'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,559
    Location:
    Among the gum trees
    NoScript should stop that shouldn't it? Unless an allowed domain is hijacked.
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,410
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,677
    Location:
    North Carolina, USA
    Hello,
    I may be wrong but from what information that I could find, I think you only need to add those registry keys if you are on Windows Server...
    From: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
    If you compare the two Microsoft Knowledgebase Articles listed in the two quotes above, Microsoft is only mentioning adding the registry keys (configure protections) on Windows Servers.
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,248
    Location:
    USA still the best. But barely.
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,428
    Location:
    U.S.A.
    that
    Good catch! That is what appears to be the case. As best that I can determine, the keys don't have any effect on client vers. of Win; at least for my AMD processer.
     
    Last edited: Jan 5, 2018
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,428
    Location:
    U.S.A.
    I also read in one of the multiple postings on this subject that even if you manually add the QualityCompat reg keg, the update might not install unless your AV is one supporting this Win update.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,004
    I shut down SAP and, then disabled it, so it wouldn't interfere, before I rebooted:

    Windows Update_Meltdown-Spectre_06.JPG
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Spectre still unfixed, unlike what Intel says
    Link: https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9
    By Alex Ionenscu and never_released (https://twitter.com/never_released)

    Read link for more.

    EDIT: This is great, concise information and most importantly current info. :thumb:
     
    Last edited: Jan 5, 2018
  10. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,905
    I'm still running Intel 2700K on one of my computers. Looks like I will have to put together an AMD built using the parts laying around. Darn.
     
  11. guest

    guest Guest

    Intel - AMD are in the same basket.
    Untitled.jpg
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Key thing I see is you have to allow something to run on your system before it's a problem
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,192
    The update was not shown in Windows Update, so I used the .reg file from Bleeping Computer. After that, Windows Update found the update and it installed without any issues.
     
  14. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,905
    I heard that Spectre is much more difficult to be exploited, although it's also more difficult to patch. So maybe you are right, both Intel and AMD are affected now.
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,183
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,647
    Location:
    Slovenia, EU
    Running script in browser could be enough to trigger it.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,011
    Meltdown and Spectre: Yes, your device is likely vulnerable
    https://blog.avast.com/meltdown-and-spectre-yes-your-device-is-likely-vulnerable

     
  19. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,560
    Location:
    Member state of European Union
    Browser are starting to implement mitigations, but it will take time for browser vendors to implement strong mitigations. Probably compilers (GCC, LLVM/Clang, Rust compiler, MSVC) would have been useful to mitigate these vulnerabilities, but it would mean waiting for compiler updates, then recompiling whole projects, then update browsers with recompiled binaries.
    BTW Linux kernel can update CPU microcode, so users of distributions with updated microcode don't have to wait for firmware (BIOS/UEFI) update.
    https://www.wilderssecurity.com/thr...x-windows-redesign.399338/page-7#post-2729381
     
    Last edited: Jan 6, 2018
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,495
    Location:
    Italy
    Security updates outside the patch-day also for my XP:

    Immagine.JPG
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,495
    Location:
    Italy
    Good.:thumb:
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No Script
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,428
    Location:
    U.S.A.
    I checked the Gigabyte web site yesterday. All I saw was one forum posting about this incident. For those that built their own PC like yours truly, I would say you will be waiting a long time for a non-Intel motherboard BIOS update, if one is issued at all by the manufacturer motherboard. Also forget it if the MB is no longer supported. My previous experiences with dealing with the Taiwanese manufacturers is far from supportive. Also Intel issued BIOS firmware updates in all likelihood will only work w/o issue for their manufactured motherboards.

    So all this talk about firmware updates being the ultimate solution, "rings hollow in my ears."
     
  24. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    433
    Trying to consider the positives coming out of this as an aid to deciding who gets my business for my next computer. I know 4 big companies who got money last time that won't be getting it next time. Never seen so much confusion, misinformation, incomplete instructions and lack of response. I thought Y2K was bad.
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,647
    Location:
    Slovenia, EU
    Yes that could help there. Though IMO built-in mitigations (browsers, OS...) will have better success than relying on this. Specially with majority of users that would have problem using script controls and would have to "learn how internet works" :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.