AMD rolls out microcode updates for its CPUs affected by Spectre v2

PC and motherboard makers will be rolling out patches in forthcoming BIOS updates

AMD has begun rolling out its CPU microcode updates for processors that have been affected by the Spectre security vulnerability.

The microcode update fixes variant 2 of the vulnerability, CVE-2017-5715, and has been supplied to PC and motherboard makers to include in forthcoming BIOS updates.

The updates released by AMD will be good for products released as far back as 2011, AMD claimed, covering the first microprocessors of the Bulldozer line.

As part of the same vulnerability patch, Microsoft has released an update as well, in the form of KB4093112, which also includes special OS-level patches for AMD users with regard to the Spectre v2 vulnerability.

This patch is somewhat similar to the operating system-level updates that were released for Linux users earlier this year, and this time comes in Microsoft's Patch Tuesday release for April.

The KB4093112 update included in this patch release contains additional Spectre v2 mitigations which weren't originally included in the January 2018 Patch Tuesday roll out. AMD says these are necessary to completely alleviate the problems caused by Spectre v2.

"These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows," said AMD chief technology officer Mark Papermaster.

Last week, Intel warned that it won't be able to provide a fix for the second variant of the Spectre flaw for all but the latest of its desktop, laptop and server CPUs.

Affecting more than 230 models of Intel's microprocessors, the company has warned that completely eradicating the vulnerability from older CPUs might not be possible.

In new microcode revision guidance released by the chipmaker, Intel added a "stopped" status to its microcode updates relating to the Meltdown and Spectre flaws. This indicates that it won't be issuing patches to fully mitigate the vulnerabilities affecting a large number of its microprocessors still in use.