on the back panel of the board (do not use blue USB 3.0 ports and do not use front panel USB ports).
  7. Power on the PC containing the MK board. The BIOS should then automatically perform the BIOS Recovery operation, displaying its progress onscreen.
  8. WARNING: It you do not see any onscreen progress messages, do not power off or reboot the PC for at least 10 minutes. While unlikely, it is possible that the BIOS Recovery operation could proceed without an onscreen display. If you interrupt this process, you will likely corrupt your BIOS flash and permanently brick the board.
  9. When the BIOS Recovery is completed, you will receive an onscreen message indicating so. When you see this message, power off the PC.
  10. Restore the yellow BIOS Configuration jumper to pins 1-2 of the header (i.e. same pins it was on before you removed it).
  11. Remove the USB 2.0 flash disk.
  12. Power on the PC.
  13. When the BIOS Splash screen is displayed, use the F2 key to enter BIOS Setup.
  14. Verify that the BIOS present is the correct version (i.e. that the BIOS Recovery completed properly). If it is not, go back to step 4 and repeat the process.
  15. Press the F9 key (followed by the Y key) to clear the BIOS Configuration.
  16. Press the F10 key (followed by the Y key) to save the configuration change and reboot the PC.
  17. When the BIOS Splash Screen is displayed, again use the F2 key to enter BIOS Setup.
  18. Make any changes to the BIOS Configuration that you absolutely require (BIOS Boot Order, etc.).
  19. Press the F10 key (followed by the Y key) to save the configuration change and reboot the PC.

My final recommendation is that you upgrade to BIOS 72 now and then upgrade to the new BIOS when it is released. BIOS 72 contains updated ME firmware that contains fixes for the ME vulnerabilities described in the https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr INTEL-SA-00075 Advisory.

Hope this helps,

...S

0 Kudos
RDieh
Beginner
2,996 Views

Scott--thanks very much for the detailed reply.

I have 0054 installed so my next one is 56. You have a much shorter list ( ie, you jump from 56 to 66) --perhaps because it is an example, but maybe you have a reason???

EDIT--I think I see your reasoning--In the Release Notes/ Fixed issues there are security issues fixed in your list--the other ones do not security issues. Is that correct?

If I use your short list--I'll install the versions individually It's only 4, IF I gotta install all of them--I may use the Recovery method.

The board download lists 17 versions to get to 72. https://downloadcenter.intel.com/download/22094/BIOS-Update-MKQ7710H-86A-?product=59044 Download BIOS Update [MKQ7710H.86A]

From what I see on the board list there is only one Intel® Management Engine (Intel® ME) version 8.1.40.1416 for Intel® Desktop Boards and that is between Bios 62 & 64--there is no 63 listed.

If it matters, Intel Detection Tool says I have installed the ME version 8.1.7.1.3608. It is not listed in Windows Update History File--so Perhaps the Intel Driver and Support Assistant Installer installed it. That Intel program is installed, and always gives me an error, perhaps because one of the error could be "Your component is discontinued or is not supported." The problem might be--I have 2608 installed--MAYBE those older Bios versions will not like and brick my Board??? I have read horror stories on the Lenovo Security forums about bricked motherboards--some owned by IT folks--iow they most likely RFM--but then maybe not

I see a header on my board labeled Intel MXBX reset header--is that the jumper that is referred to? I did not look thru the manual--I just looked at the connections on the board.

Thanks again,

Ron

0 Kudos
Croatoan89s
Beginner
1,674 Views
Hi, where can I find the latest version driver for MKQ7710H bios? The given link is now dead.
 
Croatoan89s_0-1680336939679.png

 

 
0 Kudos
n_scott_pearson
Super User
2,996 Views

As I said, you should install through all releases that include security updates and/or ME firmware updates. The list I provided is not an example; I looked through the BIOS release notes for the MK BIOS and identified the updates that included either of these update types. I saw nothing in any of the other updates that would make me recommend that they be included as well. So, your choices are to either do the 4 versions in the list using the normal update methods or go for the BIOS Recovery option.

If you decide to do the 4 BIOS updates, you could put all 4 of these onto a USB flash disk and then use the (recommended) F7 method to install them (it presents a dialog that allows you to select which BIO file to install). If you haven't done so previously, I recommend that you reformat the USB flash disk per the instructions in step 1 of my BIOS Recovery procedure. Further, after installing the final BIOS update (MK0072.BIO), I recommend that you perform steps 13 through 19 of my BIOS Recovery procedure. This procedure ensures that any changes made in the BIOS Configuration parameters are properly handled (sometimes, over a large number of BIOS releases, the "current" parameter settings can get out of sync with the overall parameter set).

No, if you have a newer version of the ME firmware already installed, the ME firmware version in the BIOS update will simply be ignored.

No, it is not the MEBX header (leave that one alone). Your board will only have one yellow jumper (any others will typically be black), so finding it should be fairly easy.

Hope this helps,

...S

0 Kudos
RDieh
Beginner
2,996 Views

Hi, You are truly an asset to this forum. Lots of straight answers you have provided since this Meltdown/Spectre problem when I joined.

Back again---I used the Express BIOS Update to install 56 (the next on the list after my current 54). All passed until it was installing the Firmware for the ME Engine. It sat there for a little bit with the end dash spinning like a wheel. The update that said there was "ERROR FWUP" (plus a few more letters on the next line they disappeared before I could write it down) that replaced the wheel.. After about 10 sec the screen was blank and it rebooted to W7. I shutdown and restarted it. W7 had the Welcome screen, then the screen went light blue, about the same time as the initial try--maybe longer a message window popped up said "Congrats--you have successfully updated your BIOS. I looked at the read me---it was just info about the program--- "Custom BIOS Update Release 1.3 12/21/2011" followed by requirements etc, Nothing about the error. I pressed Finish and it continued into W7. I shutdown, restarted W7, hit F2 at the boot screen. The BIOS version was still 54. It appears nothing got updated. When I exited, I Exit without Saving--since it appeared to not have installed 56.

EDIT--Maybe it did not recognize I have 64 bit and it tired to install a 32bit version.

and there is na ME Engine Driver " Version: 8.1.40.1416 5M (Latest) Date: 10/14/2013" after ver 65 (10/3/2013) and 66 (3/18/2014). Maybe existing BIOS at the time was not effected?? end EDIT

Is install error is because my ME Engine is already at 3608--a higher level than 1336 version 56 wanted to install? As you know, the next ME Engine install is on 72--which is the last version---so maybe it will not install either--and perhaps 66 & 71 won't install either.

I was thinking of trying the BIOS Recovery method you posted, using the 56 BIO file (on a FAT 32, USB 2.0 NON-bootable memory stick), but I thought it might have the same problem--and a bit more complex to do. I found on the main board PDF where the jumper plug is, that is removed when in recovery mode.

I understand about using the rear panel USB 2.0 inputs, but what is gonna cause the .bio file to install into the BIOS. Other procedures mention about using a BOOTABLE memory stick. I do have a Bootable USB NTFS formatted with the W7 Pro installation on it for my Lenovo laptop. I don't it has ever worked on my Desktop.

What now boss---awaiting your instructions--hopefully I did not miss a step

Ron

0 Kudos
n_scott_pearson
Super User
2,996 Views

When you told me the ME firmware version that you had, I suspected that this might occur (but hoped it didn't)...

What this is telling me is that, because you ran the tool to install the ME firmware fix for the INTEL-SA-00086 vulnerabilities, it isn't going to let you install any of the previous BIOS releases because they have older versions of the ME firmware. This means that you will have to use the BIOS Recovery process to jump to BIOS 72, as this BIOS (and the forthcoming new one) are the only ones that have the same or newer ME firmware included within it.

So, decision time. You can install BIOS 72 now, using the BIOS Recovery process outlined, and then, when the new BIOS is available, you can install it using the normal BIOS update process. Alternatively, you can just wait and, when the new BIOS is available, install it using the BIOS Recovery process. I recommend the former, since it immediately gets you all of the bug fixes and compatibility updates that have come out since your board was built, but you can choose to do the latter if you don't plan on doing anything at the BIOS level before this new BIOS appears.

...S

P.S. When I say "normal BIOS update process", I mean the F7 method. I do not recommend the use of the Express BIOS Update executables.

0 Kudos
RDieh
Beginner
2,996 Views

OK thanks, I've got my USB 2.0 stick formatted FAT32 in a USB 2.0 slot, and the MK0072.bio file on it. I haven't pulled the BIOS Conf Jumper yet--but I'm ready to.

What are the odds this will work and not brick my board?

I ask because as you know ME Engine f/w 3608 is already installed. Is the recovery just going to write the main BIOS and either try to write the 3608 and fail, but after checking it will find 3608 is installed, overwrite the currently installed 3608 or not try to install it and consider it successful?

Per your # 8 warning--what if after 30 min I see no an onscreen message? What then?

I understand about steps 9-19--assuming it completes and displays line 9

I have no backup .bio file to load, do I need one?

Should I restore my current BIOS setting to Default before I update?

If there is any chance this will not install 72 with my current ME 3608 installed, then I will wait until the final BIOS comes out, which should work ok since it is expecting ME 3608.

THANKS

Ron

0 Kudos
n_scott_pearson
Super User
2,928 Views

Since ME firmware updates are not done all that often, it is completely normal to see BIOS updates that include the same ME firmware release that is already installed. In this case, however, things are far from normal. A ME firmware update was released independent of the BIOS. It was intended to be installed onto systems that already had the latest (72) BIOS installed, not a down-rev version as you had. The possibility exists that even BIOS 72 will not install. The forthcoming BIOS update may be the only one that will install. So, should you try to install 72 or should you wait? In theory, since the ME firmware is installed first, if it is rejected for being down-rev, the overall BIOS installation will be rejected; no harm, no foul. The chance of this resulting in a bricked BIOS is very small. Now, if you have a flash programmer, it is possible to use it to make a backup copy of the flash component, just in case. There is no other capability for making a backup, however.

Clear as mud?

...S

0 Kudos
RDieh
Beginner
2,928 Views

Clear as crystal water actually

It flashed without any problems, and I even managed to get the jumper plug back on--underneath all those SATA cables without removed the chassis to a bench.

A totally different looking screen--no question when it popped up. No error mention of already installed 3608, I guess it just over wrote--it did not care what version it was perhaps, since is the latest update.

So I followed your steps thru 16. Tomorrow I will use the pix I took of 54 settings and change them in 72.

Thanks much for the help.

I know I should have asked this in the Board forum--I did not expect to be this long. Hopefully it will help other users who are reluctant to try.

Hey If I can do it, most anybody can--I would not have done without your help tho!

THANKS again,

Ron

0 Kudos
Reply