Intel says Friday's mystery 'security update' microcode isn't really a security update

False alarm: despite a patch notes suggesting otherwise, that mysterious blob of microcode released for many Intel microprocessors last week was not a security update, the x86 giant says.

In an email Monday, an Intel spokesperson told The Register that microcode-20230512, which popped up on the manufacturer's GitHub page “does not contain any security updates and the note, [INTEL-SA-NA], is meant to convey that there are no applicable (Not Applicable) security updates in the package.”

The update caught many users attention over the weekend as it affected nearly every Intel CPU going back to 2017. This includes most of Intel’s latest chips, such as its 13th-gen Core-series parts and 4th-Gen Xeon Scalable datacenter parts.

Unfortunately, Intel isn’t being forthcoming about what exactly the patch does. Its purpose was simply listed as “security updates for Intel-SA-NA,” which many, including Phoronix, took to the NA to mean it was a security update with a release advisory “not available.” We now know it meant “not applicable,” and that the update simply contains “functional updates.”

The Register has asked Intel for additional information on what these updates entail, and we'll let you know when the silicon slinger is ready to talk.

• FYI: Intel BootGuard OEM private keys leak from MSI cyber heist
• Do you want speed or security as expected? Spectre CPU defenses can cripple performance on Linux in tests
• MSI hit in cyberattack, warns against installing knock-off firmware
• Some potential: How bad software updates could over-volt, brick remote servers

It’s also unclear whether Intel chose not to patch older parts, or if they’re not affected. We’ll note that Microsoft Windows 11 doesn’t support Intel processors older than 8th-gen, so that may be part of the reasoning behind the deployment.

Microcode releases aren’t uncommon, can address and improve all kinds of low-level operations in modern processors, and can include mitigations for chip-level vulnerabilities. However, they’ve become a point of concern for many customers, as these sorts of security fixes can have a severe impact on performance.

For instance, the Spectre and Meltdown side-channel weaknesses we exposed back in early 2018 could be exploited by rogue software or insiders to extract sensitive information, such as cryptographic keys and authentication tokens, from memory that should otherwise be out of reach. Intel released patches for affected CPU cores, though the cure wasn’t always without side effects; some of the updates could hit performance dramatically or not, depending on what you're running and whether other mitigations were in place.

In any case, last week’s mystery microcode is already making its way out to Linux users — many distros will apply them as part of their security updates — while we anticipate the release will find its way out to Windows and Mac users before long.

Intel’s comments would seem to rule out any connection to the leak of BootGuard private OEM keys alongside a treasure trove of data stolen from MSI back in April.

In a nutshell, these keys ensure that only signed firmware releases can be applied to a system, preventing an attacker from injecting malicious code before the OS boots. With these keys now out in the wild, it’s technically possible for an attacker to sign their malware so it appears legitimate. ®