Best Practices

Insight and guidance on security practices from Intel software security experts

Applied Filters

Description of how the IA32_MCU_OPT_CTRL MSR affects the behavior of the RDRAND and RDSEED instructions to mitigate special register buffer data sampling

How to apply security principles and industry best practices to help protect your code and systems from potential transient execution attacks

Learn how transient execution attacks work, how to assess your systems’ risk, what mitigations and configuration options are available, and what options are appropriate for different environments

Microcode Update Guidance

Details, instructions, and debugging information for system administrators applying microcode updates to Intel® processors

Methodology and description of Intel's mitigation approach for Load Value Injection in LLVM/clang using LFENCE instructions

Overview of security features and technologies in Intel® processors that can be used to help mitigate transient execution attacks

Refined definitions and descriptions of transient execution attacks, such as Spectre and Meltdown, to more accurately classify speculative execution security vulnerabilities

Mitigation Strategies for JCC Microcode

How to monitor and recover from performance impacts related to the JCC erratum fixed in the November 2019 microcode update

Guidance for Enabling FSGSBASE

How to safely enable the FSGSBASE feature in experimental OS implementations

Watch a video about how Intel has changed its organizations and industry engagements in response to transient execution attacks

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at


Features and benefits in Intel® technologies depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at


Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.

Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.