In early 2018, security researchers discovered several security vulnerabilities affecting all processors: Meltdown and Spectre. These vulnerabilities allow speculative execution side-channel attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). While Meltdown was resolved with an OS patch, Spectre required a microcode update.
Since the microcode is stored and automatically loaded by the BIOS/UEFI, motherboard manufacturers required to issue an update. However, manufacturers normally release firmware updates only for their newest products. Plenty of motherboards still remain vulnerable until this very day.
Intel Microcode Boot Loader is a workaround for the microcode problem on Intel-based motherboards. It updates the microcode every time the system is booted. Based on Intel BIOS Implementation Test Suite (BITS), users no longer need to modify BIOS/UEFI ROMs to stay protected from security vulnerabilities, bugs and erratas.
This solution requires permanently plugged USB flash drive with at least 25MB (or similar device) and BIOS/UEFI supporting boot from USB devices. Alternatively, advanced users can install it to a local drive on top of the System Reserved partition (see localdrive.txt for instructions).
Instructions: 1. Format a USB flash drive with FAT32 filesystem. 2. Extract the archive to the USB flash drive and run install.exe to make it bootable. 3. Enter the BIOS/UEFI, assign the USB flash drive as the 1st boot device and enable legacy boot mode. 4. The boot loader will regularly update the microcode and load the OS.
Notes: * This release includes the latest ucodes for 392 Intel CPUs produced from 1996 to 2018. * The ucodes are stored in the \boot\mcudb folder if you wish to update in the future. * If you get 'Ucode not found' warning during installation, or plan to deploy on another PC, look for the correct ucode (by CPUID) in \boot\mcudb and copy it to \boot\mcu.