According to this article, https://www.extremetech.com/computing/263512-intel-releases-new-skylake-microcode-update-spectre-sti..., Intel released this week microcode updates for several Skylake-based platforms to OEMs which means that the updates Dell re=release do not contain microcode Intel just released. If this is true, then these BIOS updates will not be the last to address Spectre (Variant 2) and there may be more updates in the future for Kaby Lake and Coffee Lake platforms.
It has been very silent the past week on this subject.
Just wondering why Dell is shipping XPS 8930 system with Bios 1.0.5 while this version is still not available as an update. Makes me wonder...
One of my previous posts disappeared last week, which had the output of the Inspectre tool on my Bios 1.0.2 XPS 8930 and a question about the second urgent XPS 8930 update : http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=RCGJ3
( XPS 8930 NOT listed in compatible systems )
Now XPS 8930 is listed in compatible systems for this update, so Dell is watching this forum, which is good.
Here again Inspectre report for my system, check and compare to yours if you like.
Spectre & Meltdown Vulnerability
and Performance Status
System is Meltdown protected: YES
System is Spectre protected: NO!
(full details below)
In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.
Protection from these two significant vulnerabilities requires updates to every system's hardware-its BIOS which reloads updated processor firmware-and its operating system-to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
This system's present situation:
This 64-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks.
This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)
This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown.
This system's Intel processor provides high-performance protection from the Meltdown vulnerability and this version of Windows is taking full advantage of those features to offer that protection without overly severe performance penalties.
Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:
The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.
Guidance & Observations
Unfortunately, this system will be open to exploitation of the Spectre vulnerability until and unless its BIOS and CPU microcode firmware are updated. You should contact the system's vender and work to obtain an updated BIOS for this system, which will bring updated firmware along as part of the process. If future solutions to the Spectre vulnerability are found, this InSpectre utility will be updated to reflect them.
When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.
When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.
For more information see GRC's InSpectre web page
Copyright © 2018 by Gibson Research Corporation
The description to the driver you linked to is part of the update to fix the Intel ME security issue. It is only part of the solution, the other part of the solution involves updated Intel ME firmware that is in BIOS version 1.0.5.
With regard to the InSpectre utility, it may report that the system is protected against Spectre yet Intel is still rolling out new updates and revised updates to fix that vulnerability. This make me wonder what the utility uses to determine if the system is protected.
I accidentally updated from Bios 1.0.2 to 1.0.7 last week when clicking on the Bios update Windows notification message. The expected behavior was to remove the notification, but to my big surprise it downloaded the bios update and requested a reboot to complete. Fortunately all went well, so I also updated a couple of other drivers as suggested by Dell Support Assistant. Yesterday I moved from 1.0.7 to 1.0.8 the same way, so unless something gets broken I am happy to follow this procedure. So far no ill side effects , but I wonder when this Meltdown fix frenzy will settle down.
The story goes on...
Yesterday I updated again now to bios 1.0.10 from Dell Support Assist. All went well.
Meanwhile WIndows 10 moved on to 1803 without issues.
Dell Support assist 3.0 was pushed out as a Microsoft app, but freezes on startup with a cmd window stating Message Sending to WebSocket. I downgraded to the previous 2.x version whih runs Ok.
I will create a separate thread on this new issue.
Microsoft developed a tool to test Windows 10 systems for Spectre/Meltdown vulnerability.
- Start Powershell in administrator mode
- Type "powershell -ex RemoteSigned"
- Type "Install-Module SpeculationControl"
- When prompted to install additional packages like NuGet confirm with "y"
- Also on the next prompt about access to PSGallery confirm with "y"
- To verify your system type "Get-SpeculationControlSettings"
- If all results are green colored all is fine, the red responses indicate not patched vulnerabilities
- The True and False values at the end are for information only.
PS. My XPS 8930 on Bios 1.0.10 with all other Dell/Windows updates installed confirmed green.
Re: Checking for Spectre/Meltdown vulnerabilities
The latest version of the InSpectre Checker for Spectre/Meltdown by Gibson Research Corporation may also be helpful at => https://www.grc.com/inspectre.htm
ALSO - Wikipedia links at =>
Yet another BIOS update 1.0.11 appeared today.
As for the 2 previous ones it installed without a problem from the Dell Support Assist environment.
Will this be the final one ?
Got to Bios 1.0.13 from Dell Update utility when notified and all went well again.
Some people seem to have issues that may or may not be related to the multiple BIOS updates so keep sharing.