You’re going to see a whole bunch of explainers about this, yet another Meltdown/Spectre-class vulnerability in Intel processors. Intel’s FAQ lists ju
[See the full post at: Foreshadow/L1TF: Another highly publicized Intel flaw, complete with its own web site and logo]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Foreshadow/L1TF: Another highly publicized Intel flaw, complete with its own web site and logo
Home » Forums » Newsletter and Homepage topics » Foreshadow/L1TF: Another highly publicized Intel flaw, complete with its own web site and logo
- This topic has 22 replies, 14 voices, and was last updated 5 years, 3 months ago.
Tags: Foreshadow L1 Terminal Fault
AuthorTopicwoody
ManagerViewing 8 reply threadsAuthorReplies-
zero2dash
AskWoody LoungerYet another vulnerability that has yet to be exploited but will certainly usher in more botched updates and widespread panic.
Meanwhile, as you always mention, Woody, we’re here and still there are no known Spectre or Meltdown exploits either, but plenty of botched updates and widespread panic went around there too.
-
anonymous
Guest -
Kirsty
Manager -
anonymous
GuestInteresting, but it looks like a publicity stunt more than anything. The sites bypassed only showed results, and had nothing directly to do with casting votes. Likewise the sites created for the test hacks”mimicked” official sites. Considering the hack took 10 minutes, chances are the kids were running fully completed scripts and just updating the information they wanted to put in.
Still a great learning experience for the kids, but it sends the wrong message. The sites’ security could actually be pretty good, but either due to insider knowledge of the systems (eg, one of the coordinators worked on it) or due to making assumptions or adding an non-existent exploit on the “mimicked” site they can make a non-obvious exploit seem straightforward.
2 users thanked author for this post.
-
-
-
Sessh
AskWoody LoungerI feel even more that these vulnerabilities have been known for a very, very long time and that they are now being used as part of a coordinated scare campaign to cripple the performance of older processors/OS’s in order to make people upgrade to new hardware and a new (Microsoft) OS. It’s pretty transparent to me, but that doesn’t mean I’m right. I don’t really believe much in coincidences when they line up this perfectly. I’m sure they’ve had plenty of time to come up with a plan to use this “crisis” as a tool to manipulate even more people and generally use it to their advantage.
I’m sure Windows 7 especially will get a whole bunch of horrible patches that will cripple it’s performance even more while older processors in general will get the same treatment. To me, this is all still GWX with Intel now on the team. Would something that was so terrible be quickly given it’s own logo and website? It seems too obvious that this is all by design and part of a plan being executed. I haven’t regretted my decision to cease updating for a second and I’m glad to be far, far away from this ever expanding mess of manipulation and hysteria.
8 users thanked author for this post.
-
zero2dash
AskWoody LoungerIt’s definitely a push towards Win10, because if you look at old vs new on same hardware, Win10 has almost none of the performance hits post-patch that 7 & 8.1 have. The [air quote] explanation [/air quote] is that Win10 uses the vulnerable architecture of the processor less than the old versions, so it has little to no performance hit.
It could be true, it could be FUD. All I can pinpoint is that Steve Gibson’s ‘Inspectre’ says all my (vulnerable) CPU’s have “Good” performance in Win10, but “Slower” performance in 7 (unless I disable the protection).
As the sayings go though, obviously Intel and MS aren’t making more money when people don’t buy new equipment, so your thoughts are definitely plausible. From the customers that I deal with that I build and maintain PC’s and servers for, obviously the FUD is holding some weight (with the uneducated general public) because I have people who think they have to buy new hardware every 2 years or so otherwise their work suffers because their hardware isn’t up to snuff anymore. (Obviously this is not true, and I educate where I can – but some people buy new hardware anyway.)
Cybertooth
AskWoody PlusI wonder why, all of a sudden, this year we’ve started to hear about exploits that target flaws in the hardware as opposed to the software.
Carl D
AskWoody LoungerEarlier this year I asked the question on another forum: “Will this Spectre/Meltdown fiasco turn out to be the biggest non event in computing history since Y2K?”
Seems that way from a security point of view, at least. Seeing as nearly a year later there are still no known exploits for either seen ‘in the wild’. I’m suspecting the same applies to most if not all of the numerous security updates we’re seeing every month. But, hey – it keeps the money rolling in for these security companies and allows MS to keep a ‘leash’ on peoples’ computers.
But, from a botched updates and widespread panic (as zero2dash points out) perspective it seems to biggest computing event we’ve ever seen.
I still get the impression that this whole ‘circus’ has been deliberately orchestrated to:
1. (from Intel’s viewpoint): sell lots of new hardware.
2. (from MS’s viewpoint): help kill off Windows 7 – since the Meltdown/Spectre patches slow down Windows 7 but not Windows 10. How convenient. And, any older 32bit PC/laptop with a processor that doesn’t support SSE2 can’t update W7 past December 2017 without bluescreening. MS were supposed to be fixing this but finally decided not to bother (after several months of procrastinating).
Almost makes want one to unplug the PC/laptop from the Internet permanently and just use something like a cheap Android tablet for online activities. I have a Samsung tablet that hasn’t seen an update for over 4 years – and, I’ve been using it online quite regularly with no security issues. Funny about that…
(Edit: I see Sessh also mentioned much the same points. Beat me to it while I was typing my post).
PC1: Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.
PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 22H2 64bit.5 users thanked author for this post.
-
OscarCP
MemberI am truly moved by the extent of the trust people here have on Microsoft.
And, by the way: Y2K was a non-event thanks to the early warnings and the following massive work done to fix most of the software vulnerable to it.
Is such also the case here? Would these flaws, known for years, but no big deal until now, suddenly get an upgrade in the risk scale now that the proverbial cat is out of the proverbial bag and running around in the open, for all to see?
Has everybody got the tin hat ready?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
Jan K.
AskWoody Lounger -
Noel Carboni
AskWoody_MVP
-
-
Pepsiboy
AskWoody Lounger“Will this Spectre/Meltdown fiasco turn out to be the biggest non event in computing history since Y2K?”
CarlD,
I am getting to feel the same way. Y2K, Spectre / Meltdown, L1TF. They are designed to spread panic and help to eliminate older hardware and software that WORKS as intended. They ONLY are there to FORCE us to upgrade to something that WE DO NOT WANT OR NEED. There is no reason for us to help increase the bottom line for M$ or Intel when they do not give us what we want or can use.Sorry for the rant, but I’m saving up from my limited income to change over everything to Linux.
Dave
4 users thanked author for this post.
AlexEiffel
AskWoody_MVPY2K is a very bad comparison. Y2K wasn’t a non event to many who worked on it. And it was a non event because professionals worked on it. I can assure you if I didn’t work on it with my team, our business would have not worked at all when the date changed.
Y2K considerations was an afterthought in many software. We had to update them all. Our ERP didn’t even start when we simulated Y2K. Also, we had a lot of custom software from the 70s and 80s that had to be adapted to avoid issues.
Yes, there was a lot of of ridiculous fear spread and crazy ideas, mostly from non technical people. I received a lot of requests to get confirmations we had a plan and wouldn’t be impacted. But at least, everyone worked on the problem or at least verified they were non impacted instead of dismissing it and that is why it ended up being a non event.
Saying Y2K was nothing to me is like saying the CISO of a company is useless because they don’t have security issues.
3 users thanked author for this post.
Carl D
AskWoody LoungerSpeaking of Y2K – towards the end of 1999 there was an advertisement in one of our Australian magazines (I think it was in the TV magazine that came with the Sunday paper) where someone was selling Y2K insurance for peoples’ VCR’s (remember those?), microwave ovens, computers, of course and basically anything that had a digital clock in it.
I had a bit of a laugh at the time but I’ve always wondered if anyone actually took up the offer and paid for it? Had the give the people behind it 10 out of 10 for creativity, at least.
Better stop now otherwise we might be seeing ads appear for Meltdown/Spectre insurance soon.
PC1: Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.
PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 22H2 64bit.-
OscarCP
MemberAh, Y2K.. those were the days! But don’t you go on like this, giving people ideas…
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
anonymous
GuestI think these flaws aren’t a big issue for clients. But, for AWS and Azure, I think it could be a huge concern. It’s scary to think that some random VM that happens to be running on the same box as mine could read my VM’s memory. This is an argument for avoiding the cloud and keeping your servers local on your own hardware. So, if it is a conspiracy to spur sales, it’s not all rosy. Cloud is big bucks and vendors are trying really hard to convince customers that moving into that type of recurring revenue relationship is the best way to go.
1 user thanked author for this post.
anonymous
GuestAmong this talk of the otherwise very plausible idea that the patches and disclosures are orchestrated to push people to buy new CPUs and switch to Win 10, I have another question: Are the new CPUs no longer vulnerable to this, at a hardware level? Because only when that happens, and the OS will also recognize it and keep all of these mitigations disabled so there will be no potential performance hit (or compatibility issues), will there be a real point to get a new CPU. Sure, MS doesn’t have any reason to care, but Intel should be aware that this is the case, right?
—– Cavalary
johnf
AskWoody LoungerWhy are we seeing these Intel chip vulnerabilities now???
Well, put your tinfoil hat on. It’s been well known that the NSA has had their hands in OS’s for a long time (they approached Linus about putting a vulnerability in Linux, so it’s no great leap to think that Bill Gates and Microsoft cooperated with the NSA). The NSA has been linked to hacking firmware on your hard drives (leaked by Kaspersky..oh, that would have NOTHING to do with the US government going after Kaspersky later, eh?).
Going after the heart of the PC’s, the processor chips, would be the Holy Grail for the NSA.
So fast forward to April, 2017. That’s when we found out the NSA couldn’t secure their own tools, and their tool set for hacking was leaked to the Shadow Brokers group. That set of hackers (really crackers, which is the proper term for unethical hacking), put sections of those tools up for sale. I would presume someone is buying the tools, which is why we see things like Eternal Blue
Mr. Snowden, and others (rumors, for the most part), linked the NSA to planting vulnerabilities in Intel/AMD as far back as 2013! But we haven’t seen the threats develop until recently…since the NSA lost control of their hacking tools.
Co-incidence? Well, we know the NSA would prefer to hack into your PC, instead of spending time breaking encryption. Then again, if you’re not wearing your tinfoil hat, everything is fine, right?
Right?
abbodi86
AskWoody_MVPAccording to:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018* Protection for CVE-2018-3620 (L1 Terminal Fault) builds on the protection for CVE-2017-5354 (Meltdown) which is enabled by default on client. Customers that have disabled the protection for CVE-2017-5354 must re-enable it to gain protection for CVE-2018-3620.
i have disabled the Meltdown protection, yet Get-SpeculationControlSettings shows that L1TF mitigation is enabled
well, i don’t want it
but i have not experienced any performance changes, so nevermind 😀1 user thanked author for this post.
-
Noel Carboni
AskWoody_MVPExperienced… Or noticed?
My observation is that most of the time computers are overpowered for what we use them for, and we can’t possibly notice even a significant slowdown. Your computer may be a million times more powerful than what is needed to type things in. Yet other, key times the performance hits mean we literally will wait longer for results. Who pays for that delay?
-Noel
1 user thanked author for this post.
OscarCP
MemberGreat, my own CPU is of 2011 vintage! So am I now the NSA best fried? (Not a typo.)
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AVjohnf
AskWoody LoungerViewing 8 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Debian SparkyLinux 7.2 “Orion Belt”
by
Alex5723
5 hours, 30 minutes ago -
Burt Wolf on Communication
by
Susan Bradley
7 hours, 45 minutes ago -
Converting HHD iMac to SSD
by
pmcjr6142
2 hours, 22 minutes ago -
Bluetooth hack : Hi, My Name Is Keyboard
by
Alex5723
3 hours, 16 minutes ago -
Windows sees RAW, chkdsk sees NTFS
by
Cormy1
5 hours, 51 minutes ago -
Microsoft SMB V1 removal – any updated information
by
Laurie Bronstein
5 hours, 39 minutes ago -
ISO portable PC keyboard that matches standard Dell keyboard
by
glnz
18 hours, 38 minutes ago -
End of support W10
by
barrym
1 day ago -
MS-DEFCON 2: Copilot for Christmas
by
Susan Bradley
1 hour, 32 minutes ago -
Sudden appearance of Edge Search Bar
by
EricB
15 hours, 18 minutes ago -
LogoFAIL firmware exploit bypasses hardware and software security
by
Alex5723
14 hours, 59 minutes ago -
Microsoft outlook ignores the registry keys
by
Heri Harry
2 days, 1 hour ago -
Windows 11 Insider Preview Build 22635.2841 released to BETA
by
joep517
1 day, 20 hours ago -
Thunderbird doesn’t open folders at most recent email in Inbox
by
LHiggins
1 day ago -
Three queries about the MS Outlook app on iPadOS
by
TonyC
1 day, 23 hours ago -
Win 10 22H2 November patches: Why do I have these 4 Windows App Runtime apps?
by
WCHS
7 hours, 3 minutes ago -
KB5032278
by
fpefpe
14 hours, 50 minutes ago -
A web browser security testing & privacy testing tool.
by
TechTango
2 days, 10 hours ago -
IOS 17.1.2 looses text alert tone
by
J9438
1 day, 23 hours ago -
What to know about CentOS Linux EOL
by
Alex5723
19 hours, 44 minutes ago -
ESU announcement coming?
by
Susan Bradley
8 minutes ago -
December 2023 Office non-Security Updates
by
PKCano
2 days, 11 hours ago -
Widespread Printer Bug caused by Windows Store!
by
Intrepid
21 hours, 49 minutes ago -
Xbox question
by
fernlady
2 days, 18 hours ago -
Unfound Updates
by
rebop2020
2 days, 15 hours ago -
Thieves rob DC Uber Eats driver, reject Android phone for not being iPhone
by
Alex5723
2 days, 16 hours ago -
McAfee popup add (from micro. Store)
by
Robin Heckler
2 days, 17 hours ago -
Random Screen Shut Downs (Windows 11 Pro)
by
OkCarl
1 day, 5 hours ago -
CPU performance degradation after 23H2 update
by
Alex5723
3 days, 6 hours ago -
PDFgear
by
Alex5723
1 day, 15 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.