Author Topic: Major flaw in millions of Intel chips -- (Spectre & Meltdown)  (Read 16565 times)

0 Members and 1 Guest are viewing this topic.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #75 on: February 01, 2018, 10:19:31 AM »
Let's hope the researchers are wrong:  We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities.
Quote
Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities.

According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.

Researchers from AV-TEST have detected 119 malware samples that are related to the aforementioned CPU vulnerabilities.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #76 on: February 08, 2018, 11:00:33 AM »
Intel releases new Spectre microcode update for Skylake; other chips remain in beta | Ars Technica:
Quote
After recommending customers not use its microcode fix for Broadwell and Haswell chips, Intel has issued a new microcode update for Skylake processors that gives operating systems the ability to protect against the Spectre flaw revealed earlier this year.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #77 on: February 21, 2018, 06:43:38 PM »
Intel hurls Spectre 2 microcode patch fix at world • The Register
Quote
“We have now released production microcode updates to our OEM customers and partners,” said Navin Shenoy, veep and GM for mobile client platforms at Intel. “The microcode will be made available in most cases through OEM firmware updates”.

Intel said the firmware is in beta mode for Sandy Bridge, Ivy Bridge, Haswell and Broadwell. The microcode patch update schedules for the chips are here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #78 on: February 23, 2018, 02:50:05 PM »
The beat goes on, AMD now facing class action suits over Spectre vulnerability of CPUs - Neowin
Quote
The consumer backlash over the Spectre and Meltdown vulnerabilities has been strong, with Intel seeing the bulk of the wrath in the form of more than 30 class action suits. AMD is also coming under the legal microscope as well, now facing four class-action suits of its own.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1536
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #79 on: February 27, 2018, 07:18:11 AM »
Intel did not inform US before chip flaws were made public

http://www.bbc.co.uk/news/technology-43196923


Paddy..
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #80 on: March 02, 2018, 12:23:48 AM »
Update on Spectre and Meltdown security updates for Windows devices - Windows Experience BlogWindows Experience Blog

See the referenced article for "Additional steps being taken to address Spectre and Meltdown vulnerabilities" and "Antivirus (AV) Software Compatibility".

Also see KB4090007,  Intel microcode updates


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 575
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #81 on: March 02, 2018, 11:56:23 AM »
Honestly, this threat is compounded because it was thrown out there. This should have never been made public, until it was validated and completely patched.

I mean it could have been years before hackers or illegitimate players even figured this out. Look how many years this went without being discovered. There fully aware of what it is now and exploit it, yeah I bet it will be.


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #82 on: March 14, 2018, 04:23:05 PM »
From March 2018 Windows security update – Expanding our efforts to protect customers - Windows Experience BlogWindows Experience Blog:

Quote
Earlier this month I shared news on Microsoft’s continuing efforts to help protect our customers against the Spectre and Meltdown hardware-based vulnerabilities. Today, we are announcing the expansion of devices covered by Windows security updates by removing the anti-virus compatibility check for Windows 10 devices, expanding the availability of Intel microcode updates in the Microsoft Catalog, and adding coverage for x86 editions of Windows 71 and Windows 8.1.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #83 on: April 11, 2018, 01:30:12 PM »
Microsoft Removes Antivirus Registry Key Check for All Windows Versions:
Quote
The OS maker removed the registry key check for Windows 10 computers last month, in March, and has announced yesterday that the key is no longer necessary for the other Windows operating system versions —7, 8, 8.1, Server 2008, and Windows Server 2012.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5160
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #84 on: April 20, 2018, 04:01:56 PM »
I don't know if it's related but "Dell Support Assist" just updated the BIOS on a five year old Inspiron One 2020.

It's actually the first time "Support Assist" actually did anything besides making me wonder if it was necessary.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5160
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #85 on: May 03, 2018, 11:50:17 AM »
I don't know if it's related but "Dell Support Assist" just updated the BIOS on a five year old Inspiron One 2020.

It's actually the first time "Support Assist" actually did anything besides making me wonder if it was necessary.
I've been noticing slightly slower performance, so I ran InSpectre again. I'm no longer "vulnerable" but paying a small price.

For the way I use this machine, it's not crippling. YMMV

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #86 on: May 18, 2018, 08:20:23 PM »
New Spectre Attack Recovers Data From a CPU's Protected SMM Mode

Fortunately:
Quote
Original Spectre patches will protect users

While their experimental attack was crafted to work around the Spectre variant 1 vulnerability, researchers said that using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.

Researchers said they've notified Intel of their new Spectre attack variation in March. Intel says that the original patches for the Spectre variant 1 and variant 2 should be enough to block the attack chain discovered by the Eclypsium team.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #87 on: May 21, 2018, 09:42:38 PM »
Google and Microsoft Reveal New Spectre Attack

Quote
Intel and AMD x86 chipsets, along with POWER 8, POWER 9, System z, and ARM CPUs are known to be affected. Intel has published a detailed list of affected CPU series in a security advisory.

Variant 4 can be exploited remotely, via the browser. Microsoft said it did not detect any exploitation attempts, though.

Also see the security advisories:

Intel:  INTEL-SA-00115
Microsoft:  ADV180012 | Microsoft Guidance for Speculative Store Bypass
RedHat: CVE-2018-3639 - Red Hat Customer Portal


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #88 on: June 24, 2018, 01:15:47 PM »
As if we haven't seen enough about Meltdown/Spectre, now this:

Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19144
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Spectre 1.1 and Spectre 1.2 CPU Flaws
« Reply #89 on: July 11, 2018, 12:21:37 PM »
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed

Quote
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2.

Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

According to the article, no patches are available for either bugs and Microsoft, Oracle, and Red Hat are still investigating whether it affects data handled by their products.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.