> Look at: > > https://t.co/6fT61xgtGH > > Get the latest microcode.dat file from here: > > https://t.co/zPwagbeJFY > > See how to update the microcode from the links at the bottom of this page: > > https://t.co/EOgclWdHCw > > An before anyone asks .. I have no idea why Red Hat chose this path, > they did. It doesn't matter if I (or anyone else) agrees with the > decision. It is what it is. > **I'm not blaming you.** But can I just clarify. We have to *manually* install the microcode update an EL7 in order to be protected against Spectre? EL6 as well? Presumably this is to remove RH from the loop and to stop people blaming them - i.e. this is between Intel and the customer, it's nothing to do with them. What about future microcode updates? They come out reasonably regularly (2 or 3 times a year) - are RH going to absolve themselves from all future updates because presumably the next update will also contain the Spectre fixes? So, before I re-invent the wheel, does anyone have automation scripts to do the microcode update? I don't relish the prospect of doing this manually on a couple of hundred machines. Is it reasonable to grab the microcode_ctl SRPM and create my own updated RPM to do it? P.