Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | [5] | 6 | (show all)   Print Thread
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 00:16:56
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
We could argue all night about this but the key line to note is

Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Which says it all.

https://www.tenforums.com/windows-10-news/102025-pro...

From the link above

You will need to update both your hardware and your software to address this vulnerability. This includes firmware updates from device manufacturers and, in some cases, updates to your antivirus software as well.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 00:31:57
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
The part that you didn't undertstand is "You will need to update both your hardware and your software to address this vulnerability"

It does not mean that you are unprotected unless you have a bios update, it just means that it won't be fully sorted out until you do. There is a big difference and something that you didn't undersand in your orginal comment and by the looks of it still doesn't. If you still don't understand my I sugest you go and study the information that is on Microsoft's website and also on Intel's, as they give the proper information rather than just reading what a mis-informed person has written on another forum.

I have seen people trying to solve this by following instructions on youtube videos, but the videos tell them to install the wrong patches and then they wonder why they are still unprotected when running the script.
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 01:01:45
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
From Microsoft

https://support.microsoft.com/en-us/help/4073119/pro...

The output of this PowerShell script will resemble the following. Enabled protections appear in the output as “True.”

The output of my script for both software and hardware is False therefore I am not protected.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM


Register (or login) on our website and you will not see this ad.

Standard User robertcrowther
(member) Wed 10-Jan-18 01:10:04
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
#BangsHeadOnBrickWall

You still have not got it, have you?

try reading this https://www.theregister.co.uk/2018/01/09/meltdown_pa...

If the patch wasn't enable, then there would be no problems with AMD chips or Antivirus software would there?

Also read this: https://www.theregister.co.uk/2018/01/09/meltdown_sp...

On that link read the section regarding PCID

Also on a side note, the example shown in the link you provided is when both the bios patch and the software patch has been applied (which is why your results are different)

#SendsYouBackToSchool

Edited by robertcrowther (Wed 10-Jan-18 01:57:17)

Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 02:36:49
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
I have read the article which mainly features the AV complications of the patch. The MS script I ran says patch isn't enabled due to lack of hardware support. My hardware vendor says my hardware from 2008 is not vulnerable to meltdown and spectre.

I have been on to live MS Answer desk which concurs with my reading of the MS script and I should get a hardware BIOS update. I am not sure if Core 2 Duo E8400 is susceptible to meltdown or spectre. One company MS says needs hardware update, MSI the hardware vendor say it isn't vulnerable.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 07:17:11
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
The patch is enabled, but as I said and keep saying the patch can't fully do it's job (does not mean you are not protected) until a bios update has been applied.

Because you don't seem to understand this fact it's difficult for you to try and explain the situation to technical advisors (which is why you are getting conflicting information from them).

Getting a motherboard manufacturer to compile a new bios maybe difficult when the product is 10 years old normally, but in this case a lot of them are doing so as they are worried about law suites and being sued. A few of my old machines have now got bios updates where they havent released an uodate for the last 5 to 7 years.
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 22:49:32
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
Well I hope you are right. I have been researching the script last night and from what I can gather it means I am protected in software against Meltdown but there is still a question mark over spectre which may require a BIOS update. I don't know how you can be partially protected when the script says spectre OS support isn't enabled. Its a binary thing.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User bobble_bob
(knowledge is power) Thu 11-Jan-18 09:20:55
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
From what ive read this isnt a security issue for home users. Its not an easy exploit and unlikely anyone would attack 1 home user. Its more of a threat for large businesses
Standard User Banger
(eat-sleep-adslguide) Fri 12-Jan-18 02:18:39
Print Post

Re: X86-64 Intel Security Issue


[re: bobble_bob] [link to this post]
 
I have read a Javascript proof of concept has been released which is a very easy vector to affect a home user if added to an advert which can read sensitive RAM.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User broadband66
(fountain of knowledge) Fri 12-Jan-18 16:50:27
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
Could go grey worrying about all the possible attacks that could happen. smile

Was Eclipse Home Option 1, VM 2Mb & O2 Standard
Now Utility Warehouse (up to 16mbps) via Talk Talk
Pages in this thread: 1 | 2 | 3 | 4 | [5] | 6 | (show all)   Print Thread

Jump to