Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.
Darn, I wish they would include plain vanilla Sandy Bridge.
According to Intel, the E version of Sandy Bridge is unsupported as of June 2020.(https://software.intel.com/security...execution-attack-mitigation-product-cpu-model)
It may be that Microsoft just released an older Microcode update for those. In the past they've also released a microcode update for only a select number of CPU's, and waited a long time before adding other CPU's as well.
Microsofts information is confusing. For example, if you look on this page (https://support.microsoft.com/nl-nl/help/4589212/intel-microcode-updates), you will see RAPL listed among the vulnerabilities. If you look at the list below that, you will see plain Sandy Bridge listed as well with microcode 0x2f. 0x2f was released last year for plain Sandy Bridge with migitations for MDS(Zombieload). After that, Intel ended support for plain Sandy Bridge. So, there cannot be a RAPL fix for plain Sandy Bridge, even though it is listed there.
Hmm, according to this Intel advisory on the subject, Sandy Bridge CPU's are not affected. Perhaps, I have nothing to worry about?!?!
RAPL was introduced first in Sandy Bridge, so my guess is that it is affected. However, Intel only lists 6th gen and up as affected. SGX was introduced into 6th gen, so obviously you cannot use this attack to get secrets from SGX on CPU's that don't have SGX. It's not the first time Intel focused only on the SGX part of a CPU vulnerability.
In this case, the OS update fixes unpriviledged access to RAPL, and microcode update is needed to protect against priviledged access SGX. So if your CPU doesn't have SGX, all you need is an OS update.
Has anyone updated their cpu with these new microcode updates? And if yes, which cpu did you use, and did you notice performance slowdowns?
Personally, I plan to do some benchmarks before updating, just to make sure everything is intact ( I will compare them to the benchmarks after I update)
I am on newest 20H2 19042.804 yet I did not get WU for these, but if I download KB4589212 I can install it manually
I also found this very useful link for all vulnerabilites on all processors and all of their statuses
MCU - MicroCode Update
As well as this slightly outdated link for some of em https://support.microsoft.com/en-us...bilities-35820a8a-ae13-1299-88cc-357f104f5b11
Note - These microcode updates concern ALL (or most?) intel processors, not just the newest ones quoted above, those are just the newest ones for which updates were released recently
Are there any active attacks going on because of these chip problems on people at home or would it be on the server end.
From what I read a few days ago there's a PoC already:
Does Google Chrome stop all spectre and meltdown attacks. Does Chrome also stop all the other chip problems that have been discovered since spectre.
Meltdown was more like OS level threat than browser threat.
Spectre and other Spectre-like vulnerabilities - they do have some mitigations and Site Isolation feature to make it harder for adversary to do that type of attack and reduce the scope of memory that can be read by these kind of attack. You need CPU-level (microcode updates) and OS-level fixes to make Site isolation effective in mitigating (not stopping completely) impact of these kind of attacks.
TLTR Meltdown - yes. Spectre no - they are just mitigating that.
I tried to install the updated Microcode kb4589212-v2 as Microsoft recommended, but it said the update was already installed. As far as I can tell from the literature, there were no changes for my version of Skylake.
I haven't noticed any performance slowdowns with or without the mitigations, but my system is a pretty low-end i3 which is going to be fairly slow either way.
"AMD admits Ryzen 5000 CPU exploit could leave your PC open to hackers
Zen 3's PSF branch prediction means your system could be left wide open to virtual attacks.
AMD's Zen 3 CPU architecture may, according to AMD itself, include a feature that could be exploited by hackers in a Spectre-like side channel attack..."
"Computer scientists discover new vulnerability affecting computers globally
A team of computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.
The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference in June.
...Found a whole new way for hackers to exploit something called a "micro-op cache," which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process...
...Hackers can steal data when a processor fetches commands from the micro-op cache...
Because all current Spectre defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat's team's new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors..."
A new method to protect WebAssembly against Spectre attacks
August 11, 2021
Susan Bradley from AskWoody uses the inspectre tool to disable the Meltdown and Spectre microcode updates. I did the same thing a long time ago. https://www.askwoody.com/forums/topic/microcode-updates-the-master-patch-list/
I just disabled Meltdown protection with InSpectre as it had a huge performance hit on my 2010 model laptop.
Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack
Spook.js attack bypasses Strict Site Isolation in Chrome to steal passwords
New Intel vulnerabilities:
Holy crap, perhaps these CPU flaws are more serious than I thought? I will try to look for more information about this.
That article puts things in perspective.
I'm running Firefox, so this one won't hurt me (for now), I guess.
I must admit, I'm vulnerable to Spectre and Meltdown attacks, because I've turned off the mitigations in /etc/default/grub:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
I don't like the performance hit on my old Haswell processor.
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
Besides, site isolation (=Fission) is now enabled in Firefox as well, not only in Chrome as the article suggests.
Are different tabs belonging to the same site also isolated from each other?