'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I suppose that must be it.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,080
    Location:
    Texas
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Thanks - my feeling when this emerged was how effective the embargo had been given the nature of the changes and the number of people who had to know - I think the early disclosure was not too damaging and might have had the benefit of exposing a story that was not all massaged by PR departments.

    The most interesting part of the piece for me was the information that Intel already knew when contacted by Graz U. and was working on it. I'd very much like to know how they knew, who told them, and whether they would have admitted to it if someone hadn't found it. I know I won't get that information anytime soon!
     
  4. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    I had Wise Driver care, the utility said I had a unstable chipset driver so I installed a driver then the utility said that one was unstable too. I installed a Intel Engine GUI driver too. Today I got a popup from IObit about installing a patch, it wouldn't download.
     
  5. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
  6. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    I'm just going to take a risk and not install any of them...
     
  7. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    I guess I have to wait for the (choke choke) Microsoft Patch
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    As I understand it Google's Project Zero told them about those vulnerabilities before Graz University.
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I think this is correct, as both the microcode update and the security patch/update work together. I believe that it was Alex Ionescu that pointed out that the Windows patch actually functions differently dependent upon whether or not the microcode update is available. Certain operating system mitigations are applied dependent upon that, so it seems quite dynamic the functionality.

    I do recall Intel stating at one point that they will work over the coming months/years to make those performance impacts less drastic. I find it interesting that, likely due to PR, Microsoft and Intel avoided testing 4th generation processors or older just to make the news related impact seem not so bad.

    Another interesting thing that I noted with regard to Process Mitigations. As we all know, the latest Windows 10 platform added the remaining EMET mitigations directly to the Windows kernel. Those have far greater performance impact right now in comparison to before this microcode/OS updates. I removed all of those more recent ROP related kernel-level mitigations and went back to the good old process mitigations (via GFlagsX) and performance is much better now, although still not the greatest yet. So kernel-level mitigations are taking more of a hit right now unfortunately.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Interesting. I also strongly suspect that the OS Spectre mitigation was added to WDEG processing. We now have to find where it is.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I would take AMD's statements "with a grain of salt" since I saw postings of FX and Phonem processor users blue screening on Win 7.
    https://www.bleepingcomputer.com/ne...microcode-updates-for-spectre-flaw-this-week/
     
  12. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,761
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Great advice. Install update that cause you a problem to protect you against vulnerability that is currently not exploited ITW. My system probably won't get an update, but if it was, I would definitely wait for a while.
     
  16. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    everyone? What about less popular OSes and Gnu/Linux distributions not backed by commercial company? There are OSes in active development since early nineties, sometimes also used in production environments and they were not notified in advance.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.helpnetsecurity.com/2018/01/12/meltdown-spectre-attack-detection/
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Pleased to see some prospects for detection at last, and also acknowledgement that, for some classes of devices, the cure is worse than the threat right now. Where you tightly control what actually runs on your machine, the threat is going to be much smaller than a typical badly patched end-user browsing session.
     
  19. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    It says in the report, "Note: While some of the specific details and examples below are x86 specific, the ideas underlying the construction are commonly applicable. "

    My take is that the instruction architecture will have little impact on the success of the call "wrapping" technique.
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Here's the most extensive list of affected CPUs I could find: https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

    I don't see AMD Phenoms listed at all. Hopefully, I am "out of the woods" on this one for my Thuban series Phenom II hex core processor! I always felt it was one of the best processors AMD every built.
     
    Last edited: Jan 12, 2018
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  24. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    Thanks to you and Sempei Nihira for the list. As expected, I'll need patching.
    Curiously my Thinkpad system, i5-3320M, is listed in the Intel Mobile group.
    It's not a phone. It's a laptop, so I don't get it.
     
  25. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    I didn't know where to post this and to which posting to reply; sorry!
    I am most definitely no expert with respect to PowerShell so this is going to be a very newbee and probably dumb question ...
    Win 7 Pro 64-bit here.
    Where exactly in Group Policy Editor ( gpedit.msc ) can I find settings for PowerShell and which secure settings are needed and how to do that there?
    Maybe too in the registry?
    Please step-by-step instructions for newbees.
    Forgive me for as asking!
    (PS: I did run that tool Ashampoo Spectre Meltdown CPU Checker. After I had read that that tool made changes with respect to PowerShell, I did put back a backup-image).
    Thank you all very much!!!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.