There is a MS Powershell script to test each machine and I have tested my two machines with the patches. One Core 2 Duo recommends a firmware/Bios update and the other says the Windows patch has not been applied. That is a Dual Pentium CPU but it getting BIOS updates for these boards will be out of the question. So how to protect two ancient machines with no microcode updates?

Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it

It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.

In reply to a post by flippery:

It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.

Not true. Microsoft has paused the updates to computers using AMD processors because AMD did not reveal the full details that Microsoft needed to write a compatible patch. I guess that's what happens when a company denies that their product has a problem (until forced to).

That makes sense as a recent Windows Insiders build wouldn't install on an AMD based system.

Build 17063 installs on the same machine.

Installed on my AMD machine at the weekend no probs

I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.

In reply to a post by Banger:

I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.

There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.

In reply to a post by robertcrowther:

In reply to a post by Banger:

I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.

There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.

I would like to believe that but I don't because MS has produced a PS script to test your machine to see if it has been protected. Here is the results of my main machine.

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False

As you can see from the script for branch target injection the patch is not enabled due to no hardware support which means a BIOS update for me which on a 2008 motherboard is going to be unlikely.

Maybe the instructions on how to read the results are not clear enough, but the test results for you actually read that you are software protected, but need a bios update to enable the hardware protection (read my previous post about the software/hardware patch explanation).

Hence why it says "Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation" as the "ONLY" suggestion.