'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

I'm guessing modems and routers would also be vulnerable too as they would also have these chips, right?

 

Have been wondering about the same thing, but don't know the answer.

 

Windows Update does not find the patch on my PC, even though the required registry key/value is present.

The Windows Update troubleshooter notices that there are pending patches, but Windows Update never shows them.

Installing KB4056892 manually while typing this...

 

Thank you. I have installed Cumulative Security Update for Internet Explorer 11 for Windows 7 KB4056568.

I will wait till registry key "HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" shows up before installing KB4056897.

I am using BDIS2018 on my W7P64.

I called BD support & the CSR said BD should push that registry key to my pc within a couple days.

Is that how I supposed to get that registry key?



And thank you Mister X for the links.

 

Applied patch.
Verdict = incomplete

 

As the bleepingcomputer.com article states, you're not going to get a 100% score until all firmware updates are applied. If you have older hardware, it is very questionable if the motherboard manufacturers are going to issue a BIOS flash for motherboards they no longer support.

 

YW.

 

Hi itman
My pc is old........

 

But will motherboard manufacturers give a patch for older mobo's?
You may need such a patch from them!

As itman posted:

 

If you have an Intel motherboard, you will probably get a BIOS update at some time in the near future. If its an OEM made PC, it will come from them.

AMD has flat out stated all that is necessary for their CPU's is the OS patch.

 

I doubt I'll get any updates for my old machines. One hasn't received any updates since 2009.

 

My win10 laptop just updated successfully.

Some benchmarks:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/

 

Okay so Meltdown can be patched but it's more like an bandaid (might slow system down, underlying Intel hardware bug still there).
But Spectre is worse because no other fix than completely new chip redesign and affects all: Intel, AMD and ARM processors ....
Luckily, harder to exploit too than Meltdown but still .....

No more internet for me today, will just get into bad mood.

 

If your Intel CPU is older than 5 years, "you're up the river without ........."

Intel Promises Firmware Updates for Most Modern CPUs by the End of Next Week

https://www.bleepingcomputer.com/ne...for-most-modern-cpus-by-the-end-of-next-week/

 

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/

 

Is Grsecurity affected?

 

As far as AMD goes, I think this sums it up:

http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

The question is in regards to processors older than the FX series? I would say it is safe to assume they are also vulnerable. Overall, Spectre is difficult to implement and would be used for specific targeted attacks. So for the average AMD end user, I would say your risks are fairly low.

 

On Intel CPUs? Yes, it is. Processes can read from kernel memory if you don't have KPTI applied.

 

Dumb question then, on older PC's/CPU's (W7)would a Pc that's well armored/layered help with this Flaw??

 

Another good recent article. Shows all Intel CPUs vulnerability. Also confirms that MS patch performance issues will be most noticeable on SSDs: https://www.pcworld.com/article/324...cpu-kernel-bug-faq-how-it-affects-pc-mac.html

 

bassically i think that patch dont even run.
1) BTIDisabledByNoHardwareSupport : True. So u need microcode.
2)Windows OS support for PCID optimization is enabled: False
KVAShadowPcidEnabled : False

So u need better chip from haswell witch have pcid optimization and it dont take perfomance hit.


So i think that windows patches is disabled unltil you have microcode, better chip than haswell or u can enable them mannually?


Here is mine with haswell chip with microcode 22 from january 2017:
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True

 

Apple says all Mac and iOS devices affected by Meltdown and Spectre bugs