Manage Learn to apply best practices and optimize your operations.

KB4465065 Offers New Microcode Fixes

On March 19, Microsoft issued a new and comprehensive set of microcode fixes for Intel CPUs. These go back to Ivy Bridge (and perhaps earlier) and address potential issues on all of my PCs. They may do likewise for yours. In fact, KB4465065 offers new microcode fixes for three specific vulnerabilities. These are CVE-2017-5754 [rogue data cache load], CVE-2018-3639 [speculative store bypass] and CVE-2018-3620 [L1 terminal fault]. I’ll show “before” and “after” screencaps from the Get-SpeculationControlSettings applet in PowerShell for the specifics.

The red arrows point to various key state indicators from the Get-SpeculationControlSettings applet prior to installing the latest microcode fixes.
[Click image for full-sized view].

The red arrows point to various key state indicators from the Get-SpeculationControlSettings applet after installing the latest microcode fixes.
Note the extra line of text in the speculative store bypass area, and the enablement of all 3 microcode fixes in the Windows OS.
[Click image for full-sized view].

If KB4465065 Offers New Microcode Fixes, Is That a Good Thing?

There can be a performance impact on some PCs when enabling various microcode fixes. All you can do is to try them out on a test machine, then measure and observe their consequences. If you need to undo those changes, you’ll have to flash a modified firmware onto the affected PC(s). The best way to do that is to make a firmware snapshot before applying KB4465065, so you’ll have something to roll back to if you don’t like the outcomes. See this SuperUser article “Can Intel updates be rolled back?” for more discussion. You’ll need to work with system or motherboard utilities to make UEFI/firmware snapshots as well, and understand how to apply them properly. Only then can you undo those changes.

For information on downloading and using the Get-SpeculationControlSettings applet, please consult the PowerShell Scripting center. You’ll find what you need in an item entitled “Speculation Control Validation PowerShell Script” (it includes a download link, and instructions on how to use this tool).

The View from Up Close and Personal

I have installed and am using this fix on a variety of machines include one Ivy Bridge PC, three Haswell PCs, and other, newer Intel Processors (SkyLake and Broadwell). So far, I have experienced no noticeable nor detrimental performance impacts. YMMV, however, as the old acronym goes.

You can grab the update from the Microsoft Update Catalog, or grab a self-installing update (.msu) file for x86 (32-bit) or x64 (64-bit) PCs directly (1809 build, see update catalog for older Win10 versions). Enjoy!