Microsoft is now releasing Intel’s newly approved firmware updates through the Windows Update Catalog. The new patch, marked KB4090007, adds firmware coverage to Intel’s Skylake H/S/U/Y and U23e series processors running Windows 10 version 1709 (Fall’s Creator’s Update).
The new patch includes Intel’s latest microcode release for Spectre Variant 2 CVE-2017-5715 “Branch Target Injection” vulnerability. In a nutshell, branch target injection wipes the intended memory address of a indirect branch, forcing the CPU to retrieve the true address which takes a few hundred cycles. During this time, the CPU will speculatively execute instructions based on branch prediction.
Intel recently announced that it had distributed stable versions its microcode updates to all its OEM partners. The newest code encompasses all intel 6th, 7th, 8th generation CPUs. They will be either applied as custom firmware updates through device OEMs, or through the Windows Update Catalog as they slowly become available.
In order to install the patch, Microsoft requires that you have the latest version of your anti-virus software. Microsoft says that it’s been working closely working with anti-virus partners to improve compatibility, specifically by reducing unsupported memory calls into the Windows Kernel. This is understandable as the anti-virus itself can become the target of a Spectre attack. Your best bet is to go to your AV provider and see if it’s on the compatibility list.