'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,406
    Location:
    Canada
    With the strict site isolation flag enabled, along with an ad and script blocking extension, there's little need for concern about a javascript-based cpu side channel attack anyway.
     
  2. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    201
    Location:
    Canada
    I have done all of those things. However, ChromeZero does a number of interesting mitigations that I'm not sure are completely redundant with the ones you mention. Here is a great article describing what ChromeZero does.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    Is there an explanation on how Strict Site Isolation is supposed to migitate Spectre? Spectre allows to read memory of other processes, so while putting each website in it's own process is a great security feature overall, it seems useless against Spectre.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,406
    Location:
    Canada
    Agreed Chrome Zero might help, but in its current state it seems too buggy.

    Yes:

    https://www.chromium.org/Home/chromium-security/site-isolation
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    Just got a new BIOS update (to 1.36.1.36) for my Haswell ThinkPad, which I presume is the revision to the 'botched' earlier update (to 1.35.1.35, 27 Dec 2017) to address Meltdown and Spectre.

    Maybe not though, as I notice my settings are still set to FeatureSettingsOverride '1' and FeatureSettingsOverrideMask to '3' as I had left them (unless the BIOS update does not reset them).

    Will leave as is, because I'd rather not reintroduce the performance issues I experienced previously.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Microsoft Releases New Meltdown and Spectre Patches for Surface Pro
    March 2018 firmware update brings new mitigations
    March 20, 2018

    http://news.softpedia.com/news/micr...-spectre-patches-for-surface-pro-520308.shtml
     
  7. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    BIOS update does not change those registry keys once they are set manually. You can leave as is or experiment later on by deleting those registry keys. Or better yet, use the InSpectre tool since it is a GUI, run as Admin, and you can enable/disable as you like in a much easier way compared to editing registry. Ensure you reboot after making a change to the key.

    Please let me know your experience as well because I am curious as to how much of a performance hit you get on your Haswell.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    Thanks WBD. Will let you know when / if I give it a go (with InSpectre). :)
     
  9. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,021
    Never happen, their stock is at an all-time high. And the common man outside of IT knows nothing of this dust up. Nor would he care.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
    Google is distributing more Meltdown and Spectre Patches for Chrome OS devices
    http://securityaffairs.co/wordpress/70561/hacking/chrome-os-meltdown-spectre.html
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    I have been following up the link below, to see when the BIOS update for my Dell W10 would get posted. I opened the link today and saw it was first posted about 3 weeks ago, and there was an update to it about 10 days later. This kind of updates scare me a bit but I went ahead and did it. It was fast, so fast there was no time for sweating or nothing. All looks good afterward. System feels well, no new Events log errors or Warnings which I think I read here some users got after updating the Bios. That would a bothered me a lot if I got something new.

    Others users with Dell computers can check this link for the update for their computers.
    http://www.dell.com/support/article...cve-2017-5754-impact-on-dell-products?lang=en

    Sin título.jpg

    Bo
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,436
    Location:
    Member state of European Union
  13. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    KVA Shadow: Mitigating Meltdown on Windows
    Link: https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/

    Great blog post and highly technical in detail. :thumb:

    EDIT:

     
    Last edited: Mar 23, 2018
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    123,724
    Location:
    Texas
  15. porrkanon

    porrkanon Registered Member

    Joined:
    Mar 29, 2014
    Posts:
    57
    new bios for my asus z170i pro gaming finally arrived. not installed it yet. can i expect any trouble you think?
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    Intel Microcode Revision Guidance, updated April 2 2018:
    hxxps://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
    Spoilers: Microcode development for a lot of older CPU's has stopped.
     
  17. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,115
    Indeed; no fix for my E8400 after all...
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Intel Reveals Some CPU Models Will Never Receive Microcode Updates
    April 4, 2018
    https://www.bleepingcomputer.com/ne...-models-will-never-receive-microcode-updates/
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Microsoft, AMD Release New Microcode Updates Against Spectre Vulnerability
    Windows users getting new Spectre patches
    April 11, 2018

    http://news.softpedia.com/news/micr...es-against-spectre-vulnerability-520625.shtml
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    InSpectre Release #8 v0.0.6675.8 (April 11, 2018)
    Website
    What's New:
    Inspectre_#8_screenshot.png
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    New InSpectre release reveals if microcode updates are available
    April 12, 2018
    https://www.ghacks.net/2018/04/12/new-inspectre-release-reveals-if-microcode-updates-are-available/
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,291
    Location:
    Among the gum trees
    Does anyone have any suggestions where I can download the Microcode Update for my old Acer? It is not available on the Acer site and they haven't supported it since it ran out of warranty.
     

    Attached Files:

  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @Krusty The fixed microcode is available (https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File), however you may need to wait until Microsoft pushes an update for your specific CPU. Other methods like VMWare Microcode Update Driver for Windows seem to be not very reliable with recent versions of Windows, unfortunately.

    Are you running Legacy BIOS or UEFI? There may be some BIOS hacking tutorials out there but that can be sketchy and dangerous.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,291
    Location:
    Among the gum trees
    Thanks but that looks to be for Linux. My machines are Win10 x64.

    The Acer has a Legacy BIOS and I have an old Lenovo that gets the same result from InSpectre. That machine is UEFI.
     
  25. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.