LandzDown Forum

Software & More => Web News => Topic started by: Frands on January 03, 2018, 03:37:00 PM

Title: Major flaw in millions of Intel chips -- (Spectre & Meltdown)
Post by: Frands on January 03, 2018, 03:37:00 PM
BBC News 3. January 2018

A serious flaw in the design of Intel's chips will require Microsoft, Linux and Apple to update operating systems for computers around the world.
Intel has not yet released the full details of the vulnerability, but it is believed to affect chips in millions of computers from the last decade.
The UK's National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.
Some experts said a software fix could slow down computers.
"We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms," the NCSC said in a statement.


Full story: http://www.bbc.com/news/technology-42553818 (http://www.bbc.com/news/technology-42553818)

_______
Title: Re: Major flaw in millions of Intel chips
Post by: Aaron Hulett on January 03, 2018, 04:59:48 PM
The long-term yucky part:

"The effects of the updates to Linux and Windows could incur a performance slowdown of between five and 30 percent, experts said."

The impact to both Intel as a brand and machines running affected chips is going to be interesting to say the least. At some point we'll need a list of impacted chips and a way to know if the chip/system we own and/or we're about to buy isn't impacted by this (both the chip, and the OS being smart enough to not implement the fix on a system running a chip not affected by this).

Happy New Year! :P
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 03, 2018, 06:24:24 PM
Windows Insiders with Build 17035 already have the fix.  My desktop running the builds is so old, I haven't really noticed a change in performance.  I make a point of using Microsoft Edge on it and it hasn't seemed slowerl.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 03, 2018, 06:59:39 PM
Intel Responds to Security Research Findings (https://newsroom.intel.com/news/intel-responds-to-security-research-findings/)

Quote
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 03, 2018, 07:00:50 PM
Intel says ‘design flaw’ report is inaccurate: https://www.marketwatch.com/story/intel-stock-headed-for-worst-day-in-more-than-a-year-amd-pops-on-chip-design-flaw-report-2018-01-03

Quote
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel said in a statement. “Based on the analysis to date, many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits.”

The company continued: “Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industrywide approach to resolve this issue promptly and constructively.”

Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 03, 2018, 07:54:00 PM
Microsoft issues emergency Windows update for processor security bugs - The Verge (https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix)
Quote
Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft’s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 4PM ET / 1PM PT today.

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

Just checked and no updates here, Windows 10, 64bit, Version 1709.
Title: Re: Major flaw in millions of Intel chips
Post by: Aaron Hulett on January 03, 2018, 08:18:43 PM
"While Microsoft is quickly addressing the issues, the fixes will also rely on firmware updates from Intel, AMD, or other vendors that are rolling out."

Oh? So I need the patch and something else? Hope that also comes down through WU.
Title: Re: Major flaw in millions of Intel chips
Post by: Frands on January 04, 2018, 06:53:01 AM
A bit more related to the story:

https://www.nytimes.com/2018/01/03/business/computer-flaws.html?_r=0 (https://www.nytimes.com/2018/01/03/business/computer-flaws.html?_r=0)

https://meltdownattack.com/ (https://meltdownattack.com/)

Gavin Sheridan (@gavinsblog) https://twitter.com/gavinsblog/status/948717538413867008?ref_src=twsrc%5Etfw (https://twitter.com/gavinsblog/status/948717538413867008?ref_src=twsrc%5Etfw)
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 04, 2018, 12:09:05 PM
Information about the Microsoft Out-of-Band security update posted here (https://www.landzdown.com/security-alerts-briefings/microsoft-out-of-band-security-update-for-%27meltdown%27-and-%27spectre%27-cpu-flaws/).
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 04, 2018, 03:42:43 PM
Table showing the latest from the Meltdown AV spreadsheet tracker:  CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility (https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true)https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 04, 2018, 05:12:01 PM
From Meltdown Mitigation - Malwarebytes Endpoint Protection - Malwarebytes Forums (https://forums.malwarebytes.com/topic/217734-meltdown-mitigation/?tab=comments#comment-1196663):
Quote
For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 04, 2018, 06:12:09 PM
“Meltdown” affects chips made by Intel. “Spectre” affects nearly all mid-range and high-end processors, including those found in smartphones.
Title: Re: Major flaw in millions of Intel chips
Post by: techie on January 04, 2018, 09:47:19 PM
Some good reading are located here:

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

https://meltdownattack.com/#faq-fix

"Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6" 

IOS is questionable and of course the Apple iPhones that were 32-bit will probably never get a fix.


Title: Re: Major flaw in millions of Intel chips
Post by: plodr on January 05, 2018, 12:44:17 PM
Quote
even if you have a phone that’s vulnerable, Google notes that “exploitation has been shown to be difficult and limited on the majority of Android devices.”
Quote
an attacker would need access to your unlocked phone as Spectre is unlikely to be implemented or triggered remotely.
Source: https://www.pcworld.com/article/3245790/mobile/spectre-cpu-faq-phones-tablets-ios-android.html

So people with older android phones that don't get a patch, don't need to panic.
Title: Re: Major flaw in millions of Intel chips
Post by: pastywhitegurl on January 05, 2018, 03:26:08 PM
From what I'm reading, Intel hasn't released it's patches yet  (scheduled for next week sometime)

So even though a patch was installed for Windows10 this week, we are not fully protected yet, is that right?
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 05, 2018, 04:16:46 PM
Guide to who's done what so far: https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 08, 2018, 06:16:47 PM
Apple has also released security updates -- some in December, others today:  Apple Releases Security Updates for Spectre CPU Flaw (https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-spectre-cpu-flaw/)
Title: Re: Major flaw in millions of Intel chips
Post by: satrow on January 08, 2018, 06:28:24 PM
Nvidia have also been moved to publish fixes, new driver packs for their GPUs are out already, Variant #2 looks like the main vuln. for them: http://nvidia.custhelp.com/app/answers/detail/a_id/4611
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 10, 2018, 12:15:37 PM
Microsoft reveals how Spectre updates can slow your PC down

https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 11, 2018, 12:40:25 PM
At the bottom of Protect your Windows devices against Spectre and Meltdown - Windows Help (https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown) is a list of OEM /Server device manufacturers to check with your device manufacturer for firmware updates.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 01:21:09 PM
Be advised that Lenovo has had to "pull" several of the CPU/BIOS/microcode updates, after problems were encountered.  So perhaps rushing to install these as soon as available may not be the best strategy... let someone else be the "guinea pig" for a week (or two).

The following was copied/pasted from https://support.lenovo.com/us/en/solutions/len-18282 :

Withdrawn CPU Microcode Updates: Intel provides to Lenovo the CPU microcode updates required to address [Spectre] Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. Intel recently notified Lenovo of quality issues in two of these microcode updates. These are marked in the product tables with “Earlier update X withdrawn by Intel” and a footnote reference to one of the following:

*1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.

*2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 11, 2018, 02:15:10 PM
This truly is a nightmare!

Adding:  Meltdown and Spectre fallout: patching problems persist - Malwarebytes Labs | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/exploits/2018/01/meltdown-and-spectre-fallout-patching-problems-persist/)
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 11, 2018, 04:04:30 PM
Don't want to use the Microsoft PowerShell cmdlet to find out if your device is affected by the Meltdown/Spectre CPU vulnerabilities?  Ashampoo has released the "Ashampoo Spectre Meltdown CPU Checker" tool.  Information at Ashampoo Spectre Meltdown CPU Checker (https://cloudblogs.microsoft.com/microsoftsecure/).

Edit Note:  Corrected the link to TheWindowsClub article.
Title: Re: Major flaw in millions of Intel chips
Post by: Pete! on January 11, 2018, 04:21:38 PM
Yesterday, the McAfee security suite, provided by my ISP, had two "Software Updates".
Afterwards, I was able to get the Windows 10 January cumulative update.

However, the "Ashampoo Spectre Meltdown CPU Checker" tool tells me that although I'm safe from Meltdown, I'm still vulnerable to Spectre.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 04:54:49 PM
Meltdown is mitigated by the January Microsoft Windows Updates (on 64-bit systems; but NOT on 32-bit systems).
However, Spectre requires the CPU/firmware (BIOS/UEFI) update from your PC's manufacturer!
Title: Re: Major flaw in millions of Intel chips
Post by: Aaron Hulett on January 11, 2018, 05:00:51 PM
Information at Ashampoo Spectre Meltdown CPU Checker (http://thewindowsclub.thewindowsclubco.netdna-cdn.com/wp-content/uploads/2018/01/Ashampoo-Spectre-Meltdown-CPU-Checker.png).
Link is to a static image.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 05:03:38 PM
Try https://www.ashampoo.com/en/usd/lpa/spectre-meltdown-cpu-checker
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 11, 2018, 05:40:57 PM
That link works ...

Interesting that this laptop is 'safe' from both, even though the BIOS hasn't been updated.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 11, 2018, 05:42:16 PM
Information at Ashampoo Spectre Meltdown CPU Checker (http://thewindowsclub.thewindowsclubco.netdna-cdn.com/wp-content/uploads/2018/01/Ashampoo-Spectre-Meltdown-CPU-Checker.png).
Link is to a static image.
Thanks, Aaron & ky331.  I corrected the link above to The Windows Club article.  http://www.thewindowsclub.com/ashampoo-spectre-meltdown-cpu-checker
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 06:05:08 PM
Winchester:   Can you confirm the Ashampoo-tool results via the PowerShell Script, or by running SpecuCheck (from a Command/DOS prompt)?

Here's what I'm seeing on a Win7x64 system:

[Meltdown=CVE-2017-5754:  Rogue Data Cache Load;
 Spectre   =CVE-2017-5715:  Branch Target Injection ]
Title: Re: Major flaw in millions of Intel chips
Post by: Pete! on January 11, 2018, 06:22:05 PM
Meltdown is mitigated by the January Microsoft Windows Updates (on 64-bit systems; but NOT on 32-bit systems).
However, Spectre requires the CPU/firmware (BIOS/UEFI) update from your PC's manufacturer!
Updated UEFI:... still vulnerable to Spectre.
I wasn't expecting much, I was going from a 2013 version, to a 2014 version, (long before this was on anyone's radar).
Unless Dell is going to throw us all under the bus, they still have some work to do.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 06:24:56 PM
Yes, it'll have to be a brand-new 2018 BIOS update, that addresses Meltdown/Spectre.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 11, 2018, 08:08:03 PM
Winchester:   Can you confirm the Ashampoo-tool results via the PowerShell Script, or by running SpecuCheck (from a Command/DOS prompt)?


This is a ThinkPad T440s.  A new Lenovo BIOS has not been offered.

SpecuCheck attached:
Title: Re: Major flaw in millions of Intel chips
Post by: Aaron Hulett on January 11, 2018, 08:46:42 PM
Microsoft hasn't offered me the OS patch yet. I've gone and grabbed it myself and am manually installing it.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 08:50:30 PM
Not sure what to make of this... it's certainly reporting that your current CPU microcode is supporting Branch Prediction Mitigations... yet you say there was no BIOS update ????

For what it's worth, Lenovo HAS released a new BIOS update for the T440s, sometime between 12/18/17 and 1/4/18, version GJET96WW (2.46).   Can you check your BIOS to see what version you have?
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 11, 2018, 09:18:17 PM
I downloaded that BIOS last month ...

https://pcsupport.lenovo.com/us/en/downloads/ds035965

I mis-read your earlier Lenovo post, thought there was another BIOS update that had come out and was pulled.   ???
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 09:30:46 PM
Lenovo pulled SOME --- but not ALL --- of their recently released BIOS updates.   Apparently your T440s update was "safe", and not pulled.   So you indeed have the newest, safe BIOS update which protects you from Spectre.

The update for my Lenovo is not expected to become available until February.   I have no idea on the ETA for any of my other systems (HP/DeLL).
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 11, 2018, 09:40:13 PM
That leads to an interesting question. ThinkPads are easy to update using their included utility. What about IdeaPads, Yogas, and other systems that don’t have such an easy way to update. How will folks with those know there is a firmware update, let alone where to go and how to install it?
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 11, 2018, 09:51:34 PM
Lenovo has prepared an informative site for the Meltdown/Spectre vulnerabilities:
https://support.lenovo.com/us/en/solutions/len-18282

By scrolling down, and clicking on the appropriate system (e.g., ThinkPad), the user should be able to find out about the availablity of an appropriate patch for their particular model.

[On a weird note, that page displays correctly on some of my computers, but has its data suppressed on others... I'm still trying to figure out why... presumably some security setting/program toggled too-high.]
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 11, 2018, 09:55:52 PM
The Spectre Meltdown CPU checker shows protected for Meltdown but need BIOS update for Spectre. 

Power Shell results have the same result:

Quote
Speculation control settings for CVE-2017-5715 [branch target injection]

"Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True"

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.



Only only one problem with that.  HP doesn't have an update for my old system HP HDX X18-1099UX Premium Notebook PC (https://support.hp.com/us-en/product/hp-hdx-x18-1000-premium-notebook-pc-series/3769212/model/3841493/more-options).  In fact, it doesn't even have software/drivers for Windows  8 or Windows 10 -- only for Vista (the original OS) and Windows 7.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 11, 2018, 10:44:50 PM

By scrolling down, and clicking on the appropriate system (e.g., ThinkPad), the user should be able to find out about the availablity of an appropriate patch for their particular model.

That’s all well and good for someone like you or me who is diligent about updates, patches, etc ... what about the masses out there who aren’t paying attention, don’t care, assume all is well, just want to turn the computer on and use it, aren’t tech savvy, etc?
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 12, 2018, 12:36:23 PM
Intel admits security patches have bugs that cause surprise reboots
https://www.bizjournals.com/sanjose/news/2018/01/12/intel-meltdown-spectre-patches-reboot-flaw-amd.html

Santa Clara-based Intel Corp. is quietly urging its biggest data center customers to hold off on installing the company’s latest security patches for the Spectre and Meltdown chip flaws, because the patches have bugs that could cause unexpected system reboots, The Wall Street Journal reports.

In a public post Thursday, Intel executive Navin Shenoy confirmed the issue, saying “a few customers” running Intel’s older Broadwell and Haswell chips had experienced higher-than-normal system reboots.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 12, 2018, 01:04:47 PM
Funny you mention that, I've had 2 BSOD (at least that I've noticed, who knows what happens when I'm not sitting at the laptop) in the past few days.

SYSTEM_SERVICE_EXCEPTION Win32kbase.sys

DRIVER_IRQL_NOT_LESS_OR_EQUAL netwbw02.sys

(Side note ... I wish there was a way to turn off the annoying sound made while the 'report' is being generated)
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 12, 2018, 05:51:49 PM
Via Twitter, https://twitter.com/Garyw_/status/951903598258028545:

Quote
Dell also pulled their meltdown and spectre patches for their 13th gen servers. They were up for about 24 hours - no word as to why but I think that various patches are causing major issues.
Title: Re: Major flaw in millions of Intel chips
Post by: techie on January 12, 2018, 08:15:37 PM
There patching a hardware design flaw with a software patch. Why am I not surprised there having issues? This is a feeble attempt, to try and limit liability.

What are the results so far?

1) Processors that not longer function at there advertised speed.
2) System crashes.
3) Millions, if not Billions of servers and systems with a major security issue.


Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 13, 2018, 10:54:40 PM
Intel Security Issue Update: Addressing Reboot Issues (https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/)
Quote
We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.  We are also working directly with data center customers to discuss the issue.

End-users should continue to apply updates recommended by their system and operating system providers.
Title: Re: Major flaw in millions of Intel chips
Post by: satrow on January 14, 2018, 07:23:06 AM
Is that longhand for: "We're trying to fix broken corporate computers so End-users please continue to test the buggy patches for us."?
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 15, 2018, 12:33:48 PM
List of Links: BIOS Updates for the Meltdown and Spectre Patches (https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/):
Quote
As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs.

While not all vendors have patches available for vulnerable products right away, most have promised updates in the following months.

Bleeping Computer will be updating the list as more information becomes available.

Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 15, 2018, 12:47:06 PM
Lenovo pulled SOME --- but not ALL --- of their recently released BIOS updates.   Apparently your T440s update was "safe", and not pulled.   So you indeed have the newest, safe BIOS update which protects you from Spectre.

... and now it's been withdrawn: https://support.lenovo.com/us/en/solutions/len-18282

I wonder if it is worth trying to roll back the BIOS to 2.44.1.13, the 'new' update is targeted for the end of March.  I may lose my sanity by then if the BSODs continue another two months  :(
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 15, 2018, 02:40:33 PM
UNCLE   :o

Just got a BSOD: SYSTEM_SERVICE_EXCEPTION fltmgr.sys

Went into the BIOS setup menu, disabled Secure Rollback Prevention, downgraded to 2.44 ... hopefully that will stop the madness.


---------------------------------------------------------------------------------------------------

Edit:  Even though 2.46 was pulled, System Update just now shows it as a critical update

NO, I'm not going to run it and see if it actually installs   ;)
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 15, 2018, 04:19:42 PM
Someone brighter than me will have to explain why this system is 'protected' even though I downgraded the BIOS:

Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 16, 2018, 11:48:42 AM
Included in CPU vulnerabilities exploited by Meltdown and Spectre (https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/) and updated as additional information becomes available are 210 vendor security advisories; computer emergency, incident, and security response team reports issued from around the world and more  by Aryeh Goretsky.
Title: Re: Major flaw in millions of Intel chips
Post by: plodr on January 16, 2018, 12:00:47 PM
FINALLY, a small, no install tool I can run from Steve Gibson.
https://www.grc.com/inspectre.htm
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 16, 2018, 12:16:56 PM
For what it's worth, McAfee Endpoint Security (at work) is intercepting Steve Gibson's InSpecture, alleging it is Trojan Artemis... so I can't test it here.

(I take for granted this is a false-positive.)
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 16, 2018, 12:28:54 PM
Strange.  Windows Defender Smart Screen labeled it as unsafe on my desktop but not on my laptop.

Edit note:  Need more coffee.  I was using Microsoft Edge on the desktop.  No problem with Pale Moon.
Title: Re: Major flaw in millions of Intel chips
Post by: winchester73 on January 16, 2018, 12:44:45 PM
No problem with Firefox, saved to desktop and ran it from there.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 16, 2018, 01:00:06 PM
Not surprised about SmartScreen (in IE/Edge)... it's notorious for intercepting new/"unknown" programs.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 16, 2018, 01:14:13 PM
So, my question is this:  Since I have two very, very old Intel processors that HP is not likely to provide updates for but both devices are NOT vulnerable to Meltdown but are vulnerable to Spectre, why would I want to disable Meltdown protection via Gibson's tool?  Sure, improved performance (although not much for these old devices) but at the cost of security?   
Title: Re: Major flaw in millions of Intel chips
Post by: MikeW on January 16, 2018, 01:21:18 PM
So, my question is this:  Since I have two very, very old Intel processors that HP is not likely to provide updates for but both devices are NOT vulnerable to Meltdown but are vulnerable to Spectre, why would I want to disable Meltdown protection via Gibson's tool?  Sure, improved performance (although not much for these old devices) but at the cost of security?   

I got a similar report, saying performance was impacted and I should disable protection.  I have not seen any performance degradation. Will leave it as is. With a question mark over this tools worth.
Title: Re: Major flaw in millions of Intel chips
Post by: Pete! on January 16, 2018, 01:29:06 PM
I didn't get the impression that I was being told to disable protection, but that I was being given the option.

For instance, a high end gamer might be willing to take a chance to get back some speed  that I didn't even notice was lost.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 16, 2018, 01:31:16 PM
Correct, Pete, not being told to disable but provided that option -- an option that people may take merely because it is provided by the well-known Steve Gibson's tool!
Title: Re: Major flaw in millions of Intel chips
Post by: techie on January 16, 2018, 01:39:33 PM
No problem with Firefox, saved to desktop and ran it from there.

The same here, no problems with  Firefox and defender.

I wouldn't use the disable function. My primary system is a AMD CPU, one less thing to worry about, but I have a few Intel systems to patch.

I guess the younger generation is going to have to learn how to use a pen and paper :o

Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 16, 2018, 08:44:26 PM
InSpectre is giving me conflicting information:

This system's Intel processor does NOT provide high-performance protection from the Meltdown vulnerability...

This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties.


(Either way, there's agreement that performance is slower, but for contradictory reasons... so which is it???)
Title: Re: Major flaw in millions of Intel chips
Post by: satrow on January 16, 2018, 09:02:35 PM
InSpectre is giving me conflicting information:
...
(Either way, there's agreement that performance is slower, but for contradictory reasons... so which is it???)

Some minor modifications:
Quote
This system's Intel processor ISN'T providING high-performance protection from the Meltdown vulnerability...

This system's Intel processor could provide high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties.
and the statement makes a lot more sense (though whether either is accurate is anyone's guess... ).

I'm sure that benchmarks weren't done, so "potential/ly" needs adding to the performance statement.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 17, 2018, 12:17:51 PM
InSpectre Release History

    Release #1 — Initial release:
    The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

    Release #2 — Second try:
    This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares.


===========================================

Reviews of InSpectre

Martin Brinkmann:   https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/

Woody Leonhard:  https://www.computerworld.com/article/3248730/microsoft-windows/inspectre-see-whether-your-pcs-protected-from-meltdown-and-spectre.html
Title: Re: Major flaw in millions of Intel chips
Post by: MikeW on January 17, 2018, 01:40:39 PM
I know that Intel and or Asus are unlikely to offer anything for my older processor. However, I was not convinced that this program was correct re performance. So I reran a performance check after applying MS update and compared with one before. No change. I have not perceived  any performance hits even with my high end photo editing software.
Title: Re: Major flaw in millions of Intel chips
Post by: satrow on January 17, 2018, 01:54:48 PM
Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.
Title: Re: Major flaw in millions of Intel chips
Post by: MikeW on January 17, 2018, 03:38:18 PM
Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.


Agreed, so, is this reporting tool misleading? I think so.
Title: Re: Major flaw in millions of Intel chips
Post by: Aaron Hulett on January 17, 2018, 09:18:26 PM
Strange.  Windows Defender Smart Screen labeled it as unsafe on my desktop but not on my laptop.

Edit note:  Need more coffee.  I was using Microsoft Edge on the desktop.  No problem with Pale Moon.
Same thing, but Firefox rather than Pale Moon.

Not surprised about SmartScreen (in IE/Edge)... it's notorious for intercepting new/"unknown" programs.
And I had two different experiences - the first wouldn't let me override and download it (no option provided at all). Attempted download again and a different experience allowing me to override, followed by Windows Defender picking it off as unsafe during its check (Edge calling WD for a "security scan"). Suppose these are great experiences if the file is truly malware; crazy experiences if it's not.

Solving it through the purchase of a bunch of ESET licenses.

InSpectre Release History

    Release #1 — Initial release:
    The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

    Release #2 — Second try:
    This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares.

Wonder which AV programs those were. If they picked it up before, and don't pick it up now that the registry key use is "hid[den]", sounds like an AV fail. You'd think/hope the AV would see through the "hides" part.

Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.
I mine cryptocurrency, but I don't have a fix yet for those systems to see if there's a major hit or not.
Title: Re: Major flaw in millions of Intel chips
Post by: satrow on January 17, 2018, 10:32:13 PM
Agreed, so, is this reporting tool misleading? I think so.

I don't think the info is fully fleshed out yet, priority looks like it's being given to research and tweak the tool.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 18, 2018, 04:05:59 PM
Two more releases of InSpectre:

Release #3 — Raw Technical Data Display:
InSpectre's more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine's CPU support. As shown [see attached image], InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector's analysis of its operating environment.

Release #4 — Silent System Probe Option:
When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed. The application will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes eight “trouble bits” itemizing trouble. Therefore, an exitcode of zero (0) is returned only by a fully secure system.

Decimal
Value   Trouble Itemization
1         OS is not aware of the Meltdown vulnerability
2         OS is not aware of the Spectre vulnerability
4         The system is vulnerable to Meltdown
8         The system is vulnerable to Spectre
16        CPU does not support Spectre (microcode not updated)
32        CPU does not support low-overhead Meltdown protection
64        Meltdown protection disabled by registry setting
128      Spectre protection disabled by registry setting
The table above can be used to decompose InSpectre's probe-mode exitcode to itemize the system's trouble.
Title: Re: Major flaw in millions of Intel chips
Post by: ky331 on January 21, 2018, 10:43:21 AM
 

https://blog.qualys.com/news/2018/01/18/meltdown-and-spectre-arent-business-as-usual

I'm going to highlight a few passages from the above article:

Meltdown:

Since hackers need to gain a foothold in systems before they can exploit Meltdown, it’s likely it will be part of “chained attacks,” which involve exploiting two or more vulnerabilities in sequence...

Meltdown can be extensively mitigated using KPTI (Kernel Page Table Isolation) via the OS patches provided by Microsoft, Apple and Linux OS vendors.


---------------------------------------------------

Spectre:

successfully exploiting Spectre is “very difficult” because attackers must have detailed knowledge of the victim process, meaning they’d have to know specifically which process they’re going to target...

The most likely exploit scenario in the short term for Spectre is a JavaScript type of attack, where JavaScript escapes its sandbox, and accesses forbidden memory from the browser process, allowing attackers to access to cookies and session keys...

For Spectre, patches are available via software updates for OSes and apps, and via processor microcode. Right now, the priority should be closing the JavaScript attack vector by patching browsers.

Even if you don’t have the microcode updates to more completely mitigate Spectre, the browser vendors have made some changes that make it more difficult to exploit Spectre by removing things that a JavaScript attack would need, such as very precise timers ” .
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 22, 2018, 08:55:24 PM
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners (https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/):

Quote
As we start the week, I want to provide an update on the reboot issues we reported Jan. 11 (https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/). We  have now identified the root cause for Broadwell and Haswell platforms,  and made good progress in developing a solution to address it. Over the  weekend, we began rolling out an early version of the updated solution  to industry partners for testing, and we will make a final release  available once that testing has been completed.

Based on this, we are updating our guidance for customers and partners:
  • We recommend that OEMs, cloud service providers, system  manufacturers, software vendors and end users stop deployment of current  versions, as they may introduce higher than expected reboots and other  unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr).
  • We ask that our industry partners focus efforts on testing early  versions of the updated solution so we can accelerate its release. We  expect to share more details on timing later this week.
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on January 23, 2018, 08:53:52 PM
For anyone using an older Mac OS:  Apple issues Meltdown and Spectre fixes for older Mac operating systems (http://appleinsider.com/articles/18/01/23/apple-issues-meltdown-and-spectre-fixes-for-older-mac-operating-systems)
Title: Re: Major flaw in millions of Intel chips
Post by: techie on January 23, 2018, 09:37:13 PM
We are constantly talking about computer systems, but the most used devices older cellphones are going to be hung out to dry.

Anything older than, a iPhone 5S. That means the the 5 and 5C users and anything before isn't secure.

I love the android most useless fragmented software ever released and usually not supported. They put it on manufactures and providers to fix most problems, which usually never happens.

"As for Android, Google claims that the latest version of its software is safe from Spectre, but if your device is too old to get the update you’re basically on your own."

https://lifehacker.com/whats-going-on-with-the-spectre-and-meltdown-patches-1822128503

Google will definitely hang you out to dry. Only the latest version!!!



Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on February 01, 2018, 10:19:31 AM
Let's hope the researchers are wrong:  We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities (https://www.bleepingcomputer.com/news/security/we-may-soon-see-malware-leveraging-the-meltdown-and-spectre-vulnerabilities/).
Quote
Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities.

According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.

Researchers from AV-TEST have detected 119 malware samples that are related to the aforementioned CPU vulnerabilities.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on February 08, 2018, 11:00:33 AM
Intel releases new Spectre microcode update for Skylake; other chips remain in beta | Ars Technica (https://arstechnica.com/gadgets/2018/02/intel-releases-new-spectre-microcode-update-for-skylake-other-chips-remain-in-beta/):
Quote
After recommending customers not use its microcode fix for Broadwell and Haswell chips, Intel has issued a new microcode update for Skylake processors that gives operating systems the ability to protect against the Spectre flaw revealed earlier this year.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on February 21, 2018, 06:43:38 PM
Intel hurls Spectre 2 microcode patch fix at world • The Register (https://www.theregister.co.uk/2018/02/21/intel_spectre_2_microcode_patch/)
Quote
“We have now released production microcode updates to our OEM customers and partners,” said Navin Shenoy, veep and GM for mobile client platforms at Intel. “The microcode will be made available in most cases through OEM firmware updates”.

Intel said the firmware is in beta mode for Sandy Bridge, Ivy Bridge, Haswell and Broadwell. The microcode patch update schedules for the chips are here (https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf).
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on February 23, 2018, 02:50:05 PM
The beat goes on, AMD now facing class action suits over Spectre vulnerability of CPUs - Neowin (https://www.neowin.net/news/amd-now-facing-class-action-suits-over-spectre-vulnerability-of-cpus)
Quote
The consumer backlash over the Spectre and Meltdown vulnerabilities has been strong, with Intel seeing the bulk of the wrath in the form of more than 30 class action suits. AMD is also coming under the legal microscope as well, now facing four class-action suits of its own.
Title: Re: Major flaw in millions of Intel chips
Post by: Paddy on February 27, 2018, 07:18:11 AM
Intel did not inform US before chip flaws were made public

http://www.bbc.co.uk/news/technology-43196923


Paddy..
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on March 02, 2018, 12:23:48 AM
Update on Spectre and Meltdown security updates for Windows devices - Windows Experience BlogWindows Experience Blog (https://blogs.windows.com/windowsexperience/2018/03/01/update-on-spectre-and-meltdown-security-updates-for-windows-devices/#.WpikZgRaaLo.twitter)

See the referenced article for "Additional steps being taken to address Spectre and Meltdown vulnerabilities" and "Antivirus (AV) Software Compatibility".

Also see KB4090007,  Intel microcode updates (https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates)
Title: Re: Major flaw in millions of Intel chips
Post by: techie on March 02, 2018, 11:56:23 AM
Honestly, this threat is compounded because it was thrown out there. This should have never been made public, until it was validated and completely patched.

I mean it could have been years before hackers or illegitimate players even figured this out. Look how many years this went without being discovered. There fully aware of what it is now and exploit it, yeah I bet it will be.

Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on March 14, 2018, 04:23:05 PM
From March 2018 Windows security update – Expanding our efforts to protect customers - Windows Experience BlogWindows Experience Blog (https://blogs.windows.com/windowsexperience/2018/03/13/march-2018-windows-security-update-expanding-our-efforts-to-protect-customers/):

Quote
Earlier this month I shared news on Microsoft’s continuing efforts to help protect our customers against the Spectre and Meltdown hardware-based vulnerabilities. Today, we are announcing the expansion of devices covered by Windows security updates by removing the anti-virus compatibility check for Windows 10 devices, expanding the availability of Intel microcode updates in the Microsoft Catalog, and adding coverage for x86 editions of Windows 71 and Windows 8.1.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on April 11, 2018, 01:30:12 PM
Microsoft Removes Antivirus Registry Key Check for All Windows Versions (https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-antivirus-registry-key-check-for-all-windows-versions/):
Quote
The OS maker removed the registry key check for Windows 10 computers last month, in March, and has announced yesterday that the key is no longer necessary for the other Windows operating system versions —7, 8, 8.1, Server 2008, and Windows Server 2012.
Title: Re: Major flaw in millions of Intel chips
Post by: Pete! on April 20, 2018, 04:01:56 PM
I don't know if it's related but "Dell Support Assist" just updated the BIOS on a five year old Inspiron One 2020.

It's actually the first time "Support Assist" actually did anything besides making me wonder if it was necessary.
Title: Re: Major flaw in millions of Intel chips
Post by: Pete! on May 03, 2018, 11:50:17 AM
I don't know if it's related but "Dell Support Assist" just updated the BIOS on a five year old Inspiron One 2020.

It's actually the first time "Support Assist" actually did anything besides making me wonder if it was necessary.
I've been noticing slightly slower performance, so I ran InSpectre again. I'm no longer "vulnerable" but paying a small price.

For the way I use this machine, it's not crippling. YMMV
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on May 18, 2018, 08:20:23 PM
New Spectre Attack Recovers Data From a CPU's Protected SMM Mode (https://www.bleepingcomputer.com/news/security/new-spectre-attack-recovers-data-from-a-cpus-protected-smm-mode/)

Fortunately:
Quote
Original Spectre patches will protect users

While their experimental attack was crafted to work around the Spectre variant 1 vulnerability, researchers said that using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.

Researchers said they've notified Intel of their new Spectre attack variation in March. Intel says that the original patches for the Spectre variant 1 and variant 2 should be enough to block the attack chain discovered by the Eclypsium team.
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on May 21, 2018, 09:42:38 PM
Google and Microsoft Reveal New Spectre Attack (https://www.bleepingcomputer.com/news/security/google-and-microsoft-reveal-new-spectre-attack/)

Quote
Intel and AMD x86 chipsets, along with POWER 8, POWER 9, System z, and ARM CPUs are known to be affected. Intel has published a detailed list of affected CPU series in a security advisory.

Variant 4 can be exploited remotely, via the browser. Microsoft said it did not detect any exploitation attempts, though.

Also see the security advisories:

Intel:  INTEL-SA-00115 (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html)
Microsoft:  ADV180012 | Microsoft Guidance for Speculative Store Bypass (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012)
RedHat: CVE-2018-3639 - Red Hat Customer Portal (https://access.redhat.com/security/cve/cve-2018-3639)
Title: Re: Major flaw in millions of Intel chips
Post by: Corrine on June 24, 2018, 01:15:47 PM
As if we haven't seen enough about Meltdown/Spectre, now this:

Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless (https://www.bleepingcomputer.com/news/security/changes-in-webassembly-could-render-meltdown-and-spectre-browser-patches-useless/)
Title: Spectre 1.1 and Spectre 1.2 CPU Flaws
Post by: Corrine on July 11, 2018, 12:21:37 PM
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed (https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/)

Quote
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2.

Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

According to the article, no patches are available for either bugs and Microsoft, Oracle, and Red Hat are still investigating whether it affects data handled by their products.
Title: Re: Major flaw in millions of Intel chips -- (Spectre & Meltdown)
Post by: Corrine on August 14, 2018, 06:29:07 PM
Quote
Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.

All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

Note:  Only Intel CPUs are affected.  See Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs (https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/) for additional information.
Title: Re: Major flaw in millions of Intel chips -- (Spectre & Meltdown)
Post by: Corrine on August 25, 2018, 12:38:29 AM
From Microsoft Security Advisory Notification:

Quote
Microsoft is announcing the availability of
   Intel-validated microcode updates for Windows 10 operating
   systems. Please see Microsoft Knowledge Base Article 4093836
   (https://support.microsoft.com/en-us/help/4093836) for the
   current Intel microcode updates.
 - Originally posted: August 14, 2018
 - Updated: August 24, 2018
 - Version: 2.0