Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread
Standard User flippery
(experienced) Wed 03-Jan-18 18:35:00
Print Post

X86-64 Intel Security Issue


[link to this post]
 
From Daily Fail.

http://www.dailymail.co.uk/sciencetech/article-52320...

Anyone know anything about it?
Standard User micksharpe
(legend) Wed 03-Jan-18 19:16:12
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
It's a cache coherency problem, I think. It's been known about for ages. Applications can access data from other processes in the processor's cache. You don't even need elevated privileges to do it. I can't remember if you need to be running on the same core as the previous process. I've no idea what the workaround is, but I'm guessing that Windows will have to clear the cache before it switches processes. This will also flush data that is not stale from the cache. Linux will also have to do it. The statement that Intel have just released the information is laughable. Basically, allocate a block of memory but don't initialise it. Then read it and see what you get. Simples. "Look inside", as Intel says. Maybe the kernel will have to clear all allocated memory. That would explain the 30% overhead.

'Sir, please,' she said ... 'Will you not share your wisdom with us?'
'I have no wisdom,' he told her.
'Your experiences, then?'
'They have been trivial, uninteresting, and full of error.'
Iain M. Banks -- Feersum Endjinn

Edited by micksharpe (Wed 03-Jan-18 19:25:58)

Standard User billford
(elder) Wed 03-Jan-18 19:27:46
Print Post

Re: X86-64 Intel Security Issue


[re: micksharpe] [link to this post]
 
The Mail article links to another in El Reg which gives more information.

I don't think it's the same bug that you're referring to.


edit- plenty more references available with a quick google.

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6

Edited by billford (Wed 03-Jan-18 19:28:46)


Register (or login) on our website and you will not see this ad.

Standard User flippery
(experienced) Wed 03-Jan-18 19:49:31
Print Post

Re: X86-64 Intel Security Issue


[re: billford] [link to this post]
 
Thanks

Looks like my old t5870 core2duo will need to be retired if speed reduction is 50%.
Standard User robertcrowther
(member) Wed 03-Jan-18 19:59:09
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
In reply to a post by flippery:
Thanks

Looks like my old t5870 core2duo will need to be retired if speed reduction is 50%.


The Microsoft insiders have been testing this patch for over 3 months and nobody has reported any speed reductions
Standard User billford
(elder) Wed 03-Jan-18 20:01:32
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
In reply to a post by flippery:
Looks like my old t5870 core2duo will need to be retired if speed reduction is 50%.
That 50% may be the usual Mail hysterics... figures in El Reg suggest more like 15-25%, and there's a comment that for a lot of uses (document processing, browsing etc) you might be pushed to see any difference. Even a slow processor is faster than you are tongue

I might be able to support that... the El Reg article update says that macOS has had the update since 10.13.2, which is what I'm running. It does seem a bit slower for some things (eg shifting images around the display, but that could be the new video system on old hardware) but no difference for "ordinary" use. I haven't tried anything that really hammers the system (like video encoding etc) since the update.

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6

Edited by billford (Wed 03-Jan-18 20:12:09)

Standard User billford
(elder) Wed 03-Jan-18 22:19:01
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
More... Intel say "It's not only us".

But AMD beg to differ crazy

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User Kenneth
(legend) Wed 03-Jan-18 23:05:10
Print Post

Re: X86-64 Intel Security Issue


[re: billford] [link to this post]
 
50% is coming from other sources - though may be AMD related which doesn't need the fix and possibly Linux related - thread on Reddit discussing it

Ken

Nostalgia is memory with the pain removed
Standard User ukhardy07
(knowledge is power) Wed 03-Jan-18 23:11:22
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
There are literally vulnerabilities discovered all of the time.
Most devices you use are not bang up-to date on patching and therefore vulnerable.

News articles such as this one make it seem like a rare thing.
Standard User billford
(elder) Wed 03-Jan-18 23:28:45
Print Post

Re: X86-64 Intel Security Issue


[re: Kenneth] [link to this post]
 
In reply to a post by Kenneth:
- thread on Reddit discussing it
Ta for that- an interesting read.

Seems like the 50% is an extreme case which, in effect, does little but highlight the slowdown by making continuous syscalls, whereas programs that also do something useful will suffer a lot less. Except maybe cloud VMs.

But it's sure not going to do Intel any good... patching an OS is one thing, how long does it take to get a new chip design into circulation, I wonder?

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User billford
(elder) Wed 03-Jan-18 23:31:10
Print Post

Re: X86-64 Intel Security Issue


[re: ukhardy07] [link to this post]
 
In reply to a post by ukhardy07:
News articles such as this one make it seem like a rare thing.
Bugs that let you access ring 0 data from ring 3 are.

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User NICK_ADSL_UK
(fountain of knowledge) Wed 03-Jan-18 23:32:06
Print Post

Re: X86-64 Intel Security Issue


[re: billford] [link to this post]
 
this has just been released by the bbc Major flaw in millions of Intel chips revealed http://www.bbc.co.uk/news/technology-42553818

Wilders Security Admin
Microsoft MVP - Windows Insider


For the latest in virus software signatures
From the Security specialists
Wilders security

Keep Your Security /Software Current
Upgrades, Updates & Definitions
Major Geeks

Microsoft Security Advisories
Twitter

Standard User NICK_ADSL_UK
(fountain of knowledge) Wed 03-Jan-18 23:36:29
Print Post

Re: X86-64 Intel Security Issue


[re: NICK_ADSL_UK] [link to this post]
 
In reply to a post by NICK_ADSL_UK:
this has just been released by the bbc Major flaw in millions of Intel chips revealed http://www.bbc.co.uk/news/technology-42553818



my advice is to not update any patch with regards this flaw until such time it has been deemed safe to do so otherwise your system could become very sluggish or fail to boot

Wilders Security Admin
Microsoft MVP - Windows Insider


For the latest in virus software signatures
From the Security specialists
Wilders security

Keep Your Security /Software Current
Upgrades, Updates & Definitions
Major Geeks

Microsoft Security Advisories
Twitter

Standard User billford
(elder) Wed 03-Jan-18 23:47:28
Print Post

Re: X86-64 Intel Security Issue


[re: NICK_ADSL_UK] [link to this post]
 
In reply to a post by NICK_ADSL_UK:
this has just been released by the bbc
Thanks, but with all due respect- on this sort of material there are sources who I'd rather trust than Auntie Beeb tongue

But it should make the vulnerability more widely known, which overall is probably a good thing (although Intel might differ!) as it will scare more people into installing the latest updates.

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6

Edited by billford (Thu 04-Jan-18 00:29:32)

Standard User billford
(elder) Wed 03-Jan-18 23:53:04
Print Post

Re: X86-64 Intel Security Issue


[re: NICK_ADSL_UK] [link to this post]
 
In reply to a post by NICK_ADSL_UK:
my advice is to not update any patch with regards this flaw until such time it has been deemed safe to do so otherwise your system could become very sluggish or fail to boot
If El Reg is to be believed, Apple have already incorporated it into macOS 10.13.2, which was released some weeks ago and which I'm running. It does seem a bit slower in some areas, that may also be due to a new video subsystem, but nothing noticeable (in normal use) otherwise.

I haven't tried really hammering the system yet, and I can't speak for Windows machines- haven't got any tongue

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 01:57:00
Print Post

Re: X86-64 Intel Security Issue


[re: billford] [link to this post]
 
MS has released a patch today and my machine (W10) is now automatically downloading it so looks like I am an early tester.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User billford
(elder) Thu 04-Jan-18 02:01:48
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
In reply to a post by Banger:
so looks like I am an early tester.
At least you know about it, when Apple released their patch I was an unknowing tester crazy

But that's Apple for you [shrug]

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 02:38:44
Print Post

Re: X86-64 Intel Security Issue


[re: billford] [link to this post]
 
UserBenchmarks: Game 12%, Desk 31%, Work 18%
CPU: Intel Core2 Duo E8400 - 24.5%
GPU: Nvidia GeForce GT 610 - 2.3%
SSD: Crucial MX200 500GB - 38.8%
HDD: Seagate Barracuda 7200.12 500GB - 59.4%
HDD: Hitachi HDS721050CLA362 500GB - 60.6%
HDD: Seagate ST380011A 80GB - 25.3%
RAM: Unknown 4x2GB - 19.2%
MBD: MSI MS-7360

So I have installed the Cumulative Update on my Win 10 Pro 64 bit system and after I run the above benchmark. Before the patch the Desk was 28% and Work 17% although my system has been up a few days it seems faster after the reboot. I am assuming this is the CPU patch but checking on my 32 bit system Win 10 Pro no updates are available.

Can anyone confirm I have the patch on my 64 bit system?

Edit: Just been on to Windows Support Chat and the agent gave me a link, https://support.microsoft.com/en-us/help/4056892/win... which looking down the list the 7th item includes Kernel Security Update. So looks like I have the patch for my 64 bit system and waiting for 32 bit system but it seems faster!

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM

Edited by Banger (Thu 04-Jan-18 03:01:35)

Standard User kitfit1
(newbie) Thu 04-Jan-18 03:05:55
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
In reply to a post by Banger:
UserBenchmarks: Game 12%, Desk 31%, Work 18%
CPU: Intel Core2 Duo E8400 - 24.5%
GPU: Nvidia GeForce GT 610 - 2.3%
SSD: Crucial MX200 500GB - 38.8%
HDD: Seagate Barracuda 7200.12 500GB - 59.4%
HDD: Hitachi HDS721050CLA362 500GB - 60.6%
HDD: Seagate ST380011A 80GB - 25.3%
RAM: Unknown 4x2GB - 19.2%
MBD: MSI MS-7360

So I have installed the Cumulative Update on my Win 10 Pro 64 bit system and after I run the above benchmark. Before the patch the Desk was 28% and Work 17% although my system has been up a few days it seems faster after the reboot. I am assuming this is the CPU patch but checking on my 32 bit system Win 10 Pro no updates are available.

Can anyone confirm I have the patch on my 64 bit system?


If your update is cumulative it will not have the CPU patch on it yet until next Tuesday. At the moment the patch is only available as a stand alone download for those that want it now. It will be moved to the normal Windows update next Tuesday as part of the normal "Patch Tuesday" updates.
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 03:09:21
Print Post

Re: X86-64 Intel Security Issue


[re: kitfit1] [link to this post]
 
In reply to a post by kitfit1:
In reply to a post by Banger:
UserBenchmarks: Game 12%, Desk 31%, Work 18%
CPU: Intel Core2 Duo E8400 - 24.5%
GPU: Nvidia GeForce GT 610 - 2.3%
SSD: Crucial MX200 500GB - 38.8%
HDD: Seagate Barracuda 7200.12 500GB - 59.4%
HDD: Hitachi HDS721050CLA362 500GB - 60.6%
HDD: Seagate ST380011A 80GB - 25.3%
RAM: Unknown 4x2GB - 19.2%
MBD: MSI MS-7360

So I have installed the Cumulative Update on my Win 10 Pro 64 bit system and after I run the above benchmark. Before the patch the Desk was 28% and Work 17% although my system has been up a few days it seems faster after the reboot. I am assuming this is the CPU patch but checking on my 32 bit system Win 10 Pro no updates are available.

Can anyone confirm I have the patch on my 64 bit system?


If your update is cumulative it will not have the CPU patch on it yet until next Tuesday. At the moment the patch is only available as a stand alone download for those that want it now. It will be moved to the normal Windows update next Tuesday as part of the normal "Patch Tuesday" updates.


Got a link to the patch?

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 03:16:18
Print Post

Re: X86-64 Intel Security Issue


[re: kitfit1] [link to this post]
 
In reply to a post by kitfit1:
In reply to a post by Banger:
UserBenchmarks: Game 12%, Desk 31%, Work 18%
CPU: Intel Core2 Duo E8400 - 24.5%
GPU: Nvidia GeForce GT 610 - 2.3%
SSD: Crucial MX200 500GB - 38.8%
HDD: Seagate Barracuda 7200.12 500GB - 59.4%
HDD: Hitachi HDS721050CLA362 500GB - 60.6%
HDD: Seagate ST380011A 80GB - 25.3%
RAM: Unknown 4x2GB - 19.2%
MBD: MSI MS-7360

So I have installed the Cumulative Update on my Win 10 Pro 64 bit system and after I run the above benchmark. Before the patch the Desk was 28% and Work 17% although my system has been up a few days it seems faster after the reboot. I am assuming this is the CPU patch but checking on my 32 bit system Win 10 Pro no updates are available.

Can anyone confirm I have the patch on my 64 bit system?


If your update is cumulative it will not have the CPU patch on it yet until next Tuesday. At the moment the patch is only available as a stand alone download for those that want it now. It will be moved to the normal Windows update next Tuesday as part of the normal "Patch Tuesday" updates.


This link from the Verge https://www.theverge.com/2018/1/3/16846784/microsoft... indicates the patch has been released at 5PM ET.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 04:09:02
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
http://www.catalog.update.microsoft.com/Search.aspx?...

Win 10 Patch use at own risk but so far no slow down noticed.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User hypertony
(experienced) Thu 04-Jan-18 09:54:44
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
Additional details from Microsoft - seems that you will not get the patch if you don't have a specific registry key set (i.e. no AV installed)

https://support.microsoft.com/en-us/help/4072699/imp...

- Tony Sutton
- Check out my Ford Focus ST170 site | View my Car's Dashcam Videos
Standard User ian72
(eat-sleep-adslguide) Thu 04-Jan-18 10:00:21
Print Post

Re: X86-64 Intel Security Issue


[re: hypertony] [link to this post]
 
Not sure I read that the same way - essentially you won't get it if you are running unsupported AV that is known to cause blue screens. If you are running supported AV or no AV then the patch should install.
Standard User robertcrowther
(member) Thu 04-Jan-18 10:33:24
Print Post

Re: X86-64 Intel Security Issue


[re: ian72] [link to this post]
 
In reply to a post by ian72:
Not sure I read that the same way - essentially you won't get it if you are running unsupported AV that is known to cause blue screens. If you are running supported AV or no AV then the patch should install.


Indeed correct
Standard User RobertoS
(elder) Thu 04-Jan-18 13:57:38
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
In reply to a post by Banger:
So I have installed the Cumulative Update on my Win 10 Pro 64 bit system and after I run the above benchmark. Before the patch the Desk was 28% and Work 17% although my system has been up a few days it seems faster after the reboot. I am assuming this is the CPU patch but checking on my 32 bit system Win 10 Pro no updates are available
Presumably there won't be a relevant Windows update for 32-bit systems if the problem is only (as reported) with the 64-bit Intel chips.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 74145/13476Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User ian72
(eat-sleep-adslguide) Thu 04-Jan-18 14:17:35
Print Post

Re: X86-64 Intel Security Issue


[re: RobertoS] [link to this post]
 
Haven't seen anything clear yet that states whether it is a flaw in 64-bit chips running in 32 bit or 64 bit mode or a 64 bit mode flaw. There is a difference - running a 32bit OS on a 64bit chip may still see the issue if the defining factor is the chip architecture.

There still seems to be a lot of guesswork in the press and nothing truly concrete and I suspect it will be a few more weeks before the patching requirements become fully clear.

EDIT : Actually Banger's post does appear to answer that question. One of the downloads from the link Banger provided is for the 32bit version of Win 10 - so it would seem both 32bit and 64bit OSs are impacted.

Edited by ian72 (Thu 04-Jan-18 14:21:44)

Standard User mpellatt
(member) Thu 04-Jan-18 14:49:25
Print Post

Re: X86-64 Intel Security Issue


[re: ian72] [link to this post]
 
In reply to a post by ian72:
There still seems to be a lot of guesswork in the press and nothing truly concrete and I suspect it will be a few more weeks before the patching requirements become fully clear.

The speculation will doubtless rumble on for ages.

Here is the definitive blog post.

Here's a useful set of well-informed thoughts, too.

Also, ignore all the guff doing the rounds about people disclosing early. That's not what happened. Hint: If you read patches, you can deduce what they're there for...

It absolutely is serious. Why else would AWS be rebooting everyone's instances ?

Edited by mpellatt (Thu 04-Jan-18 14:53:15)

Standard User camieabz
(sensei) Thu 04-Jan-18 15:37:55
Print Post

Re: X86-64 Intel Security Issue


[re: mpellatt] [link to this post]
 
It's a funny old world. Looking at the past 10+ years of IT attitude changes...MS pretty much forces folk to buy a new license with every new PC, short of paying big bucks for a retail version. Then they add in the short-term support policy for Win 10 updates, forcing users to update (or indeed forcing updates on them).

It all amounts to a very messy situation, and now with this 'new problem', which has interesting issues:

- potential security weaknesses - businesses, users with sensitive data (everyone but kids basically)

- speed issues - mission critical system users, gamers (kids)

Which neatly boxes the entire user base into a mindset of their hardware being [censored] (one comment already mentioned retiring a CPU).

The cynic in me think this is a ploy to reboot (free of charge gag) the IT industry. It may indeed be a legit flaw, but the consumer reactions will delight Intel, AMD and MS (and all the other little hardware and software companies, support industries etc.).

Y2K anyone? https://www.statista.com/graphic/1/266973/global-sem...

In reply to a post by mpellatt:
Why else would AWS be rebooting everyone's instances ?


Again, the cynic in me does wonder. Since Amazon bought Twitch, the ads there have gone crazy. When I used to 'publish to Twitter' from a blog, the Amazon AWS caller (I forget the correct term) hammered the blog, and basically made the first couple of minutes unworkable.

Maybe Amazon hopes to have future hardware ROM-programmed to prevent ad blockers? grin
Standard User Banger
(eat-sleep-adslguide) Thu 04-Jan-18 19:28:20
Print Post

Re: X86-64 Intel Security Issue


[re: ian72] [link to this post]
 
In reply to a post by ian72:
Haven't seen anything clear yet that states whether it is a flaw in 64-bit chips running in 32 bit or 64 bit mode or a 64 bit mode flaw. There is a difference - running a 32bit OS on a 64bit chip may still see the issue if the defining factor is the chip architecture.

There still seems to be a lot of guesswork in the press and nothing truly concrete and I suspect it will be a few more weeks before the patching requirements become fully clear.

EDIT : Actually Banger's post does appear to answer that question. One of the downloads from the link Banger provided is for the 32bit version of Win 10 - so it would seem both 32bit and 64bit OSs are impacted.


Yes impatient as I am I downloaded the x86 patch and installed it on my 32 bit system so yes its just the way the patch is being rolled out.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User Banger
(eat-sleep-adslguide) Sat 06-Jan-18 07:28:58
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
There is a MS Powershell script to test each machine and I have tested my two machines with the patches. One Core 2 Duo recommends a firmware/Bios update and the other says the Windows patch has not been applied. That is a Dual Pentium CPU but it getting BIOS updates for these boards will be out of the question. So how to protect two ancient machines with no microcode updates?

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User Kenneth
(legend) Sat 06-Jan-18 11:06:27
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it

Ken

Nostalgia is memory with the pain removed
Standard User flippery
(experienced) Tue 09-Jan-18 18:39:53
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.
Standard User robertcrowther
(member) Tue 09-Jan-18 19:27:42
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
In reply to a post by flippery:
It is being said
Microsaoft have stopped Meltdown and Spectre Patches to AMD processors. Microsoft have had omplaints that the AMD imachines are being bricked. Microsoft are talking with AMD to resolve the problem that some processors are not working as per specs.


Not true. Microsoft has paused the updates to computers using AMD processors because AMD did not reveal the full details that Microsoft needed to write a compatible patch. I guess that's what happens when a company denies that their product has a problem (until forced to).
Standard User IanBB
(committed) Tue 09-Jan-18 20:46:41
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
That makes sense as a recent Windows Insiders build wouldn't install on an AMD based system.

Build 17063 installs on the same machine.
Standard User bobble_bob
(knowledge is power) Tue 09-Jan-18 21:07:35
Print Post

Re: X86-64 Intel Security Issue


[re: flippery] [link to this post]
 
Installed on my AMD machine at the weekend no probs
Standard User Banger
(eat-sleep-adslguide) Tue 09-Jan-18 23:05:39
Print Post

Re: X86-64 Intel Security Issue


[re: bobble_bob] [link to this post]
 
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Tue 09-Jan-18 23:45:29
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
In reply to a post by Banger:
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.


There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.
Standard User Banger
(eat-sleep-adslguide) Tue 09-Jan-18 23:53:42
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
In reply to a post by robertcrowther:
In reply to a post by Banger:
I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.


There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).

Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.


I would like to believe that but I don't because MS has produced a PS script to test your machine to see if it has been protected. Here is the results of my main machine.

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False

As you can see from the script for branch target injection the patch is not enabled due to no hardware support which means a BIOS update for me which on a 2008 motherboard is going to be unlikely.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 00:05:00
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
Maybe the instructions on how to read the results are not clear enough, but the test results for you actually read that you are software protected, but need a bios update to enable the hardware protection (read my previous post about the software/hardware patch explanation).

Hence why it says "Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation" as the "ONLY" suggestion.
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 00:16:56
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
We could argue all night about this but the key line to note is

Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Which says it all.

https://www.tenforums.com/windows-10-news/102025-pro...

From the link above

You will need to update both your hardware and your software to address this vulnerability. This includes firmware updates from device manufacturers and, in some cases, updates to your antivirus software as well.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 00:31:57
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
The part that you didn't undertstand is "You will need to update both your hardware and your software to address this vulnerability"

It does not mean that you are unprotected unless you have a bios update, it just means that it won't be fully sorted out until you do. There is a big difference and something that you didn't undersand in your orginal comment and by the looks of it still doesn't. If you still don't understand my I sugest you go and study the information that is on Microsoft's website and also on Intel's, as they give the proper information rather than just reading what a mis-informed person has written on another forum.

I have seen people trying to solve this by following instructions on youtube videos, but the videos tell them to install the wrong patches and then they wonder why they are still unprotected when running the script.
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 01:01:45
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
From Microsoft

https://support.microsoft.com/en-us/help/4073119/pro...

The output of this PowerShell script will resemble the following. Enabled protections appear in the output as “True.”

The output of my script for both software and hardware is False therefore I am not protected.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 01:10:04
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
#BangsHeadOnBrickWall

You still have not got it, have you?

try reading this https://www.theregister.co.uk/2018/01/09/meltdown_pa...

If the patch wasn't enable, then there would be no problems with AMD chips or Antivirus software would there?

Also read this: https://www.theregister.co.uk/2018/01/09/meltdown_sp...

On that link read the section regarding PCID

Also on a side note, the example shown in the link you provided is when both the bios patch and the software patch has been applied (which is why your results are different)

#SendsYouBackToSchool

Edited by robertcrowther (Wed 10-Jan-18 01:57:17)

Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 02:36:49
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
I have read the article which mainly features the AV complications of the patch. The MS script I ran says patch isn't enabled due to lack of hardware support. My hardware vendor says my hardware from 2008 is not vulnerable to meltdown and spectre.

I have been on to live MS Answer desk which concurs with my reading of the MS script and I should get a hardware BIOS update. I am not sure if Core 2 Duo E8400 is susceptible to meltdown or spectre. One company MS says needs hardware update, MSI the hardware vendor say it isn't vulnerable.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User robertcrowther
(member) Wed 10-Jan-18 07:17:11
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
The patch is enabled, but as I said and keep saying the patch can't fully do it's job (does not mean you are not protected) until a bios update has been applied.

Because you don't seem to understand this fact it's difficult for you to try and explain the situation to technical advisors (which is why you are getting conflicting information from them).

Getting a motherboard manufacturer to compile a new bios maybe difficult when the product is 10 years old normally, but in this case a lot of them are doing so as they are worried about law suites and being sued. A few of my old machines have now got bios updates where they havent released an uodate for the last 5 to 7 years.
Standard User Banger
(eat-sleep-adslguide) Wed 10-Jan-18 22:49:32
Print Post

Re: X86-64 Intel Security Issue


[re: robertcrowther] [link to this post]
 
Well I hope you are right. I have been researching the script last night and from what I can gather it means I am protected in software against Meltdown but there is still a question mark over spectre which may require a BIOS update. I don't know how you can be partially protected when the script says spectre OS support isn't enabled. Its a binary thing.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User bobble_bob
(knowledge is power) Thu 11-Jan-18 09:20:55
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
From what ive read this isnt a security issue for home users. Its not an easy exploit and unlikely anyone would attack 1 home user. Its more of a threat for large businesses
Standard User Banger
(eat-sleep-adslguide) Fri 12-Jan-18 02:18:39
Print Post

Re: X86-64 Intel Security Issue


[re: bobble_bob] [link to this post]
 
I have read a Javascript proof of concept has been released which is a very easy vector to affect a home user if added to an advert which can read sensitive RAM.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Speed Test

Current Sync: 79993/19661

BQM
Standard User broadband66
(fountain of knowledge) Fri 12-Jan-18 16:50:27
Print Post

Re: X86-64 Intel Security Issue


[re: Banger] [link to this post]
 
Could go grey worrying about all the possible attacks that could happen. smile

Was Eclipse Home Option 1, VM 2Mb & O2 Standard
Now Utility Warehouse (up to 16mbps) via Talk Talk
Standard User Pipexer
(eat-sleep-adslguide) Sun 14-Jan-18 13:15:47
Print Post

Re: X86-64 Intel Security Issue


[re: bobble_bob] [link to this post]
 
In reply to a post by bobble_bob:
From what ive read this isnt a security issue for home users. Its not an easy exploit and unlikely anyone would attack 1 home user. Its more of a threat for large businesses

This ^ I am not worrying.

ZeN Fibre Unlimited 2
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread

Jump to