This message was posted on behalf of Intel Corporation
I understand you would like to know more information about the Spectre and Meltdown issue. Allow me to help you regarding this question you have.
We are still working hard to provide a solution for this issue. Intel and other companies have begun providing software and firmware updates to mitigate these exploits. You can also check with your operating system vendors if there is any update available.
Please find more information about this issue below:
- For full details on this topic please refer to this Intel public website
- For details on how to protect your system please refer to this site for more information
- A full list of Intel products impacted by this issue, along with other important details can be found here
According to the Release Notes, BIOS 368 contains the updates for SA-00088.
the relevant link for NUCs seems to be Intel-SA-00088 for Intel® NUC, Intel® Compute Stick, and Intel®...
the entry in the bios release notes only says "Updated CPU Microcode (Security Advisory-00088)". It'd be nice to know more about what is covered by the fix and the performance impact.
It'd be nice to know more about what is covered by the fix and the performance impact.
Thanks for sharing information. Any chance you can elaborate a bit more on this topic?
Having upgraded my Intel NUC D54250WYKH with bios from the link posted by user fugounashi in this thread, it still gives "red" result if I run Microsoft's test script (PowerShell Gallery | SpeculationControl 1.0.4).
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
Will there be another update?
Thanks in advance
I, too, have a D54250WYKH and am anxious for a resolution of this issue.