Late yesterday, another post on the Windows Blogs for Windows 10 appeared. It offers additional news and insight, and something of a progress report, on Spectre and Meltdown issues. It’s from John Cable, MS Director of Program Management, Windows Servicing and Delivery. The title reads “March 2018 Windows security update — Expanding our efforts to protect customers.” But it isn’t until you get to the second heading that things get interesting. Labeled “Expanding … coverage … to address Spectre and Meltdown vulnerabilities” it tells us MS offers new Spectre updates. A bit of digging is required to understand what’s going on here, though.
Understanding How MS Offers New Spectre Updates
Bottom line: coverage for microcode updates through the Microsoft Catalog is expanding. For a full list of covered items, one is advised to consult KB4093836. The short list is Skylake, Kaby Lake and Coffee Lake processors. You actually must visit KB409007 to see that list or a download link from the Microsoft Update Catalog. All that said, I applied that update to my Skylake production desktop without difficulty. I didn’t notice any perceptible performance delays added thereby, but my day is still young!
Where does this leave the world in terms of Windows coverage for Intel processors, one might wonder? According to Wikipedia’s “List of Intel Processors,” not very far. Most of those processors came out some time after the start of 2015. The list of major CPUs by family name has the following timeline:
Sandy Bridge (2007) → Ivy Bridge (2012) → Haswell (2013) →
Broadwell (2014) → Skylake (2015) → Kaby Lake (2016) → Cannonlake\Coffee Lake (2017)
Only the items in red are covered for this vulnerability. My two Lenovo laptops have Sandy Bridge (i7-2640M) CPUs. The Surface Pro 3 has a Haswell (i7-4650U). The Dell Venue Pro 11 7130 likewise Haswell (i5-4210Y), and my Dell XPS 2720 again Haswell (i7-4770S). My production desktop is Skylake (i7-6700). The boss’s mini-ITX has an Ivy Bridge (i7-3630QM), and the boy’s desktop has a Haswell (i7-4770K). That means that here where I live and work, only 1 in 8 machines is currently covered. Covering Haswell takes care of half the population. Lenovo promises to cover Sandy Bridge as soon as it can. But if MS doesn’t issue an Ivy Bridge update, that machine may never get coverage: Jetway, the mobo maker for that unit, shows little or no inclination to join the dance.
I sincerely hope that Microsoft will dig back at least two more steps on the preceding timeline. That means providing coverage for at least Haswell and Broadwell processor families. Ideally, I’d like to see them go all the way back to Sandy Bridge. But, as always, only time we’ll tell. We’ll see!