# Where are the promised MSI Spectre/Meltdown BIOS updates?



## RejZoR (Apr 13, 2018)

It's been since like January 2018 when we got info about MSI releasing BIOS updates to address Spectre/Meltdown and they are still nowhere to be seen for X99 platform. What gives?

LINK: https://www.msi.com/news/detail/OkG...rTL9kD4wPpTAxIJCC2sBeYjNfGz221AA2yAjPZIzXKw~~

That "X299-series, 200-series, 100-series and X99-series BIOS updates available soon" is a bit BS it seems...


----------



## jboydgolfer (Apr 13, 2018)

It would seem they were promised "very soon" in January at some point, but maybe they're having a great deal of difficulty .  That's pretty sh!tty support.


----------



## 95Viper (Apr 13, 2018)

Ask the question of MSI support, maybe, they can give you the answer or link to an updated BIOS.

MSI Online Technical Support Request Form

MSI Contact Us

Welcome to MSI Member Center

Looks like they have updated some of them, not all.
I am still waiting for one, too.


----------



## jboydgolfer (Apr 13, 2018)

I mentioned it on their Facebook page. They had some kind of post talking about giveaways of X299 motherboards, and I asked why not spend some time working on those bios  updates for *current* owners


----------



## Space Lynx (Apr 13, 2018)

Yep. They were the last to release the latest security updates on Z370 platform as well, Asus and Gigabyte and ASROCK were all faster by about 3-4 weeks on each security release.

I still like MSI's BIOS layout the best, and my Tomahawk Z370 has better VRM's for its pricepoint than the other three according to Tweaktown VRm testing


----------



## John Naylor (Apr 13, 2018)

Where are the panic driven problems alleged to be caused by Spectre / Meltdown.  Have yet to see a "ooh look what happened to this guy who didn't apply the patch" story.


----------



## Aquinus (Apr 14, 2018)

Microcode updates don't require a BIOS update. The OS is more than capable of doing that and often these updates are provided by the OS vendor, be it Microsoft for Windows, Apple with OS X, or Canonical with Ubuntu. Are you sure that you don't have the patch already? Windows 10 does like to just install updates whenever it feels like it, so you might already have it.


----------



## Shihab (Apr 14, 2018)

John Naylor said:


> Where are the panic driven problems alleged to be caused by Spectre / Meltdown.  Have yet to see a "ooh look what happened to this guy who didn't apply the patch" story.



Not all malware make noise. In fact, a successful campaign tends to operate for a while in the dark before the spotlights shine on it. And if having a large hole on your room's wall leading directly to the street is, alone, enough reason to panic, I really admire your courage!

A slightly expensive exploit is still an exploit.


----------



## Vayra86 (Apr 14, 2018)

John Naylor said:


> Where are the panic driven problems alleged to be caused by Spectre / Meltdown.  Have yet to see a "ooh look what happened to this guy who didn't apply the patch" story.



Yeah I haven't seen any either as of yet but the media attention does have an influence here. Everyone is closely watching these exploits, now would be the worst time to use them.


----------



## cdawall (Apr 14, 2018)

lynx29 said:


> Yep. They were the last to release the latest security updates on Z370 platform as well, Asus and Gigabyte and ASROCK were all faster by about 3-4 weeks on each security release.
> 
> I still like MSI's BIOS layout the best, and my Tomahawk Z370 has better VRM's for its pricepoint than the other three according to Tweaktown VRm testing



The Supermicro C7Z370-CG-L is the better choice imo in that price range. Twice the MOSFET of msi and somehow cuts about 50w off at the wall.


----------



## Old-Greg (Apr 21, 2018)

MSI mods locked the topic about these much needed updates on the official forums and suggested all those concerned contact MSI support. 

Both my Asus Z270 and Z370 boards have been updated against Spectre and Meltdown.
Although updated to the hilt, my H270 MSI mobo is still in need of a Spectre patch. I'm pretty pi55ed about this TBH. 

Last but not least, is it safe to carry on using my MSI mobo for everyday use including financial transactions?


----------



## RejZoR (Apr 21, 2018)

Aquinus said:


> Microcode updates don't require a BIOS update. The OS is more than capable of doing that and often these updates are provided by the OS vendor, be it Microsoft for Windows, Apple with OS X, or Canonical with Ubuntu. Are you sure that you don't have the patch already? Windows 10 does like to just install updates whenever it feels like it, so you might already have it.



I'm sure because InSpectre still says it's not patched on my system. Meltdown yes, Spectre, no.


----------



## Solaris17 (Apr 21, 2018)

from what iv seen they aren't making a news post about each revision posted. Just check your mobo page. I recently flashed mine for the x299 tomahawk arctic and it didn't come out more than a few weeks ago. The intel tool immediately said it was ok for both Intel ME and inspecter passed it after the flash as well. but there was no "post" about it.


----------



## Old-Greg (Apr 21, 2018)

I've been checking every other day for the H270 update, nothing since B5 in Jan.


----------



## Solaris17 (Apr 21, 2018)

Old-Greg said:


> I've been checking every other day for the H270 update, nothing since B5 in Jan.



yeah that sucks, but like....you guys know there is no roll out tool for this right? like someone has to sit and code the fix into each bios...right? For like each board....but im sure 99.999% of end consumers understand this and the challenges it brings. Like the fact that you cant just "copy a line to the beginning of every bios" kind of thing. MSI user totally get this though I mean RIGHT?


----------



## Old-Greg (Apr 21, 2018)

Solaris17 said:


> yeah that sucks, but like....you guys know there is no roll out tool for this right? like someone has to sit and code the fix into each bios...right? For like each board....but im sure 99.999% of end consumers understand this and the challenges it brings. Like the fact that you cant just "copy a line to the beginning of every bios" kind of thing. MSI user totally get this though I mean RIGHT?





It's not like the 270 series mobo's are old hat, far from it.  Asus patched my Z270 a while back, and I know other brands have done the same. So why are MSI dragging their feet


----------



## Solaris17 (Apr 21, 2018)

Old-Greg said:


> It's not like the 270 series mobo's are old hat, far from it.  Asus patched my Z270 a while back, and I know other brands have done the same. So why are MSI dragging their feet



Because change process is a real life thing regardless of how old anything is.

A rough series of probable events given how change process usually manifests is.

they have no team dedicated to handle "Surprise security issues presented by chip makers"

At this point they need to pull people from other departments but wait. They need the people that have the SKILL required for the patch. Packaging is going to be useless for this so dont take any of them.

We will need to pull programmers from the actual write dept. But WAIT we have mobos in the pipeline still going through design and testing phase we havent announced yet. Those deadlines will get pushed back.

BUT WAIT the deadlines have to be met because we are sourcing chips for these boards and suppliers are delivering or require bulk order to garuntee pricing.

Might as well pull the warehouse manager too. he need space for these parts even if we need to put assembly behind schedule we need to put this shit in places that were supposed to have other shit 4 months from now.

DAMN we still dont have the patch team yet. well those projects are off so pull some of the developers.

SHIT we need PR to get on this and a time line. lets get them over here so we can game plan.

OH NO we need to teach the customer service leads what to tell people and then actually TRAIN the ppl on the web chat sessions.

BUT DAMNIT we have no documentation to push to them.

WHATEVER we need to make the actual patch.

ok pull resources

20min later

SHIT should we future proof this? we might need to make a section in the BIOS that is blank normally to inject new code like this so we dont have to freak out when it happens.

BUT WAIT

will our current eeproms handle this change? (space?)
Should we back port the entire structure?
can we make this work given how the bios functions?
do we have time to beta test this if it will?
does (BAD MANUFACTURER) plan to support older boards?
will it worki with them?
what about the beta and alpha bios for current and not released products can we chang ethem over?
can we delete this section if there is a perminent fix?

OH we need to talk to microsoft

what changes specifically?


etc etc etc etc

now multiply by all board makers affected. (because NO not all of them are "finished")

No but I get where your coming from they should have ha this fixed 1 hour and 26min after intel had a general idea of how to fix the problem,


BUT WAIT they (Intel) are still trying to process fixes for older platforms as recently as yesterday.

/s


----------



## Old-Greg (Apr 21, 2018)

Nope, non of that from MSI, It's all gone quiet. Last time I saw any speak of a Bios update for the MSI 270 series was in January.
Seriously thinking of selling this mobo because of the non existent Spectre patch.


----------



## Solaris17 (Apr 21, 2018)

Old-Greg said:


> Nope, non of that from MSI, It's all gone quiet. Last time I saw any speak of a Bios update for the MSI 270 series was in January.
> Seriously thinking of selling this mobo because of the non existent Spectre patch.



you should totally do it then. sell it to me for like $5 because you know no spectre patch.


----------



## Old-Greg (Apr 21, 2018)

Solaris17 said:


> you should totally do it then. *sell it to me for like $5 because you know no spectre patch.*



Haha! You'll have to take it from the nephew. I phoned him up and said "How about a fairly new mobo with a gaping security flaw?" 
He was at our place in record time!

I did ask MSI about this through their support channels. I was supposed to receive a conformation email and a record of it should have been in my MSI support account, nothing.
No record of me asking about the Spectre update and no confirmation in my email. I give up.


----------



## Aquinus (Apr 21, 2018)

Old-Greg said:


> Seriously thinking of selling this mobo because of the non existent Spectre patch.


As I said earlier:


Aquinus said:


> Microcode updates don't require a BIOS update. The OS is more than capable of doing that and often these updates are provided by the OS vendor, be it Microsoft for Windows, Apple with OS X, or Canonical with Ubuntu. Are you sure that you don't have the patch already? Windows 10 does like to just install updates whenever it feels like it, so you might already have it.


I don't know about your machine but, mine hasn't had a BIOS update in a long time but, I've had firmware updates as recent as 2018-03-12.

```
intel-microcode/artful-updates,artful-security,now 3.20180312.0~ubuntu17.10.1 amd64 [installed]
  Processor microcode firmware for Intel CPUs
```


```
Changelog
intel-microcode (3.20180312.0~ubuntu17.10.1) artful-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode data file 20180312 to provide
    IBRS/IBPB/STIBP microcode support for Spectre variant 2 mitigation
    - New Microcodes:
      sig 0x00050653, pf mask 0x97, 2018-01-29, rev 0x1000140, size 30720
      sig 0x00050665, pf mask 0x10, 2018-01-22, rev 0xe000009, size 18432
    - Updated Microcodes:
      sig 0x000206a7, pf mask 0x12, 2018-02-07, rev 0x002d, size 12288
      sig 0x000206d6, pf mask 0x6d, 2018-01-30, rev 0x061c, size 18432
      sig 0x000206d7, pf mask 0x6d, 2018-01-26, rev 0x0713, size 19456
      sig 0x000306a9, pf mask 0x12, 2018-02-07, rev 0x001f, size 13312
      sig 0x000306c3, pf mask 0x32, 2018-01-21, rev 0x0024, size 23552
      sig 0x000306d4, pf mask 0xc0, 2018-01-18, rev 0x002a, size 18432
      sig 0x000306e4, pf mask 0xed, 2018-01-25, rev 0x042c, size 15360
      sig 0x000306e7, pf mask 0xed, 2018-02-16, rev 0x0713, size 16384
      sig 0x000306f2, pf mask 0x6f, 2018-01-19, rev 0x003c, size 33792
      sig 0x000306f4, pf mask 0x80, 2018-01-22, rev 0x0011, size 17408
      sig 0x00040651, pf mask 0x72, 2018-01-18, rev 0x0023, size 21504
      sig 0x00040661, pf mask 0x32, 2018-01-21, rev 0x0019, size 25600
      sig 0x00040671, pf mask 0x22, 2018-01-21, rev 0x001d, size 12288
      sig 0x000406e3, pf mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
      sig 0x00050654, pf mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
      sig 0x00050662, pf mask 0x10, 2018-01-22, rev 0x0015, size 31744
      sig 0x00050663, pf mask 0x10, 2018-01-22, rev 0x7000012, size 22528
      sig 0x00050664, pf mask 0x10, 2018-01-22, rev 0xf000011, size 22528
      sig 0x000506e3, pf mask 0x36, 2017-11-16, rev 0x00c2, size 99328
      sig 0x000806e9, pf mask 0xc0, 2018-01-21, rev 0x0084, size 98304
      sig 0x000806ea, pf mask 0xc0, 2018-01-21, rev 0x0084, size 97280
      sig 0x000906e9, pf mask 0x2a, 2018-01-21, rev 0x0084, size 98304
      sig 0x000906ea, pf mask 0x22, 2018-01-21, rev 0x0084, size 96256
      sig 0x000906eb, pf mask 0x02, 2018-01-21, rev 0x0084, size 98304
    - CVE-2017-5715
```


----------



## jboydgolfer (Apr 21, 2018)

Is the lack of active support reason for RMA/return i wonder?

My board from asrock has gotten 2 updates in a single month iirc. Not security ones, but still, msi shouldnt abandon their products


----------



## Old-Greg (Apr 21, 2018)

Aquinus said:


> As I said earlier:





Aquinus said:


> "*Microcode updates don't require a BIOS update.* The OS is more than capable of doing that and often these updates are provided by the OS vendor, be it Microsoft for Windows, Apple with OS X, or Canonical with Ubuntu. *Are you sure that you don't have the patch already?* *Windows 10 does like to just install updates whenever it feels like it, so you might already have it"*




Yep I know that. This is about MSI mobo's not getting the Spectre patch while other vendors did. Take my Asus Z270 motherboard as an example. Both Meltdown and Spectre are patched.
My MSI H270 board only got the Meltdown patch but that was in January.

No. Already checked that with InSpectre. Meltdown patched, Spectre isn't.

As I said earlier, the discussion was was locked by MSI mods on the official forums and we were told to contact MSI directly.
Even that has been unsuccessful.


----------



## jboydgolfer (Apr 22, 2018)

Old-Greg said:


> Yep I know that. This is about MSI mobo's not getting the Spectre patch while other vendors did. Take my Asus Z270 motherboard as an example. Both Meltdown and Spectre are patched.
> My MSI H270 board only got the Meltdown patch but that was in January.
> 
> No. Already checked that with InSpectre. Meltdown patched, Spectre isn't.
> ...



 I've been littering their various Facebook posts/giveaways ,and pages with comments and warnings to perspective buyers ,regarding their lack of support in this matter.  Hopefully someone  decides to look into the matter ,or at least hopefully someone considering purchasing from them ,will think twice beforehand.


----------



## Aquinus (Apr 22, 2018)

Old-Greg said:


> No. Already checked that with InSpectre. Meltdown patched, Spectre isn't.


The thing about Spectre is that there is a time timeframe where it's possible to have the exploit be exploitable. Even if the hole isn't completely patched, if it's been mitigated sufficiently, it's as good as patched. What you have to understand is that this exploit isn't a golden ticket. It lets you observe some protected memory but, it's not like you can read whatever you want as quickly as you want. You're lucky to get 2000 bytes of protected memory in 1 second. This is problematic in a number of ways but the biggest is with data that is time sensitive or is being changed, moved, or whatever. If Spectre has been sufficiently mitigated to say, 100 bytes per second, the number of things you can do with the exploit starts to narrow. This is already a tricky exploit to actually take advantage of. Mitigating it only makes it even harder. Also remember, this is only to read protected memory, not writing, which also narrows the scope of what you can do even further.

Is it a problem? Sure, but it's not like any virus you might get hit with is likely to be trying to use it. There is far lower hanging fruit.


----------



## Old-Greg (Apr 22, 2018)

jboydgolfer said:


> I've been littering their various Facebook posts/giveaways ,and pages with comments and warnings to perspective buyers ,regarding their lack of support in this matter.  Hopefully someone  decides to look into the matter ,or at least hopefully someone considering purchasing from them ,will think twice beforehand.



Glad to hear someone is pro active regarding this.  
I visited MSI's official forums again and thumbed through the junk. I saw the odd plea for fixes but the OP's get shot down with mods saying things like "it's all Intel's fault" and "You'll have to wait".   
The MSI H270 board I was talking about is basically worthless without a Spectre patch unless it's used offline. 
I won't be purchasing MSI hardware again.



Aquinus said:


> The thing about Spectre is that there is a time timeframe where it's possible to have the exploit be exploitable. *Even if the hole isn't completely patched, if it's been mitigated sufficiently, it's as good as patched.* What you have to understand is that this exploit isn't a golden ticket. It lets you observe some protected memory but, it's not like you can read whatever you want as quickly as you want. You're lucky to get 2000 bytes of protected memory in 1 second. This is problematic in a number of ways but the biggest is with data that is time sensitive or is being changed, moved, or whatever. If Spectre has been sufficiently mitigated to say, 100 bytes per second, the number of things you can do with the exploit starts to narrow. This is already a tricky exploit to actually take advantage of. Mitigating it only makes it even harder. Also remember, this is only to read protected memory, not writing, which also narrows the scope of what you can do even further.
> 
> Is it a problem? Sure, but it's not like any virus you might get hit with is likely to be trying to use it. There is far lower hanging fruit.



But it hasn't been patched at all on my MSI H270 mobo 

I know, I've read page after page about the exploits till my eyes nearly bled. 

Try telling that to a Data Center. A gaping security flaw is still a gaping security flaw regardless of the spin put on it.
This kind of silence from MSI is reckless to put it mildly.


----------



## Aquinus (Apr 22, 2018)

Old-Greg said:


> But it hasn't been patched at all on my MSI H270 mobo


It hasn't been patched on my motherboard either, because *it's a CPU firmware update*. 


Old-Greg said:


> I know, I've read page after page about the exploits till my eyes nearly bled.


If you know, you shouldn't care so much as you should understand that it's not trivial to try and utilize this exploit.


----------



## Old-Greg (Apr 22, 2018)

Aquinus said:


> It hasn't been patched on my motherboard either, because *it's a CPU firmware update*.



Really???
My Kaby Lake Pentium,  i5 and i7 CPU's have all been patched on the Asus 270 series mobo but not the MSI board.
Yep, I took some time to test all of them on both 270 boards.  MSI are in last place dealing with this exploit. See what I'm saying?, MSI are waaaaaaay behind and haven't given 270 users any news or patch for Spectre 



Aquinus said:


> If you know, you shouldn't care so much as you should understand that it's not trivial to try and utilize this exploit.




I do care about this un-patched exploit, along with a mountain of other users


----------



## Aquinus (Apr 22, 2018)

Old-Greg said:


> Really???
> My Kaby Lake Pentium, i5 and i7 CPU's have all been patched on the Asus 270 series mobo but not the MSI board.


Yes, really. CPU microcode is reloaded every time the machine starts. Hell, it is even reloaded when the machine comes out of a really low power mode, the OS can and often does provide that microcode. It can be baked into the BIOS but, the latest revision doesn't have to be. Hence why Ubuntu can push firmware updates as part of the kernel. 


Old-Greg said:


> I do care about this un-patched exploit, along with a mountain of other users


How much you care doesn't make it any more exploitable.


----------



## Regeneration (Apr 22, 2018)

Spectre requires user-level local access, and even then its not that easy to exploit.

The new microcode drops performance in some apps, so annoying as it is, you really not missing that much.


----------



## Old-Greg (May 10, 2018)

The motherboard still has a world wide know gaping security flaw regardless. 

MSI emailed and suggested I wait for the Spectre patch.  Does this company operate out of a back room


----------



## eidairaman1 (May 10, 2018)

Old-Greg said:


> The motherboard still has a world wide know gaping security flaw regardless.
> 
> MSI emailed and suggested I wait for the Spectre patch.  Does this company operate out of a back room



Ok you are at the lowest level of technical support when you email them, they only know as much as you do. They don't have an ETA of when firmware updates will arrive, so just have patience or sell the friggin board, another note, just use the internet cautiously, keep your security apps updated, and GRC may not have updated InSpectre recently.

You can always try to look for beta bios too.

Go to MSI social media pages and gripe there.

I've yet to see board makers show up on These Tech Forums.


----------



## Easo (May 10, 2018)

They sent beta BIOS for my board when I asked and said that it won't be publicly available, only upon request.
Ehh, MSI. Was Devil's Canyon that long ago?


----------



## Vayra86 (May 13, 2018)

Solaris17 said:


> Because change process is a real life thing regardless of how old anything is.
> 
> A rough series of probable events given how change process usually manifests is.
> 
> ...



This post is glorious and should be in random IT offices worldwide


----------



## Old-Greg (May 18, 2018)

eidairaman1 said:


> Ok you are at the lowest level of technical support when you email them, they only know as much as you do. They don't have an ETA of when firmware updates will arrive, so just have patience or sell the friggin board, another note, just use the internet cautiously, keep your security apps updated, and GRC may not have updated InSpectre recently.
> 
> You can always try to look for beta bios too.
> 
> ...




Yeah I gathered that by the response. I'm tech savvy and this is the first time in 20 or so years I've had to ask for a damn bios update. 

I've already search for a beta bios but nothing is around. 

The mobo is in the hands of a family member, but even he won't use it due to the 'HOLE'

Been there done that with many others MSI forum members.  All threads get locked by the mods with the same generic "Contact MSI here" link. 

They turn up on Newegg, Oh I forgot, it must be about the $$$


----------



## eidairaman1 (May 18, 2018)

Old-Greg said:


> Yeah I gathered that by the response. I'm tech savvy and this is the first time in 20 or so years I've had to ask for a damn bios update.
> 
> I've already search for a beta bios but nothing is around.
> 
> ...



Go to Social media then, or just don't buy msi.


----------



## fullinfusion (May 19, 2018)

my asus board had the patch out for some time now but I didn't bother with it... I don't need to re-do all my overclock settings nor figure them out AGAIN.. 

Im good as far as I'm concerned with a non patched bios


----------



## Old-Greg (May 19, 2018)

eidairaman1 said:


> Go to Social media then, or just don't buy msi.



SM doesn't appear to do anything. MSI aren't listening, nor do they seem to care.

I won't be buying MSI products again, thanks. 



fullinfusion said:


> my asus board had the patch out for some time now but I didn't bother with it... I don't need to re-do all my overclock settings nor figure them out AGAIN..
> 
> Im good as far as I'm concerned with a non patched bios



Both my Asus Z370 & Z270 boards are patched, but I already know my OC settings so the bios updates weren't a problem for me. 

Good for you, but some of use don't like walking around in the wilderness with our pants down.


----------



## RejZoR (May 19, 2018)

I like my X99A Gaming 7 board, but their customers relation and product support is just pathetic. I was on ASUS the entire time and their BIOS support is fantastic.


----------



## Law-II (May 21, 2018)

Hi

Got my reply today: very disappointed that MSI First Line Support think the x79 chipset is to old; it is in fact only two generations back from x299 which is a fluffy side grade from the x99 platform.

I have let Micro Star International know I will not be purchasing any more of their products in future as there support in this case is unacceptable

I have asked them to escalate this to Tear Two Support or to Higher Management; but I am "not holding my breath"

@RejZoR hope you have more luck than I

atb

Law-II


----------



## Space Lynx (May 21, 2018)

I got MSI mobo and the spectre and meltdown patch, I disabled both with Inspectre, I am not worried about a 1% hacking chance over the performance hit. lol


----------



## eidairaman1 (May 22, 2018)

Some minor news.

https://www.techpowerup.com/forums/...-bios-update-for-msi-am4-motherboards.244388/


----------



## R0H1T (May 22, 2018)

Some updates wrt Spectre NG, hope it's not entirely off topic ~


> *Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.*
> 
> 
> 
> ...


----------



## Law-II (May 23, 2018)

Law-II said:


> Hi
> 
> Got my reply today: very disappointed that MSI First Line Support think the x79 chipset is to old; it is in fact only two generations back from x299 which is a fluffy side grade from the x99 platform.
> 
> ...



Hi

Just a quick update; after asking tear one support to pass this to tear two support I have received a Beta Bios (use at own risk) better than nothing I suppose. 

atb

Law-II


----------



## er557 (May 24, 2018)

Hey, you dont need any bios if you install the latest windows updates and download the microsoft microcode update kb, the system will be mitigated fine. No need to install the microcode on bios level if it gets it on OS level


----------



## Urlyin (May 24, 2018)

er557 said:


> Hey, you dont need any bios if you install the latest windows updates and download the microsoft microcode update kb, the system will be mitigated fine. No need to install the microcode on bios level if it gets it on OS level



What I thought as well...


----------



## Old-Greg (May 25, 2018)

er557 said:


> Hey, *you dont need any bios if you install the latest windows updates* and download the microsoft microcode update kb, the system will be mitigated fine. No need to install the microcode on bios level if it gets it on OS level



Completely untrue.

For the last time for those who haven't read what I wrote.
My* MSI 270* mobo* ISN'T* patched against Spectre. Both my *ASUS Z270* and *Z370* mobo's are. And all are running the latest up to date versions of Windows 10.
MSI haven't released a Bios update for my MSI board since January and suggested I wait when I emailed them. 
Forget that, other vendors have patched their 270 series boards without users having to beg for a bios update, why not MSI.
HP also issued a Bios update for the wife's Kaby Lake laptop last week which patched the Spectre exploit. A Microsoft update had already patched the Meltdown exploit.

It's the same issue for* RejZoR. * His MSI X99 series mobo hasn't received a bios update either. Asus on the other hand have, for many of their X99 series boards.



Law-II said:


> Hi
> 
> Just a quick update; after asking tear one support to pass this to tear two support I have received a Beta Bios (use at own risk) better than nothing I suppose.
> 
> ...



Tried that as suggested, still nothing.


----------



## AsRock (May 25, 2018)

Sorry MSI is a joke, i remember back some time they said they were going do another update for new AMD chips and a month or so later the board i had was removed from the list.

Sorry but MSI is a trash company which will shaft you at any opportunity.



lynx29 said:


> Yep. They were the last to release the latest security updates on Z370 platform as well, Asus and Gigabyte and ASROCK were all faster by about 3-4 weeks on each security release.
> 
> I still like MSI's BIOS layout the best, and my Tomahawk Z370 has better VRM's for its pricepoint than the other three according to Tweaktown VRm testing



Yeah seems like they even got the Z77 board i got done too, not the x68 but still.

 Although this may not be, find it very odd for a update this late on.
https://www.asrock.com/mb/Intel/Z77 Extreme4/index.us.asp#BIOS


----------



## hapkiman (May 25, 2018)

I have an MSI board, a Z370 Gaming 5 (which I love BTW), and I have not updated the BIOS (I'm still on version 7B58v12) nor am I worried about Spectre or Meltdown, or any of the variants that will be or have been coming out over the next few months years.  This is something that I think we will all be living with in the computer world for years, until manufacturer's fundamentally change the way processors are constructed- all the way down to the kernel level or even lower.  I just try and use common sense though when online, and don't go to places online that I shouldn't or click on links that I shouldn't.  And I am only using Windows Defender and Malwarebytes.  That's it.

And do you know how much I have been affected by these horrible exploits?  Zero.  Nada.  And I'm online and on my rig 12 hours a day sometimes.  But I'm not so naive that I don't realize there are user case scenarios - especially at businesses that could be devastated by these exploits, but as far as the average guy like me.....I'm not so worried about it, or about MSI updating my boards BIOS so I'll be "safe" from them.  I fell safe already.  And I built this rig and have been using it since Oct of 2017.

Also, BTW I've went through a lot  of boards over the past 10-15 years, most of them ASUS.  I used to be a die hard ASUS or nothing else fanboy.  But you are wrong - MSI is not a joke.  Not in my experience.  I've used several MSI and ASUS boards over the past 5 or so years (Z77, Z170, Z270, Z370) and they've all been rock solid.  Both companies.


----------



## er557 (May 25, 2018)

Old-Greg said:


> Completely untrue.
> 
> For the last time for those who haven't read what I wrote.
> My* MSI 270* mobo* ISN'T* patched against Spectre. Both my *ASUS Z270* and *Z370* mobo's are. And all are running the latest up to date versions of Windows 10.
> ...



You probably didn't go to the appropriate Microsoft knowledgebase page to MANUALLY install the microcode update, or simply it was yet to be released to support your cpu. Just run inspectre v8 from steve Gibson and you should find out if you are mitigated. As far as I know, the motherboard is irrelevant to this, unless it has a patch that updates the microcode prior to windows loading. If no bios updates exist, I should think that specific page for your version of windows 10 should update the cpu and mitigate it fine. Head over to tenforums , windows news, and you should have links to patches for 1607, 1703, 1709, 1803


----------



## Old-Greg (May 28, 2018)

er557 said:


> You probably didn't go to the appropriate Microsoft knowledgebase page to MANUALLY install the microcode update, or simply it was yet to be released to support your cpu. Just run inspectre v8 from steve Gibson and you should find out if you are mitigated. As far as I know, the motherboard is irrelevant to this, unless it has a patch that updates the microcode prior to windows loading. If no bios updates exist, I should think that specific page for your version of windows 10 should update the cpu and mitigate it fine. Head over to tenforums , windows news, and you should have links to patches for 1607, 1703, 1709, 1803



Did all that prior to posting.
*Same CPU* is patched on ASUS 270 series mobo but not MSI 270 series mobo. 
Meltdown patched on MSI mobo but not Spectre. Both are patched on ASUS 270 mobo.
Both mobo's are running the latest up to date Windows 10.

This is definitely a bios related issue and MSI aren't playing ball.


----------



## eidairaman1 (May 28, 2018)

Ok well a dead horse is beaten.


----------



## las (May 28, 2018)

It does not matter much anyway. Most software is patched.
Those microcode patches will just slow down the CPU even further


----------



## Old-Greg (May 28, 2018)

eidairaman1 said:


> Ok well a dead horse is beaten.



Agreed.


----------



## trparky (Jun 6, 2018)

Old-Greg said:


> Did all that prior to posting.
> *Same CPU* is patched on ASUS 270 series mobo but not MSI 270 series mobo.
> Meltdown patched on MSI mobo but not Spectre. Both are patched on ASUS 270 mobo.
> Both mobo's are running the latest up to date Windows 10.
> ...


WRONG!!!

*KB4090007: Intel microcode updates*
CPU IDs 506E3, 406E3, 00050654, 00050654, and 00050654 are covered by the Microsoft patch. The microcode is updated at kernel load time similar to how Linux does it. The only difference is that the microcode update needs to be loaded by the kernel every time the system is booted since the microcode update isn't permanent. Is it an ugly hack? Yes, but it's better than nothing. I have loaded this same patch on a 3570K system and the GRC's InSpectre says that I am secure (with patched microcode) against *both* Meltdown *and* Spectre.


----------



## RejZoR (Jun 7, 2018)

Yeah, well, for some stupid reason, they didn't bother patching 5820K. Also, when is MSI planning on releasing this BIOS as final and not beta? Not in the mood to flash beta BIOS...


----------



## silentbogo (Jun 7, 2018)

MSI is the slowest in regards to BIOS updates. I had to wait almost an extra 6 months(comparing to competition or their own Z170 mobos) before they released the KabyLake update for my board.
Same with security and bug patching - it's taking wa-a-ay too long.



RejZoR said:


> Also, when is MSI planning on releasing this BIOS as final and not beta? Not in the mood to flash beta BIOS...


You might wanna check again. A new BIOS for my B150i was released last month, so as the one for my X99S MPOWER.


----------



## trparky (Jun 7, 2018)

According to CPU-World.com the 5820K carries a CPUID of 306F2 which is listed as patched on Microsoft's Intel Microcode Update page under "Haswell Server E, EP, EP4S".


----------



## Solaris17 (Jun 7, 2018)

Meh my board got the update in a good amount of time. I’m not sure how this thread isn’t at this point about a witch trial. Don’t use them or wait seriously.


----------



## Old-Greg (Jun 8, 2018)

trparky said:


> WRONG!!!
> 
> *KB4090007: Intel microcode updates*
> *CPU IDs 506E3, 406E3, 00050654, 00050654, and 00050654 are covered by the Microsoft patch. *The microcode is updated at kernel load time similar to how Linux does it. The only difference is that the microcode update needs to be loaded by the kernel every time the system is booted since the microcode update isn't permanent. Is it an ugly hack? Yes, but it's better than nothing. I have loaded this same patch on a 3570K system and the GRC's InSpectre says that I am secure (with patched microcode) against *both* Meltdown *and* Spectre.



I know that already because I read someone suggest the  same thing on Intel's website a few months back.
*BUT!* Still no Spectre patch for the MSI mobo with Windows updates regardless.
And still no Bios update from MSI.  The mobo is an H270. And non of MSI Z270 series boards appear to have been issues with a Bios update since January either. 

*THE END*



Solaris17 said:


> Meh my board got the update in a good amount of time. *I’m not sure how this thread isn’t at this point about a witch trial. Don’t use them or wait seriously.*



No I don't think it is.  MSI have fallen well below the standard of other manufactures. 
This is my first and last MSI purchase ever.


----------



## trparky (Jun 8, 2018)

So are you saying that the Microsoft provided update doesn't work for your system? Does it not update the microcode?

But if it does patch the microcode then you're covered, safe, secure. Sit down, have a drink and relax.


----------



## R-T-B (Jun 9, 2018)

I know this isn't perhaps what you are looking for, but I'm here if you want it.

I'm a bios modder.  Post your bios, and I'd be willing to a do a microcode update on it for you.

That's a pretty safe procedure overall, and is completely reversible, but still, no warranty flash at your own risk etc.


----------



## er557 (Jun 9, 2018)

You mean with latest UBU and mmtool? the msi bioses are encapsulated and need manual hex editing, but most other boards are easy to implement a microcode update from the built in ubu database


----------



## RejZoR (Jun 10, 2018)

Solaris17 said:


> Meh my board got the update in a good amount of time. I’m not sure how this thread isn’t at this point about a witch trial. Don’t use them or wait seriously.



It's things that no one tells you when you buy some brand. I used to have ASUS only boards for years. Excellent software support as far as BIOS goes, but their hardware was often weird. Especially the last time when board just died over night. So I bought MSI X99A Gaming 7 because it had all I needed, was priced well and few people had it and were happy with it. Hardware wise, it's already lasting longer than ASUS one, it works well, but BIOS updating support was a real disappointment. As I bought it, it already came with 1 year old BIOS with nothing newer available. Which is almost unthinkable thing with ASUS. And secondly, this isn't exactly a budget board whee such poor support is kinda expected. Sure, it's not Gaming 9 or whatever series, but Gaming 7 ain't a budget one either so one would expect some sort of decent long term support for it... I guess ASUS spoiled me in that regard where I got BIOS update for Rampage II Gene board like 4 or was it even 5 years after release...


----------



## R-T-B (Jun 10, 2018)

er557 said:


> You mean with latest UBU and mmtool? the msi bioses are encapsulated and need manual hex editing, but most other boards are easy to implement a microcode update from the built in ubu database



Yeah, that's what I was thinking of.  I'm familiar with ASUS capsules but not MSI ones so I'll have to retract my offer.


----------



## Old-Greg (Jun 25, 2018)

trparky said:


> *So are you saying that the Microsoft provided update doesn't work for your system?* Does it not update the microcode?
> 
> But if it does patch the microcode then you're covered, safe, secure. Sit down, have a drink and relax.



I thought I made that clear. The answer is still No. No Microcode update from MS, and no bios update from MSI. 
And I've checked every week.



R-T-B said:


> I know this isn't perhaps what you are looking for, but I'm here if you want it.
> 
> I'm a bios modder.  Post your bios, and I'd be willing to a do a microcode update on it for you.
> 
> That's a pretty safe procedure overall, and is completely reversible, but still, no warranty flash at your own risk etc.



Is that an offer dear Froggy?  
Would be great if you could. I looked into the latest UBU and mmtool but didn't feel confident enough to carry out the mod.


----------



## R-T-B (Jun 25, 2018)

Old-Greg said:


> Is that an offer dear Froggy?
> Would be great if you could. I looked into the latest UBU and mmtool but didn't feel confident enough to carry out the mod.



I'll look into it, but no promises.  As someone said above MSI updates are capsuled (like a signature + a header) so it makes it harder to do than you'd think.


----------



## er557 (Jun 25, 2018)

I did mod an msi bios to REMOVE microcode for a hack project of mine, it required hex editing by corrupting the current microcode and then adding +2 to a value in another place just to keep the checksum identical, then I checked in UBU and the microcode for the cpu id I needed was absent. But to ADD microcode to msi bios is a whole different story, It cannot be done simply in UBU due to the mmtool failing at the end due to encapsulation, and via hex editing it is more complicated, requires to import and inject parts of the bios several times. But I didn't check with latest UBU release, it seems to make progress in many areas.


----------



## R-T-B (Jun 25, 2018)

er557 said:


> I did mod an msi bios to REMOVE microcode for a hack project of mine, it required hex editing by corrupting the current microcode and then adding +2 to a value in another place just to keep the checksum identical, then I checked in UBU and the microcode for the cpu id I needed was absent. But to ADD microcode to msi bios is a whole different story, It cannot be done simply in UBU due to the mmtool failing at the end due to encapsulation, and via hex editing it is more complicated, requires to import and inject parts of the bios several times. But I didn't check with latest UBU release, it seems to make progress in many areas.



Yeah, the capsule complicates things as I said.  The only route is to hope there is a sig check override or decapsule the module entirely and flash it with another tool like ftd tool or similar.

It's iffy if it can be done, either way.  Will investigate tonight.


----------



## er557 (Jun 25, 2018)

Now they make asrock bios recently protected as well, though not encapsulated. Latest UBU easily managed to remove asrock protection, and then I flashed the modified bios unprotected, and it works fine. I needed to actually REMOVE haswell-ep microcode, even though it was now mitigated for spectre and meltdown, but the driver I load on POST loads an older microcode, so the bios screen does show it at least. I was able to use the more stable latest bios, I have no need for spectre mitigation as the OS microcode takes care of that during boot.


----------



## R-T-B (Jun 26, 2018)

er557 said:


> Now they make asrock bios recently protected as well, though not encapsulated. Latest UBU easily managed to remove asrock protection, and then I flashed the modified bios unprotected, and it works fine. I needed to actually REMOVE haswell-ep microcode, even though it was now mitigated for spectre and meltdown, but the driver I load on POST loads an older microcode, so the bios screen does show it at least. I was able to use the more stable latest bios, I have no need for spectre mitigation as the OS microcode takes care of that during boot.



ASRock and GIGABYTE share similar "protections."  They are really just "sigcheck" flags (actually ASRock is a bit more, but still plenty able to be disarmed).


----------



## mad1394 (Jun 26, 2018)

Is there any proof of spectre of meltdown being abused in the wild? I know some people are really worried but frankly I could not give a crap. I am either completely retarded or other people are worried about nothing.


----------



## er557 (Jun 26, 2018)

Not that I know of. Also to be exploited one must first click a file or attachment, there's always the human judgement factor. Most systems are not fully mitigated at any rate due to new variations of these vulnerabilities popping up all the time, intel has yet to release updates for side channel and the recent new variations. One's best bet is to always be cautious and keep the OS as up to date as possible, Microsoft continually patches the vulnerabilities even without mainboard bios updates. I consider myself to be cautious and keep my system current, yet have been recently almost PWNED via the ancient remote desktop protocol, an open port here and there and a weak password, several security layers didn't help. A current and well configured anti malware solution is also essential, to keep tabs on suspect files and uknown programs from p2p sources. A system without 3rd party firewall or registry modification monitoring program is much more vulnerable


----------



## Old-Greg (Jun 26, 2018)

R-T-B said:


> I'll look into it, but no promises.  As someone said above MSI updates are capsuled (like a signature + a header) so it makes it harder to do than you'd think.



Whether you can or can't the offer is much appreciated  



mad1394 said:


> Is there any proof of spectre of meltdown being abused in the wild? I know some people are really worried but frankly I could not give a crap. I am either completely retarded or other people are worried about nothing.



Companies keep their system hacks under wraps for years.  Just because it's not it the headlines doesn't mean it's not happening.
And ye, some of us do give a crap.


----------



## RejZoR (Jun 29, 2018)

MSI RELEASED THE BIOS UPDATE AS FINAL! FINALLY!

EDIT:
Wtf, downloaded the BIOS from X99A Gaming 7 page and the document that came with the BIOS file states:
X99S SLI PLUS = BIOS 1xx
X99S GAMING 7 = BIOS Hxx  

Now I'm hesitating to update given there is no mention of X99*A* Gaming 7. WTF MSI ?


----------



## Grom0X (Jun 29, 2018)

RejZoR said:


> MSI RELEASED THE BIOS UPDATE AS FINAL! FINALLY!
> 
> EDIT:
> Wtf, downloaded the BIOS from X99A Gaming 7 page and the document that came with the BIOS file states:
> ...


Hi dude, please look at this, there is a new Beta BIOS for X99A Gaming 7.
MSI X99A Gaming 7


----------



## RejZoR (Jun 29, 2018)

The alleged final version:
https://www.msi.com/Motherboard/support/X99A-GAMING-7

...that doesn't mention X99A Gaming 7, only X99S Gaming 7 in the documentation accompanying the BIOS file...


----------



## er557 (Jun 29, 2018)

try it, the bios wont update it the product does not match, use the dos flasher. also, don't you have dual bios for emergency?


----------



## RejZoR (Jun 29, 2018)

Not in the mood for screwing around because someone at MSI cocked it up (potentially). It's just weird it's mentioning X99S models in a package downloaded from X99A Gaming 7 webpage...


----------



## RejZoR (Jun 30, 2018)

Ok, it seems to be the right BIOS. MSI just sucks at labeling it clearly...


----------



## John Naylor (Jun 30, 2018)

I'm still looking a the horror story where someone didn't apply a S/M patch and their world came crashing down.


----------



## RejZoR (Jun 30, 2018)

I'm not gonna risk it. It's not like system will burn in fire, it's potential security issue.


----------



## Hood (Jun 30, 2018)

John Naylor said:


> I'm still looking a the horror story where someone didn't apply a S/M patch and their world came crashing down.


What?  Your post is not clear (typo?).  I have not seen any reports of any of these exploits being used in the wild.  Did a Google search for any several times since this was first announced.



RejZoR said:


> I'm not gonna risk it. It's not like system will burn in fire, it's potential security issue.


Maybe not even that; where are all the stories about victims of these exploits? Supposedly servers were at high risk to be hacked and taken control of without any way to detect it. Surely some detection method has been found by now, or at least evidence of outside control/ stolen data.  Hard to believe that no black hats have tried these, in 6 months.  Remember at the very beginning in January, when lots of people called Spectre/Meltdown fake news?  Have we all been scammed?  Motherboard and OS vendors spent a ton of money on updates, and millions of people have had to deal with worrying about this, and for what?


----------



## RejZoR (Jul 1, 2018)

Yeah, well, when you're doing banking and stuff, I wouldn't leave it at any kind of risk. If it's known and there are fixes for it, I see absolutely no reason not to fix it. Or do you want to see a news in next few months how millions of systems were compromised using this very attack vector?


----------



## Hood (Jul 1, 2018)

RejZoR said:


> Yeah, well, when you're doing banking and stuff, I wouldn't leave it at any kind of risk. If it's known and there are fixes for it, I see absolutely no reason not to fix it. Or do you want to see a news in next few months how millions of systems were compromised using this very attack vector?


I thought you just said you're not gonna risk using that dodgy beta BIOS.  Did I misunderstand you?  Anyway, I would always advise someone to patch it if available; I certainly patched mine, after waiting 5 months for it. But there are millions of un-patched systems for hackers to target, so we probably will hear more about before long.


----------



## RejZoR (Jul 1, 2018)

I said I'm not gonna risk it because documentation accompanying the BIOS file was only mentioning X99*S* Gaming 7 and I have X99*A* Gaming 7. I wasn't referring to the security content of the update. I later found out my board has dual BIOS so I gave it a try anyway since it would be an easy recovery. Turns out it's the correct BIOS, they just did a lousy job documenting the readme files...


----------



## er557 (Jul 1, 2018)

And yet I still maintain that no bios update is needed, only the supporting OS and the Microsoft microcode update, released outside of windows update and appropriate to the OS version. That microcode will be loaded on kernel load and then windows will recognize it and mitigate the vulnerability, even if bios is not updated. I firmly believe you DONT need motherboard manufacturer bios update, although if present, will load the microcode on post- also fine for the OS to detect. I specifically REMOVED the microcode that mitigates spectre from the bios file for other reasons, and used the updated bios for stability only, and still I am mitigated because I have the Microsoft KB update, and the microcode loads on OS kernel boot.


----------



## RejZoR (Sep 14, 2018)

I'm not sure yet, but I've downgraded back to old version. I've been having bizarre system reboots during gaming (locks up and reboots without any BSOD or error) and all sorts of stupid BSOD's for just random things for ages now and after trying everything else I remembered I've updated BIOS with this thing. I hope it's this crap because I'm getting really desperate now...


----------



## Candor (Sep 14, 2018)

I had the same experience on my ROG Strix X99 Gaming motherboard. Latest "beta" bios with microcode updates made my system extremely unstable. Blue screens of all sorts, memory slots became fussy which ones I used, even USB ports were behaving weird. I was losing my mind until I found a post describing my issues. Flashed back to previous bios and everything is rock solid.

Microsoft update (KB4100347) installed today and Inspectre reports everything is patched up without a bios update.


----------



## RejZoR (Sep 14, 2018)

For me, Spectre one again shows as unprotected. Heh. Might install the software update...


----------



## StrayKAT (Sep 14, 2018)

My board finally got an update today (it's Supermicro btw.. I just wanted to chime in since it's a small-ish company). I guess I'm protected, since InSpectre says I am. I didn't check what it was before though. I hope I don't get these performance issues some of you do. edit: Ah, wait, I see this is more of an issue with older chips.


----------

