Protection against Spectre SSB can not be installed on some systems

McKnife
McKnife used Ask the Experts™
on
Hi experts.

For the processor series Intel Skylake and newer, there is a patch from Microsoft  for Win10 1803:
https://www.catalog.update.microsoft.com/search.aspx?q=4346084
(article: https://support.microsoft.com/en-us/help/4346084/kb4346084-intel-microcode-updates )

Why it may be, that it can be installed on various systems, while on other, identical systems (same CPU, Board, Firmware and OS build), the installation is denied saying
The update is not suitable for your computer.

?

I am out of ideas here. Could you observe the same?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Probably best to contact the motherboard manufacturer + pose your question.

If you're seeing the problem, likely many others are seeing the same problem + your motherboard company already has some sort of solution.

Also keep in mind, depending on when update came out + motherboards shipped, update may have already been installed.

Be sure you test to see if update has already been applied, before contacting your motherboard company.
Distinguished Expert 2018

Author

Commented:
Hi.

I could verify that it is a software problem: Booting windows2go (usb based test system), I could install that patch successfully.

There is a way to force installation using dism, but I would wait with that. Other updates install, so updating is not broken. I could make sure that it is not installed, yet and if installed, you get the message "this update is already installed", when executing the .msu file.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
If I had to figure this out, based on your comments, I'd contact the motherboard company.

Likely save a massive amount of time.
Distinguished Expert 2018

Author

Commented:
Read my last comment? It's not about the MoBo.
Distinguished Expert 2018
Commented:
Self-solved.

Cause found, and the solution is amazing:

Microsoft's own microcode update KB410347 (remedy for Specter BTI) is the cause. If this has already been installed before, the newer microcode update KB4346084 can often not even be installed; but in any case it loses the protective effect!
Swell Microsoft ... that was not mentioned anywhere. I will tell Microsoft.

Fortunately, on affected systems uninstalling kb4100347 is the solution to the problem - the protection against Specter BTI is preserved by KB4346084!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial