Microsoft, HP, Asus, ASRock & Co. rolling microcode updates out right now, ensure you checked if there is an BIOS update for you or not. Now, a bit late already Windows Build 1607 (Anniversary Update) and 1703 (Creators Update) getting Microcode Updates for all Skylake, Kaby Lake and Coffee Lake systems - the download of KB4091663 & KB4091664 is manual which means you won’t get the Update for your system over Windows Update.

Microsoft Microcode Updates

The reason why Microcode Updates are only manual downloadable

The reason why Microsoft rolls-out their Microcode Update seems simple, the update might causes slow-downs, as proven by Computerbase.de. The CPU tasking performance seems almost identical but the I/O random reading and writing performance decreases especially on faster SSD systems - I’m unsure if this can be fixed by SSD manufactures because I have no research based on this - Not installing the updates is not really a solution here because we’re talking about critical security updates. However, on my test System I could notice a 10% difference with the same benchmark but I used an older Samsung SSD (850 Pro). But the fact that it causes slow-downs is also confirmed by Microsoft and partners.

Downloads

All downloads are pretty small in size because there only upgrading the existent Microcodes on your OS. It’s unclear if Microsoft is going to release these updates more regular now since there is no statement given.

KB4090007 Windows 1709

KB4091663 Windows 10 1703

KB4091664 Windows 10 1607

Microsoft released the Microcode update first for 1709 and only for this build, it’s unclear why and no explanation was given, maybe a a ‘secure Microsoft’ campaign or maybe to test it on a Windows Build which are used by more people, but that’s my guess.

Test if you're patched or not with InSpectre

The little freeware and portable utility InSpectre shows you quickly if you’re system is patched or not.

[caption id=”attachment_3802” align=”aligncenter” width=”502”]InSecptre InSecptre shows if you’re patched against Spectre & Meltdown or not. Sadly it doesn’t show on which microcode update you are which means it doesn’t show if your BIOS is patched (it only shows the Windows status).[/caption]

AV programs pointless

Once again this entire Spectre & Meltdown story has shown that AV programs are useless, the claim they made to protect or even secure your PC is only marketing because none of these ‘magic’ programs doing the necessary things here - Do they tell you if your PC is vulnerable against Spectre & Meltdown? No! Or do they going to download these patches for you? No! Bios updates via AV product? I never heard of it, because all of these facts AV is more and more a marketing solution in case you download files you you like to scan - but who cares about Virus these days when the rest of the system is anyway open to every other attack which comes up?

I remember when every AV had no protection against Ransomware when it hit the mass and adding these kind protection later into the product seems to only prove that there not prepared for unknown things coming (because no one is).

Closing Words

All Microcode updates are out for all Windows 10 users, and the drama seems over. There is an negative impact yes but not on the I/O CPU performance itself, it seems to affect more other hardware like SSD’s. This affect gets less noticeable with newer CPU’s. Of course we could talk about it that there should be no performance impact but it is how it is, it’s not a good deal - to not install the update because you think you’re smart and gain more performance, security always must come first.

However I’m thankfully that Microsoft reacted relatively seen fast to address this issue. Sadly, the rest of all Intel CPU users which using an older generation might see never a patch which make me think what the OS can do to protect us against those holes, Spectre is the more dangerous here but I do believe even if you vulnerable there some mechanism to protect you against this, I see JavaScript once again more important because it was proven that Spectre could be abused with JS and this makes it really dangerous because almost every page needs it in order to deliver some functions - in this case you better work with NoScript, Ad-Blockers and whitelists to ensure nothing can infect you.