how to protect against the latest intel Processor Vulnerabilities

If you are concerned about the latest round of Intel Vulnerabilities then its important to remember that you can’t just mitigate them all with just the latest Windows updates. Several of these vulnerabilities have been addressed in Microcode updates that are normally included within the latest mainboard BIOS release. As we all know it can often take sometime for OEMs to release a new BIOS for a system and in many cases never.

Given the severity of these vulnerabilities Microsoft have made available a Microcode update pack for many of the affected processors, the microcode will be loaded at the OS level rather than BIOS level but for the majority of businesses and individuals this will ensure that your Windows installation is secure.  Its important to note that Microsoft has only released this updated Microcode pack for the latest Windows 10 build 1903, you will need to upgrade to this build before you can install it.

The Knowledgebase article KB4497165 provides information on which Microcode level you need to be running to ensure that you are protected

https://support.microsoft.com/en-gb/help/4497165/kb4497165-intel-microcode-updates

The actual Microcode download link is here

https://www.catalog.update.microsoft.com/Search.aspx?q=4497165

You can check which Microcode version you are currently running by launching Powershell and entering the following command

reg query HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0

We are looking for the line “Update Revision”

After installing the latest BIOS or Microcode Update pack from Microsoft you should run the query again to check that you are running the updated Microcode version.  In my screenshots we can see that previously my Microcode version was AA and after installing the Microsoft Microcode update I am now running B4.

Alternatively you can just run regedit and manually browse to the relevant key to check your Microcode version

HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Apple 15-inch MacBook Pro Battery Recall Program

Apple has found that some of its older 2015 to 2017 15 inch MacBook Pro models might have batteries that could overheat and pose a fire risk.

You can check to see if your Mac Book is affected by visiting the Apple MacBook Battery recall site below:

https://support.apple.com/15-inch-macbook-pro-battery-recall

Veritas Backup Exec Snapshot technology error (0xE000FED1): A failure occurred querying the Writer status.

Having experienced a number of intermittent failures related to 0xE000FED1 we looked into increasing the retires and timeouts and found that the following values resolved the issue.

Browse to or create the following registry structure HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Engine\Besc

Under Besc create the following DWORD values:

Create a 32bit DWORD with name “UseSnapshotEngineRetry” and value (decimal) 1

Create a 32bit DWORD with name “SnapshotEngineRetries” and value (decimal) 5

Create a 32bit DWORD with name “SnapshotEngineWaitTime” and value (decimal) 360000 (that is 6 minutes in milliseconds)

You can find further information on the registry settings in this Veritas article:

https://www.veritas.com/content/support/en_US/article.100015593.html

This app has been blocked for your protection. An administrator has blocked you from running this app. For more information, contact the administrator.

I recently got this message when trying to update the BIOS on a HP Elite 8300 Small Form Factor PC.  I knew that the download was safe and needed to get the BIOS updated.  I worked around this block by launching a command prompt as Administrator, I then typed in the full path of the exe into the command prompt to launch it and this bypassed the block.

IT – Software and Hardware Support Resources