'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    It doesn't change Powershell policies.
    If you're worried just make sure you run it from a non-admin account.
     
  2. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    i have run InSpectre on my husband's laptop, it has a Pentium B960 Sandy Bridge and InSpectre tells microcode update Yes.

    I have installed the KB 4090007 but after the restart for the update InSpectre tells Protection for Spectre No

    so I don't understand, in the list of microcode update of Microsoft I don't see the pentium b960 but InSpectre tells that is available and after installation of the update kb4090007 there isn t any change

     
  3. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Kb4090007 doesn’t contain microcode for sandy bridge processors yet. All inspectre says is that microcode does exist for the processor(intel have released it). It does not say Microsoft have started making it available. You need to manually check if the processor CPUID is in the table on the KB40900007 web page.

    At some point Microsoft should add the microcode to the list. Possibly after next patch day.
     
  4. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    many thanks pling_man ^__^
     
  5. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    And don’t worry about the install you just did. You can install again when the list is updated. Did you update your other computers?
     
  6. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    I unistalled It in this laptop. For The other laptop with celeron j3060 And The desktop pentium g3260 i ll test The with InSpectre in The Next days
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,037
    I just purchased a used HP laptop from eBay and installed the latest BIOS, which has the microcode update, which seemingly led to major performance issues. The laptop is the same model as the laptop I was using, however, I discovered that the new laptop has a higher resolution screen, so I decided to take my SSDs out of the laptop I had been using and then put them in this one. I had avoided updating the BIOS, in the laptop I had been using, as I was concerned about potential performance issues.

    When I booted Windows, there was excessive CPU use, even after a booting a few times. Other than the BIOS update, there was no apparent reason for the CPU use, as the specs of the two laptops are pretty much identical and both have the same CPU (an i5-2520M.) I tried disabling Spectre protection with the current version of InSpectre, but it did not disable it (and yes, I was running it as an Administrator). So, I downloaded and flashed an older BIOS, which did not have the microcode update. I was expecting not to be able to flash the older BIOS, as I know that HP sometimes say that installation of old BIOS versions will be blocked, after updating to a new BIOS, but I was able to flash it. Flashing the old BIOS update, fixed the performance issues.

    Interestingly, InSpectre lists performance as "Good," but when you read further, it says:
     
  8. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    Few minutes ago I instaled KB4090007 on my desktop with Haswell G3260 and InSpecte now tells that my desktop is protected for Meltdown and Spectre and performance is Good

    Now I'm wait microcode update for Braswell and SandyBridge
     
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,396
    Location:
    Member state of European Union
    Strange. Apart from running as Administrator with increased privileges it probably also requires reboot.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    Opinions?

    I updated the BIOS in my W10 about a month ago. All has been well and according to InSpectre, my W10 is protected against Meltdown and Spectre. Question: The latest update for KB4090007 includes my processor (Broadwell U/Y), do I need to install this update?
    https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

    I think I don't but what do you guys think? Are you installing the MS update even though you have installed the MC update from the manufacturer of the computer?

    Bo
     
  11. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    No you don't need it as your bios already provides the updated microcode. Windows will look at the microcode version loaded by your bios and see that it is later then the version it currently has support for, so won't change the microcode.

    It won't do any harm installing the windows patch as well but you don't need it.

    I expect the new microcode will be part of future versions of windows though (e.g. the Spring Creators update) and when that happens Windows will see the versions are the same, but it still won't change the microcode.

    Only if there's a later release of the windows microcode will it over-write the bios-loaded code.

    In your position you are also protected when you boot other operating systems or recovery disks, whereas people who only have the Microsoft Windows microcode won't be.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    Thats what I thought. Appreciate your opinion, and response.

    Bo
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    WBD, I am still on Win 10 x64 v1709 16299.402, but I've received and applied another BIOS update for my Haswell laptop, so I thought I'd retest performance with Spectre mitigation re-enabled.

    But when I run InSpectre I see the pop-up below, the 'Enable Spectre Protection' is greyed out:

    2018-04-30_143456.jpg

    but also an explanation further down, that:

    This system's protection against the Spectre vulnerability has been deliberately disabled by system settings. Even if the system's hardware is able to manage the Spectre threat, the operating system's settings will need to be changed to enable Spectre protection.

    and

    Windows' Spectre vulnerability protection (only) has been deliberately disabled by settings in this system's registry. Although overall system performance will be improved, this system will be vulnerable to Spectre attacks. Meltdown protection has not been disabled.

    My InSpectre settings had indeed been manually set (due to performance issues) and are currently FeatureSettingsOverride '1' and FeatureSettingsOverrideMask to '3'.

    Firstly, why is the 'Enable' greyed out (I thought one could just toggle this), but secondly, can I then manually enable Spectre protection again in the registry and should the first setting then be '0' i.e. is FeatureSettingsOverride '0' and FeatureSettingsOverrideMask to '3' the default / correct? Then restart ...
     
    Last edited: Apr 30, 2018
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Alert: Working Exploit Released for "Total Meltdown" Bug Introduced by Microsoft
    https://blog.barkly.com/total-meltdown-vulnerability-exploit-code-available
     
  15. RangerDanger

    RangerDanger Registered Member

    Joined:
    Apr 30, 2018
    Posts:
    120
    Location:
    Boston
    You can use WinAbler to fix the grayed out buttons on InSpectre.Run them both as Admin and drag bullseye to the InSpectre itself not the button.
     
  16. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    157
    Location:
    New Zealand
    We have 3 notebooks running Win 10 here. Two are HP laptops which a few months ago received MEI firmware updates and also BIOS updates and now are both protected against the Spectre vulnerabilities. The Gigabyte laptop is not protected however, and Gigabyte do not seem in any hurry to release BIOS or MEI updates even though it's very high spec machine and running a Skylake H CPU (i.e. not *that* old). I installed KB4090007 on the Gigabyte rig when it was running version 1709, and according to the inspectre tool this provided protection for Spectre, however after updating (via Windows Update) to version 1803 today, I see that once again the Gigabyte machine is not protected against Spectre. I tried searching for some info about a patch for 1803 that does the same thing as KB4090007, but I couldn't find anything. Hopefully MS will put out a new patch soon. Gigabyte only seem interested in updating their newest products.
     
  17. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    yes with the April update 1803 the protection for Spectre will be disabled (on ghacks net there is write, and is because kb4090007 is only for 1709) I'm really disappointed so every new version of Windows 10 (two times at year) we'll have no protection for Spectre
     
  18. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,037
    I can only presume that the microcode update will be released very soon. I'm quite happily not protected against Spectre (although I haven't updated this computer to 1803 yet), as I believe the change of an average user getting exploited by Spectre is close to zero, at this point in time.
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,357
    Researcher Finds a Way to Bypass Meltdown Patches on Windows 10
    May 2, 2018
    https://www.bleepingcomputer.com/ne...way-to-bypass-meltdown-patches-on-windows-10/
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,549
    Location:
    Outer space
    8 new Spectre-like vulnerabilities found, also known as Spectre-NG.
    https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html
    (German)
    Highlights:
    -Indications that ARM is also vulnerable. AMD is still being investigated.
    -Intel classified 4 vulnerabilities as high risk, and 4 as medium.
    -One vulnerability gets public May 7, one may get public imminent, other 6 still unknown.
    -Intel is planning the patches in 2 waves, May and August.
    -They are easier to exploit than Spectre.
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,357
    Spectre Next Generation vulnerabilities affect Intel processors
    Intel is facing another wave of reported security issues in its processors. The vulnerabilities, called Spectre Next Generation or Spectre NG, have not been disclosed publicly yet.
    May 3, 2018

    https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/

    New Spectre NG vulnerabilities in Intel CPUs

    May 3, 2018
    https://borncity.com/win/2018/05/03/new-spectre-ng-vulnerabilities-in-intel-cpus/
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    After updating to 1803, the 'Enable Spectre Protection' button was back. I enabled it, restarted and am evaluating if the performance impact is now sufficiently low to keep the protection enabled.

    So far, so good.
     
  23. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,549
    Location:
    Outer space
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,620
    Location:
    DC Metro Area
    Millions of Computers at Risk From Next-Gen Spectre Bug...

    "Millions of Computers Are at Risk of Hacks That Crack Into Their Core...

    Yuriy Bulygin...His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer’s firmware—microcode that’s stored permanently inside processors and other chips—to get to its most sensitive information. 'The firmware has access to basically all the secrets that are on that physical machine,' he says....

    The hacking technique Bulygin found exploits the Spectre vulnerabilities...Bulygin’s technique goes a step further by enabling hackers to read data from a particular type of firmware called system management mode memory. The code is linked to access rights that control key functions of the machine, including shutting down the central processing unit if the computer gets too hot or letting administrators configure the system. With access to the SMM memory, hackers can get essentially any data they want...

    Bulygin doesn’t know whether hackers have already tried to use the techniques he discovered to infiltrate computers, because this new class of hardware attack is virtually undetectable...malicious code that makes its way into firmware could be there forever because of its role in the backbone of a chip or processor..."

    https://www.bloombergquint.com/busi...ers-are-at-risk-from-the-next-gen-spectre-bug
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.