'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Yes, without the patch Secucheck can't query needed information. And: ("These tools do not check your CPU, they check your OS." #265)
So launching it in Windows XP will always fail (no patch is installed)

 

I agree. For anyone with an exploitable Intel CPU, this is what should be displayed. For AMD processors that are not exploitable via Meltdown, "Hardware requires kernel VA shadowing" will be displayed as "False" with no subordinate displays shown.

 

Here, another example of what an Intel system with an affected CPU still vulnerable to Spectre looks like via PowerShell (red)--my system will stay vulnerable to Spectre until Lenovo delivers the remaining patch(es). I'm not all that worried about it.

 

FWIW, I am aware of the existence of KB4058702, but it hasn't been offered or installed in my W10. As of yet, I haven't had any kind of issue after installing KB4056892 (done manually on the 4th of January). The last update of the same kind as KB4058702 installed silently in my computer, end of Nov 2017. I noticed the installation because I am always looking around, otherwise I would not have noticed it. The processor in my W10 is from Intel

Bo

 

My CPU is not on the list of exposed CPUs.
(Hoping that the reliability of the list is 100%).

- Normally also Specucheck not work with XP must be recompiled.
- Also SpeculationControl does not work with XP.

The tools are useless if your CPU is free from the problem.
And I agree with Stevens' response:

https://www.bleepingcomputer.com/fo...m-with-powershell-script-need-help/?p=4417683

It would take an Intel Test to verify the CPU.

First the test and then in the case after verification with the tools.

 

The affected CPU list from Intel does not seem to be complete:
https://twitter.com/never_released/status/950095136431755266

Thanks!

 

Poc Spectre
On the concept written by liba:

https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

 

I have Sandy-Bridge-era Pentium processor and unfortunately Intel is probably not updating microcode for this CPU. I obtained microcode dated "2017-11-17" from Intel page, but VMware driver tells me:
"No CPUs needed an update. Your system might not need this driver."

 

This can be run from the browser here: https://twitter.com/MichalPurzynski/status/949943285551788032 as previously posted.

 

Yes I agree with you - I don't think Intel would bother releasing a microcode update for this old line of CPUs. I ran a 2700K on my main computer until yesterday when I built an AMD rig with a FX-8300 and a Gigabyte 990FXA-UD3 R5 laying around. The rest of the components are taken from the old 2700 Rig. The Ubuntu OS on the old SSD from 2700K have no problem booting up and running normal on the new CPU and Motherboard, without the need for reinstalling. Typing from this new rig now.

I'll keep this AMD build for several years until the chip makers release a better CPU. I'll go with AMD again.

 

"Windows Meltdown-Spectre update: Now some AMD PC owners post crash reports

A number of AMD PC users say they can't boot after installing Microsoft's Windows 10 Meltdown-Spectre patch..."

http://www.zdnet.com/article/window...pc-owners-post-crash-reports/#ftag=RSSbaffb68

 

"Buggy Win7 Meltdown patch KB 4056894 throwing blue screens

AMD Athlon systems bear the brunt of the bugs, but other Windows machines get bit, too. There are a few possible fixes, none sure-fire..."

https://www.computerworld.com/artic...n-patch-kb-4056894-throwing-blue-screens.html

"Emergency Windows Meltdown patch locks some AMD PCs into endless loop

After installing the update users say their PCs are unable to boot and eventually get stuck in an endless loop, as they try to roll back to an earlier version of the OS..."

https://www.techrepublic.com/articl...me-amd-pcs-into-endless-loop/#ftag=RSS56d97e7

"Fix Windows 7 BSOD 0x000000c4 after installing KB4056894...

https://www.ghacks.net/2018/01/08/fix-windows-7-bsod-0x000000c4-after-installing-kb4056894/

 

@hawki As Theo said:
Handling of CPU bugs disclosure 'incredibly bad': OpenBSD's de Raadt

Note that Microsoft (and Apple) had have relatively long time to write patches compared to other OSes.

 

Wow! Same here except I been to lazy to install it. Let me know how it runs. At least, it has Win 10 support although I haven't seen any recent Gigabytes updates for it.

 

The new system has been running fine since yesterday
Only issue with this MB is the USB 2.0 ports are not working under Linux but all USB 3.0 ports are working fine. Under Windows 10 it appears everything works fine, including all the USB 2.0 ports (tested with a Windows PE live USB).
And yep, the most recent BIOS update is from April 2015..

 

FreeBSD were apparently told end-December.

I do hope some of these decisions will be challenged in court. While I get the issue of minimising leak probability, the decision to keep open source to the end is a form of unfair trade practices.

As pointed out, these fixes are incredibly tricky things to implement properly, and the cure may sometimes be worse than the disease - not that it's even a cure.

 

http://www.securityweek.com/qualcomm-working-mitigations-spectre-meltdown

 

https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/

 

Here are my results before the patch:

https://www.3dmark.com/pcm8/24477610

and after the patch:

https://www.3dmark.com/pcm8/24484079

Not so bad but I am gonna run the test again once I install the microcode provided by Intel.

Also after installing the patch KB4056898 I have a strange problem...the language bar is opened in the upper left side of the screen on every restart and I should minimize it manually.

I didn't notice any unusual behavior other than that.

Regards,
Georgi

 

"Nvidia’s latest GPU drivers includes a Spectre fix..."

http://www.pcgamer.com/nvidias-latest-gpu-drivers-includes-a-spectre-fix-and-fortnite-optimizations/

 

Source: https://twitter.com/wdormann/status/950486460683182082
Article: https://doublepulsar.com/important-...-fixes-antivirus-vendors-and-you-a852ba0292ec

Oh my...

 

Clarified is:

So until you manually add these:

And do this:

The patches are not enabled.

 

Does Windows Defender count as an AV?

 

I am "holding my tongue" on that one ..............

Of interest would be if the AV vendor registry key was set on builds where WD is running in realtime?

 

The patch installed on my machine that was running WD.