diff --git a/.gitignore b/.gitignore
index 3a2ce50..ccaec8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/06-2d-07
-SOURCES/microcode-20190918.tar.gz
+SOURCES/microcode-20191112.pre.tar.gz
 SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index f237f59..30eec48 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -1,3 +1,3 @@
 bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
-bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
+7f4a43a1e7d06c7d67e602b43009fa7a39e6d102 SOURCES/microcode-20191112.pre.tar.gz
 3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
index c14fcb9..8dc327a 100755
--- a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
+++ b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
@@ -43,7 +43,8 @@ install() {
 		dinfo "    microcode_ctl: reset fw_dir to \"${fw_dir}\""
 	}
 
-	while read -d "/" -r i; do
+	fw_dir_add=""
+	while read -d $'\n' -r i; do
 		dinfo "    microcode_ctl: processing data directory " \
 		      "\"$DATA_DIR/$i\"..."
 
@@ -143,8 +144,12 @@ install() {
 		dinfo "      microcode_ctl: $i: caveats check for kernel" \
 		      "version \"$kernel\" passed, adding" \
 		      "\"$DATA_DIR/$i\" to fw_dir variable"
-		fw_dir="$DATA_DIR/$i $fw_dir"
 
+		if [ 0 -eq "$do_skip_host_only" ]; then
+			fw_dir_add="$DATA_DIR/$i "
+		else
+			fw_dir_add="$DATA_DIR/$i $fw_dir_add"
+		fi
 	# The list of directories is reverse-sorted in order to preserve the
 	# "last wins" policy in case of presence of multiple microcode
 	# revisions.
@@ -153,11 +158,20 @@ install() {
 	# but since the microcode search is done with the "first wins" policy
 	# by the (early) microcode loading code, the correct microcode revision
 	# still has to be picked.
+	#
+	# Note that dracut without patch [1] puts only the last directory
+	# in the early cpio; we try to address this by putting only the last
+	# matching caveat in the search path, but that workaround works only
+	# for host-only mode; non-host-only mode early cpio generation is still
+	# broken without that patch.
+	#
+	# [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b
 	done <<-EOF
-	$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \
-		| sort -r)
+	$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \
+		| LC_ALL=C sort)
 	EOF
 
+	fw_dir="${fw_dir_add}${fw_dir}"
 	dinfo "    microcode_ctl: final fw_dir: \"${fw_dir}\""
 }
 
diff --git a/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch
deleted file mode 100644
index 392e4f9..0000000
--- a/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: microcode_ctl-2.1-18/Makefile
-===================================================================
---- microcode_ctl-2.1-18.orig/Makefile	2018-07-24 09:15:12.463115045 +0200
-+++ microcode_ctl-2.1-18/Makefile	2018-08-09 06:18:45.524503945 +0200
-@@ -8,7 +8,7 @@
- # 2 of the License, or (at your option) any later version.
- 
- PROGRAM         = intel-microcode2ucode
--MICROCODE_INTEL = microcode-20180703.tgz
-+MICROCODE_INTEL = microcode-20190918.tar.gz
- 
- INS             = install
- CC              = gcc
diff --git a/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch
new file mode 100644
index 0000000..0abecf8
--- /dev/null
+++ b/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch
@@ -0,0 +1,13 @@
+Index: microcode_ctl-2.1-18/Makefile
+===================================================================
+--- microcode_ctl-2.1-18.orig/Makefile	2018-07-24 09:15:12.463115045 +0200
++++ microcode_ctl-2.1-18/Makefile	2018-08-09 06:18:45.524503945 +0200
+@@ -8,7 +8,7 @@
+ # 2 of the License, or (at your option) any later version.
+ 
+ PROGRAM         = intel-microcode2ucode
+-MICROCODE_INTEL = microcode-20180703.tgz
++MICROCODE_INTEL = microcode-20191112.pre.tar.gz
+ 
+ INS             = install
+ CC              = gcc
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 60f13f7..8e8f528 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,5 +1,5 @@
 %define upstream_version 2.1-18
-%define intel_ucode_version 20190918
+%define intel_ucode_version 20191112
 %define intel_ucode_file_id 28727
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -22,13 +22,13 @@
 Summary:        Tool to transform and deploy CPU microcode update for x86.
 Name:           microcode_ctl
 Version:        2.1
-Release:        53.2%{?dist}
+Release:        53.3%{?dist}
 Epoch:          2
 Group:          System Environment/Base
 License:        GPLv2+ and Redistributable, no modification permitted
 URL:            https://pagure.io/microcode_ctl
 Source0:        https://releases.pagure.org/microcode_ctl/%{name}-%{upstream_version}.tar.xz
-Source1:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
+Source1:        microcode-%{intel_ucode_version}.pre.tar.gz
 # (Pre-MDS) revision 0x714 of 06-2d-07 microcode
 Source2:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
 
@@ -350,6 +350,35 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Thu Nov 07 2019 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-53.3
+- Intel CPU microcode update to 20191112, addresses CVE-2017-5715,
+  CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764050, #1764070, #1764949,
+  #1764969, #1764997, #1765401, #1765413, #1766438, #1766870, #1769889):
+  - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6;
+  - Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a;
+  - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150;
+  - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46;
+  - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4;
+  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc
+    to 0xd4
+  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6;
+  - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6;
+  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4
+    to 0xc6;
+  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6;
+  - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6;
+  - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6;
+  - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6;
+  - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6;
+  - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4
+    to 0xc6;
+  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4
+    to 0xc6;
+  - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6;
+  - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6.
+- Rework dracut hook to address dracut's early initramfs generation
+  behaviour.
+
 * Sun Oct 06 2019 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-53.2
 - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714
   by default.