Microsoft made an important announcement today that it would be forming a mega partnership with Intel in order to ship the Intel CPU microcode updates under the wings of its Windows update package. The updates are meant to categorically address the Spectre V2 vulnerability. The issue had become a heated issue for many of Windows users who were criticizing the tech giant on its sluggish response to the problem. In the light of this announcement, it marks a start contrast in its approach to the Meltdown and Spectre patching process.
Meltdown and Spectre, codenamed V1 and V2 form the three major vulnerabilities that have affected the modern CPU’s for a bit. These problems had been highlighted in the past but Microsoft’s lukewarm response had begun to anger the users.
Microsoft, along with many other OS makers have all agreed to supply these OS-level updates that address the Meltdown and Spectre v1 vulnerabilities while Intel have simultaneously announced its plans to release the microcode (CPU firmware) updates. Both these updates will need to be installed separately as they plan to eliminate each flaw separately to ensure the stability. Though the updates are expected to be rolled out soon, for many they’ve come far later than they should have. The users have been waiting for these updates since the beginning of January when the extent of Meltdown and Spectre’s flaws became widespread news. Intel, as well as other CPU makers had promised to release the microcode updates so that OEM would integrate them to the motherboard firmware updates which would make the process of downloading and installing easier.
Though Intel did deliver on its promise, those updates caused the side effect of continuous system reboots which forced it to withdraw those updates completely. In February, it began releasing further updates meant to address the Spectre v2 flaws. The initial updates were for Skylake CPUs, Kaby Lake, Coffee Lake and other Skylake processors. Starting this week, updates meant for Broadwell and Haswell processors were also released. However, downloading them manually was an issue for many users, most of whom are unaware how to actually do it.
Microsoft’s decision to step in was meant to eliminate this manual need. Microsoft released the first of these updates, titled KB4090007. It applies the Intel microcode updates fixing the v2 vulnerability. Intel and Windows are further collaborating in order to roll out further updates.