Spectre and Meltdown in a nutshell

plodr · January 05, 2018, 02:55:27 PM

Woody Leonhard pointed to this blog post which helped me understand these 2 newly discovered threats.
https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/

pastywhitegurl · January 05, 2018, 04:42:54 PM

Thanks for posting that article. I've been reading about this, but wasn't getting a good grasp on what it was all about.

The question I have about all this is that is there any real protection other than buying a new computer?

And if not, when will new computers be containing secure processor/chips?

I have to think also, that this is going to be a big boon for new computer sales. One has to wonder if part of the information release on this is calculated to increase those sales. (Call me suspcicious.)

Corrine · January 05, 2018, 08:39:35 PM

No, I do not see this a a boon for new computer sales. Software updates are being/have been released by Microsoft, A/V's, browser and Intel.

Since you use Windows Defender and Malwarebytes Pro, if you haven't received the Microsoft update, KB4056891, launch Malwarebytes and set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the Microsoft update can apply automatically.

Any firmware update by Intel will be tested and released via the OEMs and the report is that Intel will have Meltdown and Spectre patches ready for 90 percent of modern processors next week. Because Dell is updating their forums and they are read only, you won't be able to check there until the forums are live again.

pastywhitegurl · January 05, 2018, 10:18:18 PM

Quoteif you haven't received the Microsoft update, KB4056891

I received KB4056892 actually. Is that enough?

When I went to MBytes settings, I already have that "never register" option checked, but the whole section is grayed out and I couldn't have changed it anyway.

Corrine · January 05, 2018, 11:29:17 PM

That section on Malwarebytes should NOT be grayed out.

You updated Firefox to 57.0.4, right? If not, you need that update. Otherwise, there isn't anything else you can do until Dell releases an Intel firmware update, which I believe "should" happen if it is 1995 or newer.

pastywhitegurl · January 06, 2018, 03:01:08 AM

Yes, I've updated to FireFox 57.0.4 as soon as I saw why it popped up.

I just checked MBAM settings again, and I am able to change that setting now. (when I did, Defender immediately turned itself off.) I don't know what happened before. But it was set on the "never register" and is still set on that. I think you told me to do that so that MBAM would function correctly with Windows 10.

I've attached a screen shot. Now it just looks like the buttons are grayed out.

DR M · January 06, 2018, 10:07:14 AM

Quote...launch Malwarebytes and set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the Microsoft update can apply automatically.

Corrine, sorry for getting into this post, but could you please tell me if this option has to be always checked and why? Why MBAM recommends the opposite?

Quoteif you haven't received the Microsoft update, KB4056891

I also received KB4056892.

Corrine · January 06, 2018, 02:20:11 PM

No, not grayed out. You can tst it by changing the setting and then changing it back.

As to the setting, Panos, when I had it set to the recommended option, (Let Malwarebytes apply the best Windows Action settings...), Windows Defender saw MBAM as another antivirus installed and deactivated. When the security update was released for Meltdown/Spectre, Malwarebytes had not yet made the registry change so the update would not be applied unless the setting was to not register MBAM in the Windows Action Center.

KB4056891 is the update for Windows 10 Version 1703 (Creators Update), KB4056892 is for Windows 10 Version 1709 (Fall Creators Update). (Version/Build information is in Settings > System > About)

DR M · January 06, 2018, 02:29:19 PM

Quote from: Corrine on January 06, 2018, 02:20:11 PM

As to the setting, Panos, when I had it set to the recommended option, (Let Malwarebytes apply the best Windows Action settings...), Windows Defender saw MBAM as another antivirus installed and deactivated. When the security update was released for Meltdown/Spectre, Malwarebytes had not yet made the registry change so the update would not be applied unless the setting was to not register MBAM in the Windows Action Center.

OK, Corrine. Thank you. I suppose that this concerns only Windows Defender, not ESET. Right? Do I also have to change the MBAM option?

Corrine · January 06, 2018, 03:05:22 PM

Since ESET made the registry key change and you got the Microsoft security update, no need to make the change. As to the update to 1709, hasn't that been offered to you yet?

DR M · January 06, 2018, 03:18:24 PM

Quote from: Corrine on January 06, 2018, 03:05:22 PM
Since ESET made the registry key change and you got the Microsoft security update, no need to make the change. As to the update to 1709, hasn't that been offered to you yet?

Yes, I have version 1709, build 16299.192. Although I solved automatic update problems in Sysnative before, I still don't get automatically the updates concerning new versions (e.g. Creators or Fall Creators). Also sometimes I have to check for updates to let them installed. ESET warns me about them, but Windows updates center does not. So I usually wait for a month, and then manually install them (perhaps my computer is old, I don't know). I manually installed the Falls Creators Update, and also manually installed the latest update yesterday.

Please, see attachment.

Corrine · January 06, 2018, 03:30:44 PM

With 1709, you shouldn't have been offered KB4056891 since that is for 1703, unless you updated to 1709 after getting KB4056892. Is the date 05Jan2018 for the latest KB update or for 1709?

I wonder -- try making the change in Malwarebytes to not register it in the Windows Action Center and see if that makes a difference getting the Microsoft security updates. The test will be on Tuesday, 09Jan2018, when the next Microsoft security updates are due to be released (9PM UTC).

DR M · January 06, 2018, 03:33:01 PM

Quote from: Corrine on January 06, 2018, 03:30:44 PM
I wonder -- try making the change in Malwarebytes to not register it in the Windows Action Center and see if that makes a difference getting the Microsoft security updates. The test will be on Tuesday, 09Jan2018, when the next Microsoft security updates are due to be released (9PM UTC).

OK. I will be here. :)

pastywhitegurl · January 06, 2018, 04:27:30 PM

hmmm.. I double checked my update history.

I have
Version 1709 (OS Build 16299.192) So I apparently have the Fall Creators update. I looked through my update history and don't see the the other KB you listed.

And received this update on 1/4.
2018-01 Cumulative Update for Windows 10 Version 1709 for x64 based systems (KB4056892)

Oddly, my update settings had been allowing several days delay, but MS overrode that an forced the update overnight, so I thought it was this critical patch for the processor vulnerability everyone is talking about.

Do I need to manually install the KB4056891 update? (I also had a system reset for Windows Updates via Sysnative)

pastywhitegurl · January 06, 2018, 04:47:57 PM

I forgot to mention, that with the 1/4 update, my delay update installation settings were reset to immediately update. (I've reset that again.) But I thought that was odd.