'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

As far as Spectre ever being fully mitigated, I believe Cyberbit said it best:

https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/

 

There is also a factor of compiler. You can have patched compiler and compiled code can be mitigated against Spectre, but it doesn't mean every program downloaded from Internet is mitigated. Windows users usually don't compile programs, they just download binary files and run it.

I think Spectre can be also useful to bypass sandboxes. Usually you need to more than one vulnerability to bypass sandbox. Spectre is only read-only vuln, so you can't use it alone to bypass sandbox. Spectre can be useful in combination with other vulnerabilities, because exploiting other vulnerabilities often needs leaked information.

 

Good points, and for programs that don't need internet access, sandboxes and RBAC can prevent exfiltration of a successful Spectre-class attack.

The other BIG area for mitigation is the one that's been obvious for some time, yet not mandated even on websites dealing with money:- get proper 2FA like U2F implemented. Then secret stealing won't be such a threat. There's also quite a lot that could be done with HSM for storing certificates outside the memory space, and various forms of co-processors, doing similar things.

 

The history behind the Meltdown and Spectre debacle.

Keeping Spectre secret
How an industry-breaking bug stayed secret for seven months — and then leaked out

https://www.theverge.com/2018/1/11/...tre-disclosure-embargo-google-microsoft-linux

 

Ubuntu 60% loss in hashrates after security updates for Spectre/Meltdown vulnerabilities RX580

 

Hello,

ESET's software works fine with Microsoft's patch and has announced it via usual channels (customer advisory, KB article, press release, etc.). I got to do the write-up for it on the blog, and one of the things I decided to do was to keep it updated with every vendor security advisory/bulletin I could find. Currently, I have managed to find over 130 of them. Here's a direct link into that section:

https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors

Perhaps some of you will find it of use.

Regards,

Aryeh Goretsky

 

Thank you for the details.

I am always running with SSD's as well, so I've got a double hit in this case I suppose.

It's taken my lightning-fast Core i7 and quite literally made my i7 dog-s**t slow. Some of you folks who have not yet received the microcode update are in for a surprise. I can't refer to this as anything other than dog-s**t slow. I believe that the only thing I can do now is remove any process mitigations and all other security to help reduce the impact here. I am someone who takes pride in efficiency as well so this just boggles my mind.

Left with one choice: Buy new hardware. Ugh.

This is a great article. I recall seeing many security researchers speaking about said embargo in the first few hours as this news started to come out initially.

 

Hum ......... Appears AMD has "re-evaluated" the situation:

https://www.theverge.com/2018/1/11/16880922/amd-spectre-firmware-updates-ryzen-epyc

So again the question is will the motherboard manufacturers provide a BIOS flash update for these? So far, all I have seen is silence from them.

-EDIT- Appears some are; Intel updates that is:

http://www.tomshardware.com/news/motherboard-vendors-release-bios-updates-spectre,36316.html

 

Which one? Anything from Intel has 3 vulnerabilities, even newest generation.

I sometimes think that some performance degradation reports are just a result of Nocebo effect.

 

I guess this pretty much sums it up:

 

What are storage benchmarks? Meaning disk I/O tasks?

 

Chip Flaws Spectre and Meltdown are Actually Three Vulnerabilities and Proving Hard to Mitigate
Link: https://www.crowdstrike.com/blog/ch...vulnerabilities-and-proving-hard-to-mitigate/
By Alex Ionescu

 

I just received Intel - Net 19.51.7.2

https://sysdev.microsoft.com/en-AU/Hardware/support/default.aspx

Is this update related here?

Sigh... Probably not.

http://www.driver-factory.com/html/503686.html

 

CPU Vulnerability Assessment and Fix Tool 2.0
Author: Qihu 360 Software Co.

http://www.majorgeeks.com/files/details/cpu_vulnerability_assessment_and_fix_tool.html
--------
360 released the Very First CPU Vulnerability Assessment and Fix Tool
https://blog.360totalsecurity.com/en/360-first-cpu-vulnerability-assessment-fix-tool/

 

Thanks anon. I've downloaded but will wait for other guinea pigs to report their experiences.

 

Please keep in mind that the CPU Vulnerability Assessment and Fix Tool is just a diagnostics utility that can aid you in downloading the necessary patches to protect your computer. It does not contain patches or vulnerability fixes itself.
http://www.softpedia.com/get/Securi...U-Vulnerability-Assessment-and-Fix-Tool.shtml

 

Yes, and so is the AShampoo tool which made undocumented changes to Powershell ExecutionPolicy settings.

 

I discovered Qihoo's (Qihu/360) tool yesterday, but did not post about it as it does not work. I ran in on two computers. On the first computer, it found no vulnerabilities. However, when I ran Ashampoo's Spectre Meltdown CPU Checker on the same computer it reported that Spectre was sill vulnerable (but not Meltdown).

I then ran in on a second computer.







The above screenshots are from a Windows 7 computer. It spent time supposedly downloading and installing the patch. However after rebooting and running the tool again, it still showed that my computer was vulnerable. Ashampoo's Spectre Meltdown CPU Checker, also showed that my computer was still vulnerable.

I rebooted to my Windows 10 partition on the same computer and ran Qihoo's tool again and the results were the same. After clicking on Fix and then rebooting afterwards, the vulnerability was not fixed and Ashampoo's tool said the same.

 

I got the same results as Roger. Both Ashampoo and 360 say I'm still vulnerable.

 

One thing that confuses me though, given your statement I bolded above, is that I received the BIOS update before KB4056892 CU, but I only noticed the slowdown after applying the CU ...

Can't afford new hardware right now, having just bought new laptop no.1 (which would also have the vulnerability). Will just have to live with it for now, laptop 2 seems even slower than 3 now (too old for BIOS update).

 

Yes. Files and databases. They are usually more focused on use-cases for file storage companies and companies running MySQL, PostgreSQL (webhosting, webapps?) and similar databases than regular consumer.

 

Maybe it's a combination of both updates that creates a slowdown? Install only one, all is fine, install both and you get slow performance...

 

Finally:

1. Update CPU Microcode to revision 80
2. Improve memory compatibility.

https://www.asrock.com/MB/Intel/Z370%20Extreme4/#BIOS

https://i.imgur.com/uGXhPmJ.png