At the end of January, Intel released another installment of its Microcode CPU updates. This latest release includes most current Intel CPU models all the way back to the Sandy Bridge era. (According to the Intel Ark, the master repository for chip data, Sandy Bridge goes back to the first quarter of 2011). Intel Microcode updates do not get installed automatically through Windows Update (WU). Instead, users must install these updates manually from the Microsoft Update Catalog. Here’s a master list of links for what’s available, by Windows 10 version (anything not covered by a specific version defaults to the vanilla “Windows 10” designation that appears as the last item):
+ KB4497165: Intel microcode updates for Windows 1909 and 1903
+ KB4494174: Intel microcode updates for Windows 10 1809
+ KB4494451: Intel microcode updates for Windows 10 1803
+ KB4494452: Intel microcode updates for Windows 1709
+ KB4494453: Intel microcode updates for Windows 10 1703
+ KB4494175: Intel microcode updates for Windows 1607
+ KB4494454: Intel microcode updates for Windows 10
Finding the Right Link for Your Win10 Installation
Complex though it may sound, it’s actually easy. Choose the link for the version number that you’re running. For my production PC, for example, I chose the first link in the list because I’m running version 1909. This opens to KB article 4497165. Then, to make sure your CPU is covered, search for its processor name in this web page (mine is i7-6700, which appears in the Skylake S section of the document, so it’s covered). Here’s what that looks like, for illustration:
If your CPU isn’t covered (pretty unlikely, but possible) then the Microcode update won’t work.
Note the “i7-6700” field value is reversed text (found by Chrome’s “text find” function).
[Click image for full-sized view.]
When you scroll to the bottom of the KB article, you’ll find a section that looks like this:
The link to the Microsoft Update Catalog is what you’re after here. Click to grab a self-installing update (.msu) file.
[Click image for full-sized view.]
Doing the MS Update Catalog Thing
Once you’ve clicked the link into the Microsoft Update Catalog, you’ll see a listing that looks like what follows next. You need to click the Download link for the item that corresponds to the version of Windows 10 you’ve got installed. In my case for the Production PC, that’s item 4 counting down from the top: “…version 1909 for x64-based Systems…” You can then run the self-installing update file, after which you must restart your PC for the microcode updates to take effect. That’s it!
Pick the download that matches your installed Win10 version, then run the installer file.
[Click item for full-sized view.]
Why Should You Do This?
Intel Microcode updates serve to patch hardware-based security vulnerabilities after a CPU has been released, and is in use in the field. Your PC(s) may never be subjected to attacks based on those vulnerabilities — of which there are half-a-dozen or more already known — but common security prudence asserts that it’s better to install them and not need them, than to need them and not have them installed. If you want to learn more about what’s going on, and colorful vulnerabilities such as Meltdown, Zombieload MDS, Spectre, and so forth, search your favorite engine for “Intel Microcode Vulnerabilities.”
I wouldn’t rate this as “life or death urgent.” But I would recommend that you find the time to install the latest Intel Microcode updates in the next month or two. Cheers!
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.