'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Nice. I think my machine is tool old. It says TBD on HP's support site.

 

I have errors there as I'm sure everyone does, but I can't see that one so maybe I'm lucky.

 

I believe that means there will be a BIOS update at some point, but there is no set date yet. The page was showing the 19th as the date for BIOS updates for my computers. A few days after the 19th, the date changed to the 24th, then a day or two later back to the 19th again (even though it was a few days after the 19th) and then to TBD.

 

I have noticed that as well. Not sure if I will update anyway since InSpectre states my performance will not be good.

 

I think the updates will be released despite that. I have the Microsoft patch for Meltdown installed on my ProBook 6460b with an i5 2520M CPU and although InSpectre says it should be making my computer run slower, I haven't noticed any slowdowns since installing the patch.

 

Good to know. Thanks for the reply.

 

Interestingly, am I along who can't understand the real effect from KB4078130? How u can "turn off" or "disable" a new CPU's features that became available with Intel's installed firmware update? Intel rolled out new MSR registers with new flags for CPUID. How u can restrict someone to use these new CPU features...

 

Appears its just a matter of time .................

http://www.securityweek.com/malware-exploiting-spectre-meltdown-flaws-emerges

 

https://securityaffairs.co/wordpress/68403/security/meltdow-flaw-china.html

 

No surprise here that exploits are already in the works. Just remember to harden the browser and clear all session data when finished, especially after transactions on secure websites. I think it would be foolish to use a browser that doesn't support site isolation or similar. Spectre will be harnessed to steal session cookies from secure sites opened in the browser. Apparently it's not as "fast acting" as the typical drive-by download; testing has revealed that one has to spend considerable time on the page before Spectre can run the required number of operations to successfully exploit. We will very likely see other microcode exploits before the end of the year.

 

As far as Sprectre - variant 1 browser based attacks, most of the browsers have been patched to remove the primary attack vector:

https://www.reddit.com/r/DarkNetMarkets/comments/7oxnjs/vulnerabilities_in_modern_computers_leak/

 

That's good news.

 

I think using distinct browser profiles and Firejail sandboxes for different browser "applications" will be well worth the effort too. That allows one to adjust many of the aspects of hardening and the trade off between usability and privacy according to need, and with a better level of mitigation against Spectre, at least, the in-process varieties.

Personally, I only do online financial transactions (as opposed to shopping where exposure is more limited), on a separately booted Live USB session, only used for that purpose and nothing else.

 

An updated Release is available:
InSpectre Release #6b v.0.0.6605.6 (January 31, 2018)
Website
This release seems to drop inspect64.exe (3.584 bytes) to the ...\Local\ directory but it seems to be harmless.

Code:

inspect64.exe
File Description: Meltdown & Spectre 64-bit Inspection
Hash: E637669462A427F90CCF3E074B7E9850B7F56719C89E65286218BED0EFAD9504

 

Destro said:

https://msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/?page=148

The usual theory that what is old is probably less attackable because less widespread.
What do you think?

 

Only partially true.

It could be old but was widely used therefore making it a better target. I use this logic in stating AMD processors are less likely to be attacked than Intel ones. Then there is the environment where the processor is used. Again, Intel processors are used overwhelmingly in corp. installations. Overall I will say that most of these attacks, if they can be successfully deployed in the "real world," will be directed to non-consumer installations.

 

Spectre Variant One Mitigations Will Be Sent In For Linux 4.16

https://www.phoronix.com/scan.php?page=news_item&px=Spectre-Variant-One-Linux-4.16

Spectre / Meltdown Code Gets Cleaned Up, Improvements For Linux 4.16
https://www.phoronix.com/assets/categories/linuxkernel.jpg

https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.16-KPTI-Improvements

 

I refer to my previous post #910 on page 37. I ran the latest version of InSpectre released the other day, and now it says that I have protection for both Meltdown and Spectre. Nothing has changed with my Surface Book, so it looks like it must the current version of GRC's InSpectre that is the reason.

 

Pedro Bustamamente said:

https://forums.malwarebytes.com/top...owsers-and-mbae/?tab=comments#comment-1201018

 

But in-process attacks are the main concern when it comes to Spectre, not drive-by downloads.
For now controlling Javascript in browser (NoScript and others extensions), keeping open only one tab when browsing sensitive sites like bank accounts and using strict-site isolation are available mitigations for in-process attacks.

https://www.wilderssecurity.com/posts/2730879/

In the medium and long term browser vendors need to use hardened compilers to build browsers and mitigate Spectre and/or manually apply some assembly code in various places of browser C/C++/Rust code.

Edit, added:
Probably the same is true for OSes. For Windows 10 next Redstone versions are likely to be hardened against Spectre. Windows 7 and 8.1 are likely no to be updated (only some basic patches here and here) due to different update model, unless Microsoft is going to release Service Pack, but I would not count on that. Windows 7 is in extended support, so it is not likely to receive Service Pack. Microsoft does not like 8.1 version, so I am not counting on Service Pack for 8.1, too.

 

Here's a discussion on SharedBufferArray along with other Spectre related issues. Note that SharedBufferArray is akin to "shooting yourself in the foot":

https://www.hnstories.com/news/mitigations-landing-for-new-class-of-timing-attack-1515031231

 

Virus BULLETIN: "There is no evidence in-the-wild malware is using Meltdown or Spectre..."

https://www.virusbulletin.com/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/

 

Is my machine going to slow down because i have the reg key and the jan ms os patch for m and s now. I won't have the Bios Update ever. Does the Bios update slow down the machine, or is it the ms OS patch after the reg key that slows everything down.

 

If you are running much newer hardware, you probably won't notice a performance impact. It's older (much older in particular) hardware that will be impacted the most, especially by the Spectre microcode update, if and when available for whatever hardware one is running. Since it seems you are electing not to patch the BIOS, thus for Spectre, then I would assume you won't be affected.

 

Thanks for the info wat0114.