BIOS updates to address the Spectre vulnerability have begun rolling out from the major motherboard OEMs.
Patches and updates for Meltdown/Spectre vulnerabilities continue to trickle in. Due to there actually being multiple vulnerabilities, each of which requires different fixes, and patches not always saying which vulnerability they address, it can be hard to know if you’re fully protected.
When the issue first broke, Intel said that CPU microcode (BIOS) updates would be required in addition to software patches. The company later said it had released the updates, but it wasn’t clear in what form users would receive them nor what vulnerability they were for. AMD, being invulnerable to Meltdown, said that it was still vulnerable to one of the vulnerabilities in Spectre, but it had not issued any updates.
To clear the air on all this before we get any further, we defer to the table below from Microsoft.
Only Variant 2, one of the two vulnerabilities that make up Spectre, requires a CPU microcode update. Variant 2 is also the vulnerability that AMD has said it is most likely not vulnerable to, thus the company has not issued any updates.
The only required BIOS updates are to address Variant 2 for Intel CPUs. If your Intel machine is from a system OEM, look for the updates to come from that manufacturer, most of which are linked here. DIY builders are, as usual, left waiting for motherboard OEMs to release updates
To that end, the first few are beginning to trickle in. Asus was the first to address the issue. MSI has also just released their first updates. We searched for updates from Gigabyte, ASRock, and EVGA, but didn’t find anything yet. We’ve reached out to them on the status of their updates and will update this post with their response.