Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | (show all)   Print Thread
Standard User Banger
(eat-sleep-adslguide) Sat 06-Jan-18 07:28:58
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
There is a MS Powershell script to test each machine and I have tested my two machines with the patches. One Core 2 Duo recommends a firmware/Bios update and the other says the Windows patch has not been applied. That is a Dual Pentium CPU but it getting BIOS updates for these boards will be out of the question. So how to protect two ancient machines with no microcode updates?

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User Kenneth
(legend) Sat 06-Jan-18 11:06:27
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it

Ken

Nostalgia is memory with the pain removed
Standard User flippery
(experienced) Tue 09-Jan-18 18:39:53
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.


Register (or login) on our website and you will not see this ad.

Standard User robertcrowther
(member) Tue 09-Jan-18 19:27:42
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
In reply to a post by flippery:
It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.


Not true. Microsoft has paused the updates to computers using AMD processors because AMD did not reveal the full details that Microsoft needed to write a compatible patch. I guess that's what happens when a company denies that their product has a problem (until forced to).
Standard User IanBB
(committed) Tue 09-Jan-18 20:46:41
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
That makes sense as a recent Windows Insiders build wouldn't install on an AMD based system.

Build 17063 installs on the same machine.
Standard User bobble_bob
(knowledge is power) Tue 09-Jan-18 21:07:35
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
Installed on my AMD machine at the weekend no probs
Standard User Banger
(eat-sleep-adslguide) Tue 09-Jan-18 23:05:39
Print Post

Re: X86-64 Intel Security Issue


[re: bobble_bob] [link to this post]
 
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Tue 09-Jan-18 23:45:29
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
In reply to a post by Banger:
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.


There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.
Standard User Banger
(eat-sleep-adslguide) Tue 09-Jan-18 23:53:42
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
In reply to a post by robertcrowther:
In reply to a post by Banger:
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.


There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.


I would like to believe that but I don't because MS has produced a PS script to test your machine to see if it has been protected. Here is the results of my main machine.

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False

As you can see from the script for branch target injection the patch is not enabled due to no hardware support which means a BIOS update for me which on a 2008 motherboard is going to be unlikely.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 00:05:00
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
Maybe the instructions on how to read the results are not clear enough, but the test results for you actually read that you are software protected, but need a bios update to enable the hardware protection (read my previous post about the software/hardware patch explanation).

Hence why it says "Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation" as the "ONLY" suggestion.
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | (show all)   Print Thread

Jump to