'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,410
    Location:
    U.S.A.
    I will also add that browsers are not the only entity vulnerability to JavaScript attacks. Any software that can use it internally is also vulnerable. Case in point is Abobe Reader and the like. So you also might want to disable JavaScript in AR which is enabled by default. Obviously, this only is applicable if opening a .pdf outside of protected mode which also BTW is not enabled by default.
     
  2. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    433
    All your whitelist are belong to us!
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    I still have the feeling that this threat is over-hyped. You basically need to run malicious apps or visit a malicious site. The question is what type of data this malicious site could steal from memory. I bet it ain't this easy. But of course, I will still try to patch it.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,983
    Gigabyte motherboard here too (computer build by a shop about 3,5 years ago):
    I doubt very much that Gigabyte still support it, I don't think it does....
    It is awhile back that I looked at their site.
     
    Last edited: Jan 6, 2018
  5. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    In the case where the CPU and architecture is not very old (< 4 years) and Intel provides a microcode fix, but the PC manufacturer doesn't release a new bios, could microcode be patched into the OS kernel at boot time?
    I know you can do this in Linux, but could MS provide a route to doing this in Windows as well?

    Anyone know if this might be possible.

    I read this article.

    http://www.linux-mag.com/id/723/

    and this

    http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/
     
    Last edited: Jan 6, 2018
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,499
    Location:
    Slovenia
    For regular users it might be over-hyped, at least until there is POC released and this method starts being used by malware.
    For Amazon, Google and other cloud service providers this problem is potentially huge, since an app in one VM can read data from memory of another VM...
    So right now the problem is not that big, but in future it could become huge if not properly mitigated.
     
  7. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    I agree with you 100%.

    It is not just those of us who have built our own systems, it also applies to those who bought OEM systems.

    OEMs have their 18 month support period. There will never ever be firmware updates offered for systems that are beyond a certain OEM/Intel preset limit. Spectre will stalk every CPU ever produced - oh! except for the new stuff yet to come.

    I question whether the average user will even be aware that a firmware update is available. Most do not know how to implement a firmware update and will probably ignore it if they see it. Firmware updates are still considered risky. The user assumes all the liability.

    It is hollow advise from security experts, Microsoft/Apple and the component manufacturers.
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    @itman - I'd strongly recommend NOT running Adobe Reader at all (it's had a large number of problems, and that includes running any active content), and running open source pdf readers, preferably in a sandbox which prevents outbound internet access.

    @Rasheed187 - I don't think overhyped is quite the right word, because this compromises virtualisation, and we've by no means seen the full menagerie of exploits that may be possible with these and similar techniques. We have no defences against some of them either. As far as browsers and javascript's concerned, running malicious apps or visiting a malicious site is done semi-automatically by allowing uncontrolled ads - which seems to be the business model of the internet, and this has to change.

    I'm well confused on the microcode update aspect. Both Windows and Linux can nominally load different microcode already, in which case, why does the system supplier matter? And you'd have thought Bios functionality would already be there to add microcode data? But it seems like you have to have a Bios update, which will basically never happen for some classes of mobo. Gah!
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,410
    Location:
    U.S.A.
    Flashing within Windows.:cautious:
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,499
    Location:
    Slovenia
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not sure I understand
     
  12. guest

    guest Guest

  13. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,410
    Location:
    U.S.A.
    Might be time to pause and review. There are two vulnerabilities involved, Meltdown and Spectre. A good layman's explanation of both is here: http://mashable.com/2018/01/04/spectre-meltdown-explained/#r98gpsxE7mq9

    Meltdown - can be mitigated for the most part with software patches to the OS and vulnerable app software like browsers. AMD processors are not vulnerable to Meltdown.

    Spectre - can not be fully mitigated w/o firmware changes to the BIOS and/or CPU microcode changes i.e. new CPU design changes. AMD official statement in regards to Spectre is that chances of exploitation are extremely low.

    A Spectre attack is one with a high difficulty factor. Security experts state that as such, the attacks will in all likelihood be targeted and directed toward high valued targets such as corps., govs., etc..
     
    Last edited: Jan 6, 2018
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,410
    Location:
    U.S.A.
    Are you sure this applies to non-server OS versions?

    Requirements:
     
  16. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,467
    Location:
    Member state of European Union
    https://marc.info/?l=openbsd-tech&m=151521435721902&w=2
    Mailing list: openbsd-tech
    Subject: Meltdown, aka "Dear Intel, you suck"
     
  17. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    It worked on windows 10 home 64 bit (which is later than windows server 2003)

    I just used the latest microcode for linux that intel provides when a bios update isn't available or too much hassle.
     
  18. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    Windows Update did not offer the patch on all 4 PC’s that I keep up to date, even though they all had the required registry key/value...

    What else can be blocking this patch?
     
  19. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,189
    Location:
    USA still the best. But barely.
    I now have the registry key. WU is now offering me: January 4, 2018—KB4056894 (Monthly Rollup). I'm going to call BitDefender to confirm & then I'll install it.

    Edit: Just confirmed BD compatible.
     
    Last edited: Jan 6, 2018
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    SpecuCheck v1.0.4 Released (January 5, 2018)
    Download
    SpecuCheck.png
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,493
    Location:
    Canada
    Seems like fear mongering. Assuming one has blocked ads and 3rd-party scripts, it significantly reduces the chance remaining whitelisted content will be compromised.
     
  22. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Isn't the patch only for systems with intel CPUs? What are the CPUs on your PCs?
     
  23. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    Intel.
     
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    Same here. I also have (an old) Intel chip, and I have the required registry key, but WU doesn't offer the patch here, either. Hm...

    Here are the processor specs: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80 GHz
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,654
    Location:
    Outer space
    Nvidia drivers are updated against these vulnerabilities:
    Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels

    https://nvidia.custhelp.com/app/answers/detail/a_id/4611
    More Nvidia product updates regarding Spectre/Meltdown:
    https://www.nvidia.com/en-us/product-security/


    Is it permanent CPU microcode update permanent or loaded at boot every time? For example, could one use a Linux distro installed on USB stick and boot from it on vulnerable Windows system, install the microcode update and then still be protected once booted back into Windows?

    Best information source so far! :thumb:

    From @WildByDesign's post above:
    So that decision to leave it disabled by default will probably haunt us for years to come..


    Also from the beforementioned post:
     
    Last edited: Jan 6, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.