If you are concerned about the latest round of Intel Vulnerabilities then its important to remember that you can’t just mitigate them all with just the latest Windows updates. Several of these vulnerabilities have been addressed in Microcode updates that are normally included within the latest mainboard BIOS release. As we all know it can often take sometime for OEMs to release a new BIOS for a system and in many cases never.

Given the severity of these vulnerabilities Microsoft have made available a Microcode update pack for many of the affected processors, the microcode will be loaded at the OS level rather than BIOS level but for the majority of businesses and individuals this will ensure that your Windows installation is secure.  Its important to note that Microsoft has only released this updated Microcode pack for the latest Windows 10 build 1903, you will need to upgrade to this build before you can install it.

The Knowledgebase article KB4497165 provides information on which Microcode level you need to be running to ensure that you are protected

https://support.microsoft.com/en-gb/help/4497165/kb4497165-intel-microcode-updates

The actual Microcode download link is here

https://www.catalog.update.microsoft.com/Search.aspx?q=4497165

You can check which Microcode version you are currently running by launching Powershell and entering the following command

reg query HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0

We are looking for the line “Update Revision”

After installing the latest BIOS or Microcode Update pack from Microsoft you should run the query again to check that you are running the updated Microcode version.  In my screenshots we can see that previously my Microcode version was AA and after installing the Microsoft Microcode update I am now running B4.

Alternatively you can just run regedit and manually browse to the relevant key to check your Microcode version

HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0