Intel this week has published an update to their ongoing microcode guidance document. In the roughly 3 weeks since the last update, the company is offering some unexpectedly mixed news: some additional microcode updates have been finished and released to production, but the company is also aborting their previous plans for issuing updates for some early-generation Core processors.

Last month we reported on the state of Intel’s efforts to issue microcode updates for processors to mitigate the Spectre v2 vulnerability. As of mid-March Intel had finished developing microcode updates for architectures going back to 2nd generation Core (Sandy Bridge), and was in the middle of planning or pre-beta development of updates for processors going back to the Core 2 era. Instead, with this latest guidance, Intel is essentially putting an end to their microcode program, coming to a halt with microcode updates for about half of their 1st generation Core lineup. The end result is that no Core 2 CPUs will be receiving updates, and only some 1st gen Cores will.

Intel’s chip/architecture stack for these earlier generations is somewhat confusing due to a multitude of codenames, which doesn’t help matters here, but here’s the general breakdown of what processor families have been excised from Intel’s support plans.

Intel's Spectre v2 Microcode Updates
Microarchitecture Core Generation Product Lines Status
Penryn 45nm Core 2 Core 2 Cancelled
Nehalem 1st (45nm Core) Core i7-900 Cancelled
Core i7-800 Released
Core i5-700
Mobile Core i7-900/800/700 Cancelled
Westmere 1st (32nm Core) Core i7-900 Cancelled
Core i5-600 Released
Core i3-500
Mobile Core i7-600
Mobile Core i5-500/400
Mobile Core i3-300
Sandy Bridge 2nd Core 2000 Released

In short, no Core 2 processors will be receiving a microcode update. Updates for Penryn and all derivative processors have been cancelled.

As for the 1st generation Core family, what did and didn’t get updated is an odd mix. Ignoring the Xeon side of the equation, Intel has essentially opted to deliver updates for most of their mainstream 1st gen Core processors, but not updates for their high-end models. So the desktop Core 900 series is out, for example, while the Core 800 and below is in. Meanwhile on the mobile side of matters, the Core 900M, 800M, and 700M processors have been excluded, but the Core 600M and below are included.

Overall there isn’t an apparent rhyme or reason from an architectural standpoint for the split. The patched processors include both the newer 32nm models and older 45nm models, but it’s not a complete set from either the tick or the tock side. Which, if nothing else, makes it difficult to make blanket statements about patches for the 1st generation Core processors.

The good news here is that for those 1st gen Core processors that are going to be covered with those microcode updates, Intel has completed them and delivered them to production. So the usual disclaimers about distribution aside – and I’ll be surprised if virtually all of these updates in the consumer space don’t eventually have to be distributed by OS vendors – the necessary microcode updates are available. In fact with this latest release, Intel has now completed their microcode update plans according to their roadmap; there are no additional processor families slated to get the Spectre v2 mitigations.

As for Intel’s rationale for the change in plans, the microcode guidance update document includes a new production status, “stopped,” which covers the cancelled processor families. Under which, Intel states:

After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
  • Limited Commercially Available System Software support
  • Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Presumably the checkerboard nature of the 1st gen Core updates falls to business reasons. Though it would be interesting to hear what micro-architectural characteristics are presumably preventing deploying patches on Intel’s 45nm Core 2 processors.

Overall this is an unsatisfying (but not upsetting) end to Intel’s microcode update program. After a rough start, Intel has essentially updated 8 years’ worth of processors, an important distinction since it means they’ve covered the Sandy Bridge generation and beyond, which remain in service and reasonably popular to this day (ed: not that I’d know anything about that). And while it was always clear that Intel wouldn’t continue going backwards forever, stopping halfway through the 1st gen Core family after previously scheduling it for support ends things on a disjointed note. Meanwhile for Core 2 owners, the bell is finally tolling, it seems. The processor family that reinvigorated Intel after the Pentium 4 era is finally being left behind.

Update: Intel sent over the following statement this afternoon in response to all of the articles today about the change in microcode update plans.

We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”

Source: Intel (via Tom's Hardware)

Comments Locked


View All Comments

  • Yaldabaoth - Wednesday, April 4, 2018 - link

    Core i7-920. [Sigh] I am not surprised, but....
  • wow&wow - Wednesday, April 4, 2018 - link

    "Overall this is an unsatisfying (but not upsetting) end to Intel’s microcode update program."

    Not really, still "Meltdown" inside and OS kernel relocation still needed!!!

    "Mad March Meltdown! Microsoft's patch for a patch for a patch may need another patch"
  • Ryan Smith - Wednesday, April 4, 2018 - link

    Meltdown is a hardware vulnerability and is fixed at the OS level. For existing hardware there's nothing I can think of that Intel could have or should have done differently.
  • yhselp - Thursday, April 5, 2018 - link

    So when and how can we expect these patches? Are they going to come with a Windows update, or do they have to be downloaded through Intel or the OEM? It'd be nice if Anandtech makes a user-friendly article on how to protect, and check whether you're protected, against these threats.
  • Comdrpopnfresh - Monday, April 9, 2018 - link

    Thought "1st gen core" would have been Yonah.
  • Magnus101 - Monday, April 9, 2018 - link

    Yona was the "Core Duo". (Mobile version released just before the Core 2 Duo, which was the desktop variant (although updated to 64 bit). There even was "Core Solo".
    But, yeah, it is damn confusing.
  • clkwork - Tuesday, April 10, 2018 - link

    What do you mean they aren't updating my Pentium Pro???

Log in

Don't have an account? Sign up now