Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • So, where’s the 32-bit Windows 7 Meltdown patch?

    Posted on March 7th, 2018 at 14:37 woody Comment on the AskWoody Lounge

    Just got this from LB:

    Hey Woody,

    What do you think about doing a story on the missing Windows 7 32-bit meltdown fix? Or maybe mentioning it in next week’s update writeup (unless it finally hits.)

    It seems very odd that it’s taken microsoft so long to issue a fix when the problem, and the solution (kpti), are clear cut (as opposed to the much tougher spectre problems.) 32-bit Win7 should still be getting security fixes until Jan 2020, last I knew.

    Anyway, just a thought. Thanks for all the work you do to keep us informed!

    take care,

    Anybody out there have some insight? Microsoft was slow to get the 32-bit Meltdown patches to Win10. Surely they wouldn’t just give up on Win7, would they?

    Er, would they?

    If that helped, take a second to support AskWoody on Patreon

    Home Forums So, where’s the 32-bit Windows 7 Meltdown patch?

    This topic contains 30 replies, has 15 voices, and was last updated by  anonymous 3 months, 1 week ago.

    • Author
      Posts
    • #173250 Reply

      woody
      Da Boss

      Just got this from LB: Hey Woody, What do you think about doing a story on the missing Windows 7 32-bit meltdown fix? Or maybe mentioning it in next w
      [See the full post at: So, where’s the 32-bit Windows 7 Meltdown patch?]

      1 user thanked author for this post.
    • #173292 Reply

      anonymous

      If you are on 32 bit Windows, you are probably also on older hardware. Microsoft has already stated that they would have to make architectural changes to 32 bit to address meltdown. Even though Microsoft is obligated to provide security updates until 2020, this vulnerability may prove to be the exception.

      It would be a lot cheaper if Microsoft offered a free upgrade from 32 to 64 bit for these systems. They would need the cooperation of the OEMs to do it. However, the user would have to absorb the cost of additional RAM (4GB min).

      • #173299 Reply

        PKCano
        AskWoody MVP

        The difference ibetween 32-bit and 64-bit is not just the amount of RAM. The processor and motherboard have to be capable of 64-bit as well. What you are talking about is replacing the machines.

        1 user thanked author for this post.
      • #173431 Reply

        Ascaris
        AskWoody MVP

        As far as I know, all the existing 32-bit Windows product keys will work with 64-bit editions, so in a way, MS has provided the upgrade (though it will require a clean installation).  There are different product keys for Pro, Home, etc. editions, but not, as far as I have ever seen, for “bitness.”  If you go to the Microsoft site and plug in your product key, you should be able to download the .iso for the 64-bit edition of Windows for your computer.

        I looked it up, and the last 32-bit only CPUs to be introduced were Pentium 4s, in 2004 on the desktop, and 2005 for mobile. Anything newer than that may well be 64-bit capable.  This means that anything sold during the Vista era or later may well be 64-bit capable, depending on how old it was at the time of purchase.

        A lot of 64-bit capable machines were sold with 32-bit Windows back in the day; I own two of them.  One’s an AMD Turion 2.2 GHz single-core, 12+ years old by now and originally shipped with Windows XP (32 bit, as XP usually was), but it’s a 64-bit CPU.  It wouldn’t necessarily be the best choice, given its small complement of RAM, but if there was no other choice, it should work with a 64-bit OS.  Right now, it runs Mint Xfce 32-bit (it only has 1GB of RAM).  It’s still viable, for the time being at least.

        The other one was my Core 2 Duo laptop, which originally shipped with Vista 32-bit, but that has been running Win 7, Win 8.1, and Linux x64 exclusively for several years now.

         

        • This reply was modified 3 months, 1 week ago by  Ascaris.
        1 user thanked author for this post.
    • #173302 Reply

      anonymous

      32 bit to 64 bit upgrade – if your hardware supports it, it can be done.

      • #173305 Reply

        PKCano
        AskWoody MVP

        A 64-bit machine running a 32-bit OS is the exception, not the rule

        1 user thanked author for this post.
    • #173308 Reply

      Rick59
      AskWoody Lounger

      I was not sure if MS would ever deliver a meltdown patch for my Win7-32 bit so I moved on and installed chromium OS.

      Does everything I need and I do not have to worry anymore about the never ending MS update soap opera.

      3 users thanked author for this post.
    • #173315 Reply

      Noel Carboni
      AskWoody MVP

      In my opinion these “vulnerabilities”, with their well-developed marketing campaigns and cute icons, are all about herding users. Specifically, I believe they’ve been made public so as to make older systems seem less desirable – both software and hardware systems.

      Perhaps people running Win 7 32 bit need a different incentive to be convinced to buy a brand new 64 bit Surface with Windows 10 that Microsoft has built just for them… Perhaps they’re already willing to live with “slow”, given the age of their systems, so patches that eat up their performance won’t really push them along much… So how about just letting the world deliver some nasty malware based on Spectre/Meltdown to them? Cue reports of Spectre/Meltdown exploits in the wild. Maybe some stories about shocking data breaches via web browsers…

      Lo and behold Microsoft just released a version of Visual Studio 2017 (15.6) that makes more efficient machine code by doing better optimization and using vector instructions more adeptly. Now let’s think for a moment… Which system can be recompiled and delivered in a better running form, and which ones just won’t…

      What did you THINK was going to happen when half the world decided against Microsoft’s will to just keep running Windows 7?

      I’m starting to feel a bit like an evolved Navigator (Dune reference)… I see plans within plans…

      -Noel

      7 users thanked author for this post.
      • #173318 Reply

        lurks about
        AskWoody Lounger

        What is often forgotten is there are many who cannot afford a new equipment just because MS or anyone else says they gear is obsolete. They will limp along with whatever they have as best they can. What they need for their ageing hardware is to use one of the Linux distros designed for older hardware. But this is a group who is the least likely to be aware of Linux or have the skills to install a distro.

        There is nothing wrong with a single core 32-bit processor other than it will not win any speed titles. But manufacturers and MS have decided that 32-bit processors are obsolete, useless chips.

        2 users thanked author for this post.
      • #173424 Reply

        Ascaris
        AskWoody MVP

        I have to admit… this is the first time I’ve seen a vulnerability with its own logo.  Like it’s a corporate product in and of itself.

        2 users thanked author for this post.
    • #173316 Reply

      bobcat5536
      AskWoody Lounger

      A Bit off topic here. I’m on 1703 and I just got hit with 1709 installing as I type this. I just did the Feb. updates Monday and reset pause for 35 days and no feature update for 365 days and they still pushed it on me. So it looks like your preferences are being ignored and Microsoft is having it their way.      GRRRRRR.

    • #173329 Reply

      bobcat5536
      AskWoody Lounger

      Update:   No sound…Video is in Black And White, no color. No sound and an error message about shortcut key not available. Some software is gone. I restored an image and stopped the windows update service and it enabled it and started the install all over again. 🙁

      Just now came to me, I think that Windows Update was in fact disabled, because it showed that it just did check and said I was up to date just before this large box came up and said that there were important security updates that needed to be installed and that I need the newest version of windows 10 to be able to install them. This update was coming from directly online rather than from Windows Update. Does this sound kinda strange to anyone ?

      • This reply was modified 3 months, 1 week ago by  bobcat5536.
      • #173348 Reply

        bobcat5536
        AskWoody Lounger

        If Microsoft is indeed updating to next feature version and bypassing Windows Update, how do you stop this ???  I apologize for the multiple post, my edit button is missing.

    • #173341 Reply

      MrBrian
      AskWoody MVP

      From Protect your Windows devices against Spectre and Meltdown: “The following security updates provide additional protections for devices running 32-bit (x86) Windows operating  systems. Microsoft recommends customers install the update as soon as available. We continue to work to provide protections for other supported Windows versions but do not have a release schedule at this time. Please check back here for updates.”

      From Chip Flaws Spectre and Meltdown are Actually Three Vulnerabilities and Proving Hard to Mitigate (written by Alex Ionescu) (January 11): “[…] mitigating this issue on 32-bit systems is even more complex and costly […]”

       

    • #173346 Reply

      anonymous

      KB4092077

      It seems Microsoft leaked an update in the Update list for 1703

    • #173358 Reply

      abbodi86
      AskWoody MVP

      Windows 8.1 has the same status, why it’s been dropped from the rant? 😀

      anyway, i tried the 32-bit mitigation on Windows 10, it slows down the OS alot more than 64-bit on the same machine/hardware

      so it’s a very good thing that Win 7/8.1 did/do not get it

      3 users thanked author for this post.
    • #173395 Reply

      Carl D
      AskWoody Lounger

      As I mentioned in another post, my nearly 12 year old 32 bit HP laptop is now running Linux Lite after using Windows XP and, after that, Windows 7 over the years. Much faster on the older hardware and I don’t need to play the “Oh, its Patch Tuesday, what is MS going to mess up/try to sneak in this month (KB2952664 – I’m looking at you – again)” game anymore.

      Meanwhile, the only question I have about Meltdown/Spectre at the moment is – has it surpassed Y2K yet as the biggest non event in computing history?

      1 user thanked author for this post.
      • #173491 Reply

        Jan K.
        AskWoody Lounger

        Y2K was a “non event” because of the largest ever investment in software upgrades ever made to date…

        2 users thanked author for this post.
    • #173385 Reply

      anonymous

      https://www.computerworld.com/article/3249767/microsoft-windows/patching-meltdown-windows-fixes-sloppy-net-warnings-about-word-and-outlook.html (dated 19 Jan 2018)

      Win10 Fall Creators Update version 1709 — Cumulative update KB 4073291 brings the Meltdown/Spectre patches to 32-bit machines. …

      It appears as if this is the first 32-bit version of Windows that has a patch for the Meltdown vulnerability. Surprise.

      If M$ could patch Meltdown for Win 10 1709 32bit in Jan 2018, I don’t see any reason why M$ cannot patch Meltdown for Win 7/8.1 32bit. Maybe, M$ wants to use the Meltdown/Spectre fiasco to push Win 7/8.1 32bit users onto Win 10 1709 32bit/64bit.

      OTOH, Canonical Inc has yet to patch Meltdown for Ubuntu 32bit. Maybe, Canonical wants to push Ubuntu 32bit users onto Ubuntu 64bit.
      ___ Seems, Ubuntu 18.04 will come in only 64bit, ie no more 32bit.

      P S – Have you heard of the year 2038 bug that will affect 32bit systems ?

      • #173536 Reply

        Bill C.
        AskWoody Lounger

        A number of the Linux distros are leaving the 32bit arena. Fortunately with Linux there are alternatives with other distros.

        The only real challenge I have found with truely old machines is when the distro size exceeds the size of a CD. If the hardware cannot boot from a DVD or thumb drive or other USB device and the distro’s .iso image is larger than a CD you have a challenge.

      • #174692 Reply

        Microfix
        AskWoody MVP

        I think by 2038 our hardware/ devices will be redundant/replaced and using 64bit if not 128bit Operating Systems will be the norm so, nothing to worry about.

        More info on the 2038 bug on wiki: Wiki 2038 bug

         

        | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
          No problem can be solved from the same level of consciousness that created IT - AE
    • #173576 Reply

      anonymous

      I got a 64 bit version of Windows 7 online and did a clean install over my 32 bit system that I got in 2008. Ascaris is correct. I copied the OEM driver file and a few other files suggested by gHacks onto a USB, so I did not need the OEM to provide the drivers. The system had 4 GB RAM already.

      With windows updates, I am now protected from Meltdown.

      • #173833 Reply

        Noel Carboni
        AskWoody MVP

        With windows updates, I am now protected from Meltdown.

        Out of curiosity, do you believe you’re running software that will probe your system for information you don’t want it to have, and it is only currently being blocked from accessing such information by the fact that it’s running with low (user-level) privileges?

        If no, then why worry about Meltdown? If yes, then I would ask: Why choose to run such software?

        -Noel

        1 user thanked author for this post.
        • #174668 Reply

          Ascaris
          AskWoody MVP

          The main threat of running such software would be having it come in javascript form from a rogue or compromised web page.  That’s really the only realistic vector I am concerned about with regard to Meltdown/Spectre.

          2 users thanked author for this post.
          • #174683 Reply

            Noel Carboni
            AskWoody MVP

            That’s a reasonable worry, though the popular browsers have all long since made changes that should make it very difficult if not impossible to do such a thing.

            It has always concerned me that most everyone just accepts that scripting languages should be made powerful enough (e.g., with Just In Time compilation into machine code) that they can actually do things like take advantage of exploits such as Meltdown or Spectre on your machine – presumably just so the scripted elements of web pages can run more quickly! It’s as though everyone just forgot why a restricted scripting language was invented for browsers in the first place.

            What price internet glitz, eh?

            May I suggest considering mitigations such as running ad and/or script blocking add-ons (e.g., uBlock Origin and maybe even uMatrix), using a browser that’s not mainstream (e.g., Pale Moon or Internet Explorer with security settings locked-down hard). These don’t sound like much, but they’re actually very effective. UBlock, for example, keeps your browser from being able to retrieve data from hundreds of thousands of sites that deliver bad things, using blacklists that are updated all the time.

            Also, usage habits can matter… For example, don’t open your financial site in another tab while a bunch of other sites are open in the same browser. Instead consider closing all your browser windows before visiting a site with which you’ll be exchanging sensitive data, or using software that works with sensitive data.

            Always remember, there are always risks and there will always be risks. Try not to focus too hard on one to the exclusion of the others.

            -Noel

            4 users thanked author for this post.
        • #174682 Reply

          anonymous

          And, even if compromised, the hackers can only read your private data found in RAM memory dumps. And thereafter, maybe do some phishing.
          Only rich folks(= online financial transactions), politicians, government officers, celebrities, CEOs, company executives, reporters and other “VIPs” or high-value targets should worry about this.

    • #174663 Reply

      anonymous

      There was supposed to be a performance hit, especially with older machines running Win 7. Yet, I didn’t perceive any on my 17 year old Pentium 4 Win 7 32-bit machine. I guess this explains why.

    • #174708 Reply

      Angstony
      AskWoody Lounger

      Does anyone know if any malware has actually been created to exploit the Meltdown or Spectre vulnerabilities? It seems to me that with all the major browsers and anti-virus programs already being patched, the potential for any such malware to successfully infect devices would be pretty limited and thus hardly worth the bother. Or am I being too simplistic?

      • #174710 Reply

        PKCano
        AskWoody MVP

        The Meltdown vulns have been taken care of by the Windows patches. But the Spectre vulns in the hardware require microcode or firmware patches that have not been taken care of.

        There are also many third-party software patches (ex. browsers) that need to done – and then the Users need to update their software

    • #175282 Reply

      anonymous

      The March 13 Quality Rollup KB4088875 now includes the Meltdown patch for Windows 7 32 bit.

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: So, where’s the 32-bit Windows 7 Meltdown patch?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: