Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft apparently reinstates Meltdown/Spectre patches for some AMD processors

    Posted on January 11th, 2018 at 11:22 woody Comment on the AskWoody Lounge

    Of course, predictably, nobody’s saying which ones are now back on the patch list.

    Computerworld Woody on Windows.

    Thx @MrBrian

    UPDATE: Just got this from JA:

    Just read your referenced article. Thank you! It explains to me why update KB4056894 fails on my laptop running Windows 7. You mentioned that it isn’t clear whether the AMD embargo includes Intel PCs with AMD video cards. FYI … Apparently it does. I have a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. Once again, thanks for your informative article.

    Anybody else out there with AMD video cards that are getting the treatment – or drivers that are failing after installing this month’s security patches?

    UPDATE: Although it doesn’t explain which machines were yanked in the initial round, AMD CTO Mark Papermaster has posted some updated information:

    Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week.

  • Born: Is my browser vulnerable to Spectre attacks?

    Posted on January 11th, 2018 at 09:51 woody Comment on the AskWoody Lounge

    Günter Born has an important recap of the the test website xlab.tencent.com, which has a tool that can check to see if your browser is currently susceptible to Spectre attacks.

    The tool is from Tencent’s Xuanwu Lab, which is part of Tencent, one of the largest companies in Asia. The Xuanwu Lab is well-known in antimalware circles.

    I ran a quick check on both of my go-to browsers, Firefox 57.0.4 (64-bit) and Chrome 63.0.3239.132 (Official Build) (64-bit). Both of them came up with “Not vulnerable.”

    That’s a comforting, if ambiguous, determination. As the Tencent site says:

    However, if the result is NOT VULNERABLE, it doesn’t mean your browser is absolutely not vulnerable because there might be other unknown attacking methods.

    Which is something of a triple (quadruple?) negative, but I surmise that Firefox and Chrome aren’t susceptible to the currently published Spectre vulnerabilities.

    A quick check of the latest IE and Chrome on my Win10 1703 machine turned up Not Vulnerable as well.

    Martin Brinkmann on ghacks.net ran a similar set of tests. He says that Google Chrome Stable, Opera Stable and Vivaldi Stable all turn up Vulnerable.

    Your mileage may vary.

  • The Meltdown/Spectre patches will cause performance hits — but how much, and to whom?

    Posted on January 11th, 2018 at 09:21 woody Comment on the AskWoody Lounge

    Gregg Keizer has a new article in Computerworld, Windows 7 takes biggest performance hit from emergency Meltdown, Spectre updates. It relies heavily on Microsoft’s pronouncements. I’m skeptical.

    There’s a detailed post from Jampe on the Intel support forum about the effect of the Windows 10 patch on a Thinkpad T440s. The results are not good — although the devil may be in the details.

    As Jampe reports, the first test (NewBottomLine) was performed before installing the Win10 update (not sure which one), and all of the three latter tests were with the update in place.

    Our own Noel Carboni responded with a good analysis:

    Passmark PerformanceTest (or any benchmark) is known to show quite variable results for disk testing. That’s the nature of PC systems; they do a lot of different things all the time. I’ve run into variances of 2 to 1 just doing subsequent tests. I’d really like to see a whole SERIES of before/after benchmarks.

    So for those of you who dare to tread into uncharted MS-DEFCON territory — do you have any benchmark runs to share? I’m particularly interested in tests of the Windows patches separately.

  • Excel gets a variation of the Word DDE block settings

    Posted on January 11th, 2018 at 07:40 woody Comment on the AskWoody Lounge

    They come along for the ride with this month’s Excel security patches — but Microsoft didn’t bother to document any of it, outside of an addendum to an old Security Advisory.

    Here’s the DDE warning dialog on open:

    Thx, @MrBrian

    Computerworld Woody on Windows.