'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    The other day when I saw that InSpectre is now also showing BIOS update availability, I ran InSpectre in my W7, and found that there is an update available for my W7. So, today I decided to search in HP websites (I uninstalled HP Support assistant long time ago), found the correct page for my W7 but the BIOS update in that page is from 2013. :)

    Inspectre.jpg

    Sin título.jpg

    Shut down. Despite my W7 being labeled as Slower by InSpectre, I was going to do the BIOS update. My guess is that Intel has released an update for the processor in my W7 but HP is not going to release it for my laptop.

    Bo



    .
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,074
    HP are not going to release a BIOS update for the original HP 430, but have released updates for for G1 through to G5 models.
    https://support.hp.com/us-en/document/c05869091
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Hi Roger, I being aware of that link. Since I never saw my W7 laptop in there is the reason why I went to HP Support site. I figured since HP hasn't released an update for my W7 by now, its more than likely that they are not going to release one. But I don't know if they will or not. You sound pretty certain they wont, can you tell me how you you arrived at that conclusion.

    Bo
     
  4. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
    I have a couple of Intel based Ivy Bridge (3rd gen Core) Asus motherboards in home built rigs, that I am fairly certain that Asus will never issue firmware/BIOS updates for.

    The good news is that Intel is pushing out microcode updates for the Spectre bug, that Windows can install at boot time as CPU microcode updates... The microcode update is not a permanent flash update, and is erased when the system is powered down, but has the same effect when the system is booted.

    The latest Windows update for this only applies to Windows 10 version 1709, for 6th, 7th, 8th gen Intel Core CPUs. The affected processors are listed here. https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

    Intel is currently working on older processors, so it is on Microsoft to catch up with revisions for this update to include the older Intel CPUs.
    https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
     
    Last edited by a moderator: Apr 18, 2018
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,074
    Your computer is too old to get a BIOS update. Computer manufacturers only care about providing updates for fairly recent models. I own ten laptops, but there are only BIOS updates available for two of them. They are both HP laptops, but I have another older model HP, for which there is no update.

    In the case of HP, as far I know, no further updates will be released. When the list was first published, it was a list of the models which HP would provide updates for. Over time, they have released the update for all of those models.
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Thats a great link Tinstaafl, the processor/CPUID of my W7 appears with Production status in yellow. Perhaps there is going to be an update for it. And InSpectre is wrong stating the BIOS update is already available (the link is dated April).

    Bo
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    The model is old but my W7 is not that old. I bought it when W8 was already out, in 2012 or 2013. It was probably one if the last new W7 sold. At the time I could it gotten a "better" W8 for less money but I didn't want W8. I could never like Metro Start menu. So, I got this one to replace another identical W7 that was stolen from me. But anyway, check the link posted by Tinstaafl, perhaps there is hope. As far as I am cocerned, if it happens, great, if it doesn't, thats OK also. :)

    Bo
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,074
    @bo elam It looks like HP has only released updates for models released in 2011 or later. While your computer was released in 2011, maybe it was released too early in the year for HP to provide an update.

    I have no plans to install the BIOS update for my two laptops, as I'm concerned about the performance impact. I don't believe there is a significant security risk from having an unpatched BIOS.
     
  9. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,115
    Where do you see that? It only states that a microcode update (from Intel) is available.

    It’s up to the maker of your PC/motherboard (HP for you) to include this in a BIOS update, but InSpectre will not know about that.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Thats what I said, look. You miss it.
    But who knows, according to the Intel link (dated April) posted by Tinstaafl, my W7 processor CPUID 20655 is in Production status. I take that to mean...they are working on it but is not ready yet.

    Arrandale.jpg

    Bo
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,074
    Microsoft is providing microcode updates for systems that do no have a patched BIOS.
    https://www.howtogeek.com/346465/windows-spectre-patches-are-here-but-you-might-want-to-wait/
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Until earlier today, I wasn't planning on updating the BIOS in my W7. But today I felt like doing it. When I did it last month for my W10, it was fast and smooth, and lost 0 performance that I can feel, so today I was feeling confident doing it in W7. How I ll feel if and when is available or offered by HP for my W7, I dont know. But I dont mind losing a little performance.

    Bo
     
  13. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
    Many manufacturers will never offer BIOS updates for older systems, even if a fix is offered by Intel, particularly for out of warranty products.

    That is where obtaining the Intel microcode update from Microsoft instead may be the only option.

    But in that case, MS will probably only provide Windows updates with the new microcode for the very latest Windows 10 versions.
     
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,436
    Location:
    Member state of European Union
    I wonder whether 3rd party can patch Windows 7 files containing updated microcode.
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    Afaik you can install the BIOS update and if the perfomance impact is too big, just disable the migitations through the registry.
     
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,074
    Yes, you can do it manually with GRC's InSpectre. InSpectre says there will be some decrease in performance with my processor and I have decided not to even find out what the performance will be like with a patched BIOS.
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I've been playing around with RS4 for the past couple of weeks and I wanted to note that, with regard to performance degradation from Spectre mitigation in particular, there is barely a noticeable decline in performance on RS4 in comparison to RS3. Clearly Microsoft have gone further with RS4 as far as performance goes with the Spectre mitigations. With RS3, there is a significant difference when I disable/enable Spectre mitigation. With RS4, I really can't tell the difference.

    Anyway, I just wanted to put that out there. So on RS4 I will keep Spectre mitigation enabled. Whereas with RS3 previously, I always had disabled it due to performance degradation being too significant.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    Thanks for that heads up WBD.

    Will try same on this ThinkPad Haswell PC when 180(3?) officially arrives.
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  20. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    201
    Location:
    Canada
  21. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
    Keep it coming, Microsoft!

    Still on the lookout for Ivy Bridge support. Suppose MS will cross that bridge when they get to it! ;)
     
  22. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    201
    Location:
    Canada
  23. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    Hi, I have a question if I run InSpectre on my pc it changes some registry keys or Powershell policies like Ashampoo Spectre and Meltdown checker?

    other question, I have a Celeron J3060 desktop (Braswell) and a Pentium G3260 desktop (Haswell) the KB4090007 is good for them or not?

    Thanks
     
  24. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    InSpectre doesn't change anything in the registry unless you click on the buttons. The latest version from GRC will show you the CPUID so you can check the list on KB4090007 to see if its supported.
     
  25. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    thanks, and doesn't change Powershell policies?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.