Author Topic: Major flaw in millions of Intel chips -- (Spectre & Meltdown)  (Read 14776 times)

0 Members and 1 Guest are viewing this topic.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5156
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #30 on: January 11, 2018, 06:22:05 PM »
Meltdown is mitigated by the January Microsoft Windows Updates (on 64-bit systems; but NOT on 32-bit systems).
However, Spectre requires the CPU/firmware (BIOS/UEFI) update from your PC's manufacturer!
Updated UEFI:... still vulnerable to Spectre.
I wasn't expecting much, I was going from a 2013 version, to a 2014 version, (long before this was on anyone's radar).
Unless Dell is going to throw us all under the bus, they still have some work to do.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 607
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #31 on: January 11, 2018, 06:24:56 PM »
Yes, it'll have to be a brand-new 2018 BIOS update, that addresses Meltdown/Spectre.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7172
  • Liverpool FC - YNWA
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #32 on: January 11, 2018, 08:08:03 PM »
Winchester:   Can you confirm the Ashampoo-tool results via the PowerShell Script, or by running SpecuCheck (from a Command/DOS prompt)?


This is a ThinkPad T440s.  A new Lenovo BIOS has not been offered.

SpecuCheck attached:
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1511
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Major flaw in millions of Intel chips
« Reply #33 on: January 11, 2018, 08:46:42 PM »
Microsoft hasn't offered me the OS patch yet. I've gone and grabbed it myself and am manually installing it.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 607
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #34 on: January 11, 2018, 08:50:30 PM »
Not sure what to make of this... it's certainly reporting that your current CPU microcode is supporting Branch Prediction Mitigations... yet you say there was no BIOS update ????

For what it's worth, Lenovo HAS released a new BIOS update for the T440s, sometime between 12/18/17 and 1/4/18, version GJET96WW (2.46).   Can you check your BIOS to see what version you have?

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7172
  • Liverpool FC - YNWA
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #35 on: January 11, 2018, 09:18:17 PM »
I downloaded that BIOS last month ...

https://pcsupport.lenovo.com/us/en/downloads/ds035965

I mis-read your earlier Lenovo post, thought there was another BIOS update that had come out and was pulled.   ???
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 607
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #36 on: January 11, 2018, 09:30:46 PM »
Lenovo pulled SOME --- but not ALL --- of their recently released BIOS updates.   Apparently your T440s update was "safe", and not pulled.   So you indeed have the newest, safe BIOS update which protects you from Spectre.

The update for my Lenovo is not expected to become available until February.   I have no idea on the ETA for any of my other systems (HP/DeLL).

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7172
  • Liverpool FC - YNWA
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #37 on: January 11, 2018, 09:40:13 PM »
That leads to an interesting question. ThinkPads are easy to update using their included utility. What about IdeaPads, Yogas, and other systems that don’t have such an easy way to update. How will folks with those know there is a firmware update, let alone where to go and how to install it?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 607
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #38 on: January 11, 2018, 09:51:34 PM »
Lenovo has prepared an informative site for the Meltdown/Spectre vulnerabilities:
https://support.lenovo.com/us/en/solutions/len-18282

By scrolling down, and clicking on the appropriate system (e.g., ThinkPad), the user should be able to find out about the availablity of an appropriate patch for their particular model.

[On a weird note, that page displays correctly on some of my computers, but has its data suppressed on others... I'm still trying to figure out why... presumably some security setting/program toggled too-high.]

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19100
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #39 on: January 11, 2018, 09:55:52 PM »
The Spectre Meltdown CPU checker shows protected for Meltdown but need BIOS update for Spectre. 

Power Shell results have the same result:

Quote
Speculation control settings for CVE-2017-5715 [branch target injection]

"Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True"

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.



Only only one problem with that.  HP doesn't have an update for my old system HP HDX X18-1099UX Premium Notebook PC.  In fact, it doesn't even have software/drivers for Windows  8 or Windows 10 -- only for Vista (the original OS) and Windows 7.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7172
  • Liverpool FC - YNWA
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #40 on: January 11, 2018, 10:44:50 PM »

By scrolling down, and clicking on the appropriate system (e.g., ThinkPad), the user should be able to find out about the availablity of an appropriate patch for their particular model.

That’s all well and good for someone like you or me who is diligent about updates, patches, etc ... what about the masses out there who aren’t paying attention, don’t care, assume all is well, just want to turn the computer on and use it, aren’t tech savvy, etc?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 607
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #41 on: January 12, 2018, 12:36:23 PM »
Intel admits security patches have bugs that cause surprise reboots
https://www.bizjournals.com/sanjose/news/2018/01/12/intel-meltdown-spectre-patches-reboot-flaw-amd.html

Santa Clara-based Intel Corp. is quietly urging its biggest data center customers to hold off on installing the company’s latest security patches for the Spectre and Meltdown chip flaws, because the patches have bugs that could cause unexpected system reboots, The Wall Street Journal reports.

In a public post Thursday, Intel executive Navin Shenoy confirmed the issue, saying “a few customers” running Intel’s older Broadwell and Haswell chips had experienced higher-than-normal system reboots.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7172
  • Liverpool FC - YNWA
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #42 on: January 12, 2018, 01:04:47 PM »
Funny you mention that, I've had 2 BSOD (at least that I've noticed, who knows what happens when I'm not sitting at the laptop) in the past few days.

SYSTEM_SERVICE_EXCEPTION Win32kbase.sys

DRIVER_IRQL_NOT_LESS_OR_EQUAL netwbw02.sys

(Side note ... I wish there was a way to turn off the annoying sound made while the 'report' is being generated)
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19100
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #43 on: January 12, 2018, 05:51:49 PM »
Via Twitter, https://twitter.com/Garyw_/status/951903598258028545:

Quote
Dell also pulled their meltdown and spectre patches for their 13th gen servers. They were up for about 24 hours - no word as to why but I think that various patches are causing major issues.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 566
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #44 on: January 12, 2018, 08:15:37 PM »
There patching a hardware design flaw with a software patch. Why am I not surprised there having issues? This is a feeble attempt, to try and limit liability.

What are the results so far?

1) Processors that not longer function at there advertised speed.
2) System crashes.
3) Millions, if not Billions of servers and systems with a major security issue.