'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

It doesn't change Powershell policies.
If you're worried just make sure you run it from a non-admin account.

 

i have run InSpectre on my husband's laptop, it has a Pentium B960 Sandy Bridge and InSpectre tells microcode update Yes.

I have installed the KB 4090007 but after the restart for the update InSpectre tells Protection for Spectre No

so I don't understand, in the list of microcode update of Microsoft I don't see the pentium b960 but InSpectre tells that is available and after installation of the update kb4090007 there isn t any change

 

Kb4090007 doesn’t contain microcode for sandy bridge processors yet. All inspectre says is that microcode does exist for the processor(intel have released it). It does not say Microsoft have started making it available. You need to manually check if the processor CPUID is in the table on the KB40900007 web page.

At some point Microsoft should add the microcode to the list. Possibly after next patch day.

 

many thanks pling_man ^__^

 

And don’t worry about the install you just did. You can install again when the list is updated. Did you update your other computers?

 

I unistalled It in this laptop. For The other laptop with celeron j3060 And The desktop pentium g3260 i ll test The with InSpectre in The Next days

 

I just purchased a used HP laptop from eBay and installed the latest BIOS, which has the microcode update, which seemingly led to major performance issues. The laptop is the same model as the laptop I was using, however, I discovered that the new laptop has a higher resolution screen, so I decided to take my SSDs out of the laptop I had been using and then put them in this one. I had avoided updating the BIOS, in the laptop I had been using, as I was concerned about potential performance issues.

When I booted Windows, there was excessive CPU use, even after a booting a few times. Other than the BIOS update, there was no apparent reason for the CPU use, as the specs of the two laptops are pretty much identical and both have the same CPU (an i5-2520M.) I tried disabling Spectre protection with the current version of InSpectre, but it did not disable it (and yes, I was running it as an Administrator). So, I downloaded and flashed an older BIOS, which did not have the microcode update. I was expecting not to be able to flash the older BIOS, as I know that HP sometimes say that installation of old BIOS versions will be blocked, after updating to a new BIOS, but I was able to flash it. Flashing the old BIOS update, fixed the performance issues.

Interestingly, InSpectre lists performance as "Good," but when you read further, it says:

 

Few minutes ago I instaled KB4090007 on my desktop with Haswell G3260 and InSpecte now tells that my desktop is protected for Meltdown and Spectre and performance is Good

Now I'm wait microcode update for Braswell and SandyBridge

 

Strange. Apart from running as Administrator with increased privileges it probably also requires reboot.

 

Opinions?

I updated the BIOS in my W10 about a month ago. All has been well and according to InSpectre, my W10 is protected against Meltdown and Spectre. Question: The latest update for KB4090007 includes my processor (Broadwell U/Y), do I need to install this update?
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

I think I don't but what do you guys think? Are you installing the MS update even though you have installed the MC update from the manufacturer of the computer?

Bo

 

No you don't need it as your bios already provides the updated microcode. Windows will look at the microcode version loaded by your bios and see that it is later then the version it currently has support for, so won't change the microcode.

It won't do any harm installing the windows patch as well but you don't need it.

I expect the new microcode will be part of future versions of windows though (e.g. the Spring Creators update) and when that happens Windows will see the versions are the same, but it still won't change the microcode.

Only if there's a later release of the windows microcode will it over-write the bios-loaded code.

In your position you are also protected when you boot other operating systems or recovery disks, whereas people who only have the Microsoft Windows microcode won't be.

 

Thats what I thought. Appreciate your opinion, and response.

Bo

 

WBD, I am still on Win 10 x64 v1709 16299.402, but I've received and applied another BIOS update for my Haswell laptop, so I thought I'd retest performance with Spectre mitigation re-enabled.

But when I run InSpectre I see the pop-up below, the 'Enable Spectre Protection' is greyed out:



but also an explanation further down, that:

This system's protection against the Spectre vulnerability has been deliberately disabled by system settings. Even if the system's hardware is able to manage the Spectre threat, the operating system's settings will need to be changed to enable Spectre protection.

and

Windows' Spectre vulnerability protection (only) has been deliberately disabled by settings in this system's registry. Although overall system performance will be improved, this system will be vulnerable to Spectre attacks. Meltdown protection has not been disabled.

My InSpectre settings had indeed been manually set (due to performance issues) and are currently FeatureSettingsOverride '1' and FeatureSettingsOverrideMask to '3'.

Firstly, why is the 'Enable' greyed out (I thought one could just toggle this), but secondly, can I then manually enable Spectre protection again in the registry and should the first setting then be '0' i.e. is FeatureSettingsOverride '0' and FeatureSettingsOverrideMask to '3' the default / correct? Then restart ...

 

Alert: Working Exploit Released for "Total Meltdown" Bug Introduced by Microsoft

https://blog.barkly.com/total-meltdown-vulnerability-exploit-code-available

 

You can use WinAbler to fix the grayed out buttons on InSpectre.Run them both as Admin and drag bullseye to the InSpectre itself not the button.

 

We have 3 notebooks running Win 10 here. Two are HP laptops which a few months ago received MEI firmware updates and also BIOS updates and now are both protected against the Spectre vulnerabilities. The Gigabyte laptop is not protected however, and Gigabyte do not seem in any hurry to release BIOS or MEI updates even though it's very high spec machine and running a Skylake H CPU (i.e. not *that* old). I installed KB4090007 on the Gigabyte rig when it was running version 1709, and according to the inspectre tool this provided protection for Spectre, however after updating (via Windows Update) to version 1803 today, I see that once again the Gigabyte machine is not protected against Spectre. I tried searching for some info about a patch for 1803 that does the same thing as KB4090007, but I couldn't find anything. Hopefully MS will put out a new patch soon. Gigabyte only seem interested in updating their newest products.

 

yes with the April update 1803 the protection for Spectre will be disabled (on ghacks net there is write, and is because kb4090007 is only for 1709) I'm really disappointed so every new version of Windows 10 (two times at year) we'll have no protection for Spectre

 

I can only presume that the microcode update will be released very soon. I'm quite happily not protected against Spectre (although I haven't updated this computer to 1803 yet), as I believe the change of an average user getting exploited by Spectre is close to zero, at this point in time.

 

Researcher Finds a Way to Bypass Meltdown Patches on Windows 10
May 2, 2018
https://www.bleepingcomputer.com/ne...way-to-bypass-meltdown-patches-on-windows-10/

 

8 new Spectre-like vulnerabilities found, also known as Spectre-NG.
https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html
(German)
Highlights:
-Indications that ARM is also vulnerable. AMD is still being investigated.
-Intel classified 4 vulnerabilities as high risk, and 4 as medium.
-One vulnerability gets public May 7, one may get public imminent, other 6 still unknown.
-Intel is planning the patches in 2 waves, May and August.
-They are easier to exploit than Spectre.

 

Spectre Next Generation vulnerabilities affect Intel processors
Intel is facing another wave of reported security issues in its processors. The vulnerabilities, called Spectre Next Generation or Spectre NG, have not been disclosed publicly yet.
May 3, 2018
https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/

New Spectre NG vulnerabilities in Intel CPUs
May 3, 2018
https://borncity.com/win/2018/05/03/new-spectre-ng-vulnerabilities-in-intel-cpus/

 

After updating to 1803, the 'Enable Spectre Protection' button was back. I enabled it, restarted and am evaluating if the performance impact is now sufficiently low to keep the protection enabled.

So far, so good.

 

https://www.extremetech.com/computi...re-class-attacks-may-be-coming-for-intel-cpus

 

Disclosure postponed by 2 weeks:
https://twitter.com/knweiss/status/993531572509925376?s=21

 

Millions of Computers at Risk From Next-Gen Spectre Bug...

"Millions of Computers Are at Risk of Hacks That Crack Into Their Core...

Yuriy Bulygin...His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer’s firmware—microcode that’s stored permanently inside processors and other chips—to get to its most sensitive information. 'The firmware has access to basically all the secrets that are on that physical machine,' he says....

The hacking technique Bulygin found exploits the Spectre vulnerabilities...Bulygin’s technique goes a step further by enabling hackers to read data from a particular type of firmware called system management mode memory. The code is linked to access rights that control key functions of the machine, including shutting down the central processing unit if the computer gets too hot or letting administrators configure the system. With access to the SMM memory, hackers can get essentially any data they want...

Bulygin doesn’t know whether hackers have already tried to use the techniques he discovered to infiltrate computers, because this new class of hardware attack is virtually undetectable...malicious code that makes its way into firmware could be there forever because of its role in the backbone of a chip or processor..."

https://www.bloombergquint.com/busi...ers-are-at-risk-from-the-next-gen-spectre-bug