News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    Home Forums AskWoody blog Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    This topic contains 121 replies, has 31 voices, and was last updated by  Kirsty 1 year, 7 months ago.

    • Author
      Posts
    • #159576 Reply

      woody
      Da Boss

      For most of you, Steve Gibson needs no introduction. For the rest of you, look here. Steve has a new scanner, just out, that claims to scan your PC an
      [See the full post at: Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility]

      15 users thanked author for this post.
    • #159580 Reply

      ViperJohn
      AskWoody Lounger

      Works well but an interesting thing pops up.  According to Gibson when run on a 32 bit version of Win 7, 8.x or 10 you get this info in the scroll window

      “At the time of this release Microsoft HAS NOT addressed these problems” (both MELTDOWN and Spectre) “IN ANY WAY on 32 bit versions of their operating systems …..”

      In other words neither the KB4056894 roll-up or the KB4056897 security only update for Win 7 (or the corresponding KB’s for W8.x or W10) do a d**n thing to stop the MELTDOWN bug on 32 bit Windows systems.  Haven’t seen that pointed out anywhere!!!

      Viper

      3 users thanked author for this post.
    • #159584 Reply

      MrBrian
      AskWoody_MVP

      This tool likely does not cover CVE-2017-5753, which is Specter variant 1. According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

      2 users thanked author for this post.
      • #159590 Reply

        MrBrian
        AskWoody_MVP
      • #159736 Reply

        anonymous

        Mr Brian said:
        According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

        Are there any characteristics or clues common to programs (other than web browsers) that might be vulnerable to CVE-2017-5753 ?

        For instance, internet-facing programs such as email readers, RSS/feed readers, chat messengers, streaming audio/video/podcast players, file download managers, cloud drive managers, weather/traffic updates aggregators, etc. ?

        Also, many non-internet-facing programs often try to connect to the internet for update checks, to send telemetry data, & what not. Would such programs be vulnerable to Meltdown-Spectre exploits ?

        • #159756 Reply

          MrBrian
          AskWoody_MVP

          From https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html: “Examples of targets which may require patching include the operating system and applications which execute untrusted code.”

          • #159783 Reply

            anonymous

            MrBrian said:
            applications which execute untrusted code

            Thanks. How can end users who can’t read IT source code tell which applications contain or are prone to executing untrusted code ?

            Also, what about the numerous closed-source applications whose code are not supplied for everyone to inspect ?

            Would the above-quoted scenarios be cases that will fall under & remain in the category of unknown unknowns ?

            • #159794 Reply

              MrBrian
              AskWoody_MVP

              You’re welcome :).

              You don’t need the source code. Instead, this refers to program (including script) execution from sources that you don’t consider trusted. Any program that allows scripts from untrusted sources would be included. An example: web browsers.

            • #160704 Reply

              anonymous

              Mr Brian said:
              Any program that allows scripts from untrusted sources would be included. An example: web browsers.

              1) So would feed/RSS readers (or any application) with built-in browsers that can render full webpages be vulnerable to Spectre variant CVE-2017-5753?

              I’m thinking that they could be, but so far, none of such feed readers have mentioned this issue, or released any updated version since the Meltdown-Spectre disclosure. And unlike most normal web browsers, it is not possible to block JavaScript, or enforce 1st-party site isolation in feed readers.

              2) Even if 1st-party site isolation is enforced in web browsers, how would we know if the site itself does not host any malicious script? There is a possibility that websites (including trustworthy ones) may get hacked & injected with malicious code, right? Is  totally blocking JavaScript (which might be necessary for the website to work properly) the only way to prevent Spectre-enabled attacks?

              3) There are lots of non-web browser applications that can interpret JavaScript, including PDF readers, office productivity suites, text editors, graphics editors, desktop publishers, Electron-based programs, chat messengers, game engines, etc.

              Let’s say 1 PC on the local network somehow has malicious script. So when another PC (with at least 1 application containing an embedded JavaScript interpreter) connects to & browses this infected PC, would it be able to execute the malicious script & thus be subjected to Spectre side-channel attacks?

              Thanks !

            • #160735 Reply

              MrBrian
              AskWoody_MVP

              “1) So would feed/RSS readers (or any application) with built-in browsers that can render full webpages be vulnerable to Spectre variant CVE-2017-5753?”

              I would think so, but it might be sufficient that the underlying rendering engine (example: Internet Explorer) is mitigated.

              “2) Even if 1st-party site isolation is enforced in web browsers, how would we know if the site itself does not host any malicious script? There is a possibility that websites (including trustworthy ones) may get hacked & injected with malicious code, right? Is totally blocking JavaScript (which might be necessary for the website to work properly) the only way to prevent Spectre-enabled attacks?”

              You can’t guarantee that the site itself won’t host a malicious script, right, and I think so, respectively (assuming you also don’t allow Flash or other programmability elements). Here is Google’s explanation of how site isolation helps though.

              “3) There are lots of non-web browser applications that can interpret JavaScript, including PDF readers, office productivity suites, text editors, graphics editors, desktop publishers, Electron-based programs, chat messengers, game engines, etc.

              Let’s say 1 PC on the local network somehow has malicious script. So when another PC (with at least 1 application containing an embedded JavaScript interpreter) connects to & browses this infected PC, would it be able to execute the malicious script & thus be subjected to Spectre side-channel attacks?”

              I don’t think so. Have you seen any references that suggest this?

    • #159581 Reply

      anonymous

      Following your link led me to Mr. Gibson’s page. All appeared normal until I clicked on the download button, which appeared to be a valid target when I moused over it.

      Then my Kaspersky AV spoke up, rather stridently. It doesn’t do so very often, as I am a prudent surfer. What follows is the contents of the incident .txt file:

      16.01.2018 04.08.52 Download blocked https://www.grc.com/files/InSpectre.exe Object name: HEUR:Trojan.Win32.Generic Object: https://www.grc.com/files/InSpectre.exe Application: Google Chrome Object type: Trojan program Time: 1/16/2018 4:08 AM

      16.01.2018 04.08.52 Object (file) detected https://www.grc.com/files/InSpectre.exe Object name: HEUR:Trojan.Win32.Generic Object: https://www.grc.com/files/InSpectre.exe Application: Google Chrome Object type: Trojan program Time: 1/16/2018 4:08 AM

      4 users thanked author for this post.
      • #159660 Reply

        GoneToPlaid
        AskWoody Plus

        It is a false positive.

        4 users thanked author for this post.
      • #159713 Reply

        anonymous
        • #159807 Reply

          mindwarp
          AskWoody Lounger

          I would still say it is a false positive due to the nature of the program.  Submit the URL to Kapersky so they can directly evaluate it – they should recognize the author.

          1 user thanked author for this post.
      • #159811 Reply

        Kirsty
        Da Boss

        The utility/tool has been updated in an attempt to get past AV false positives, and the page now contains a warning to only download it from the source, not 3rd-parties!

        Check it out here

        Release #1 — Initial release:
        The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.
        Release #2 — Second try:
        This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let’s see how this second try fares.

        And further to my post abt 21hrs ago, it has been downloaded another 24,000 times. 🙂

        3 users thanked author for this post.
        • #160022 Reply

          Kirsty
          Da Boss

          Again updated:

          Release #3 — Raw Technical Data Display:
          InSpectre’s more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine’s CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector’s analysis of its operating environment.

          2 users thanked author for this post.
        • #160045 Reply

          Kirsty
          Da Boss

          Release #4 — Silent System Probe Option:
          Last Updated:: Jan 17, 2018 at 16:00

          When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed. The application will assess its hosting system’s status, then immediately terminate itself returning a decimal exitcode which encodes eight “trouble bits” itemizing trouble.

          1 user thanked author for this post.
    • #159591 Reply

      MrBrian
      AskWoody_MVP

      From Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems: “Currently three exploits have been demonstrated as technically possible. In partnership with our silicon partners, we have mitigated those through changes to Windows and silicon microcode.” Notice that Microsoft modified Internet Explorer and Edge to mitigate CVE-2017-5753. This demonstrates the point that I mentioned in an earlier post: each program that might be vulnerable to CVE-2017-5753 needs to have mitigations provided in an updated version of the program.

      5 users thanked author for this post.
    • #159589 Reply

      anonymous

      So it says I’m protected against Meltdown, but am vulnerable to Spectre. I have an Intel based machine with Windows 8.1 Pro x64. What can I do?

      • #159602 Reply

        MrBrian
        AskWoody_MVP

        For Spectre variant 2 (CVE-2017-5715), you need the Windows January 2018 updates, and also a CPU microcode update.

        For Spectre variant 1 (CVE-2017-5753), you need the Windows January 2018 updates, and also updates for each program that might be vulnerable to CVE-2017-5753.

        6 users thanked author for this post.
    • #159593 Reply

      ViperJohn
      AskWoody Lounger

      I can’t remember where I saw it, but this has been pointed out in MS documentation somewhere. 32-bit is not protected.

      Well they have certainly buried that info very well cause I have looked for that from the git-go when MS tended to make it sound like it was more of a 64 bit issue in their notes (more by wording inference that reference).  Since MS offered both 32b and 64b bit versions of the out of band 1/4/2018 emergency Meltdown patches they should have CLEARLY spelled that out. I would bet that 99% of users that are even aware of these bugs think that Window 32 bit systems have a Meltdown fix when the MS updates are applied.

      Viper

    • #159594 Reply

      anonymous

      DO NOT DOWNLOAD OR RUN

      Virus Total says it may be malicious. This could be a “False Positive” but I would wait to see what others are saying before downloading and running!

      https://www.virustotal.com/#/file/f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372/detection

      1 user thanked author for this post.
    • #159599 Reply

      ViperJohn
      AskWoody Lounger

      This tool likely does not cover CVE-2017-5753, which is Specter variant 1. According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

      Yep there it is and ya a gotta love MicroBrain.  Referenced as just CVE-2017-5754 in the notes as not applying to 32 bit.  Not as “Meltdown” or even “CVE-2017-5754 – Rogue data cache load” at that point in the doc.  They couldn’t have made it more obscure and hard to notice if they had tried to.

      Viper

    • #159601 Reply

      ViperJohn
      AskWoody Lounger

      DO NOT DOWNLOAD OR RUN Virus Total says it may be malicious. This could be a “False Positive” but I would wait to see what others are saying before downloading and running!

      It’s safe.  Some AV’s will warn on it when run.  I use panda 2017 and it did on the first machine I ran it on.  It happens because the “InSpectre.exe” exec file is not in many AV’s cloud databases as safe yet

      4 users thanked author for this post.
      • #159740 Reply

        anonymous

        ViperJohn said:
        It happens because the “InSpectre.exe” exec file is not in many AV’s cloud databases as safe yet

        On a sobering note (… not talking about InSpectre), the 2017 CCleaner hack shows us that if the binaries are hacked at the backend & then released undiscovered, most antivirus will still duly catergorize them as safe due to the good reputation of the developer.

        For the CCleaner case, I recall that only 1 antivirus (can’t remember which) amongst the long VirusTotal list repeatedly flagged the compromised CCleaner as a trojan over the 1 month that the hack went undiscovered. If I saw the result back then, I would probably think that it was a false-positive.

    • #159603 Reply

      ViperJohn
      AskWoody Lounger

      So it says I’m protected against Meltdown, but am vulnerable to Spectre. I have an Intel based machine with Windows 8.1 Pro x64. What can I do?

      Right now everyone is vulnerable to Spectre 1 and 2.  You will need to apply firmware updates, when they become available (and are proven not to dork your system)  to mitigate the Spectre variants.

      The probable primary attack vector for “John Q. User”, at least initially, will be your Web Browser. IE11 has an MS mitigation update, as does the latest version of Firefox 57 and Firefox ESR 52.x for both Meltdown and Spectre timing attacks.  I do not use Chrome so no clue about it.

      Viper

      • #159607 Reply

        mazzinia
        AskWoody Lounger

        But isn’t the Google Repotline “fix” enough to prevent spectre 2 without needing even to apply microcode patches to the cpu ?
        ( and microcode patches are needed just for spectre 2, I think ).

        If that works as they claim (and they say is in production on all their cloud servers since december)…

        • #159608 Reply

          MrBrian
          AskWoody_MVP

          Windows doesn’t implement Retpoline, according to Alex Ionescu‏ on Twitter.

          2 users thanked author for this post.
          • #159611 Reply

            mazzinia
            AskWoody Lounger

            But they can implement it, if they want.
            The method etc is freely released… are we going to be taken as idiots , from microsoft, without raising complaints ?

            afaik linux kernel moved to repotline 2 or 3 days ago

            Moreover, surely there are cloud servers based also on windows. Are those paying clients be happy to stay on a windows solution with a speed decrease and cost increase, or would they just move to google – amazon ?
            Money doesn’t grow on trees.. it’s in ms interest to use the repotline fix in place of their “less performant” fix, at least for business/corporate users.
            But at that point, the rest of the crowd is entitled to it, too…

            • #159661 Reply

              MrBrian
              AskWoody_MVP

              An interesting fact about retpoline (from the Intel whitepaper): “For Intel ® Core™ processors of the Broadwell generation and later, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective.”

              4 users thanked author for this post.
    • #159606 Reply

      ViperJohn
      AskWoody Lounger

      This information wasn’t in the original release of https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002. That info was added on January 5 via FAQ #7.

      Awh heck … I read that on the 3rd or 4th so no wonder I didn’t see it.

    • #159613 Reply

      krisweir
      AskWoody Lounger
    • #159623 Reply

      bobcat5536
      AskWoody Plus

      Running Win 7 x64 and Win 10 x64. On the 7 computer Norton gives it a clean bill of health, no problem. On the 10 computer, Norton freaks out and deletes the file. Norton version is the same on both computers. Don’t know what gives there, why alright on one and not the other. I have noticed this happening before on certain files. Antivirus scans are not accurate, when using same identical version on 2 different computers. Just plain weird.

    • #159625 Reply

      cmar6
      AskWoody Plus

      I don’t yet recommend installing the January Meltdown/Spectre patches from Microsoft just yet,
      Woody, those of us with Win 10 ver 1709 are still awaiting your OK to update since 12/2017. The last update you OKed for Win 1709, if I’m not mistaken, was that of 11/2017.

      Edit to remove HTML

      1 user thanked author for this post.
      • #159645 Reply

        PKCano
        Da Boss

        I don’t believe Woody “blessed” the Dec CU for 1709, don’t think they fixed it.
        Wait for the Jan go-ahead. The patches are cumulative, so you won’t have missed anything.

        1 user thanked author for this post.
    • #159619 Reply

      anonymous

      People may want to wait a day or two before trying InSpectre so the various AV programs can learn about it.

      I downloaded it and scanned with McAfee and Malwarebytes and found nothing amiss but when I run the exe McAfee quarantined it. After rechecking this thread I unquarantined it and ran it. I got some info on my computer okay but McAfee again wanted to clean it – claiming it was an Artemis rootkit.

      I let the AV clean it and ran a quick virus scan of system. No problems.

      -firemind.

    • #159621 Reply

      anonymous

      Tool blocked by Sophos as it contains “Mal/Dorf-A” according to the software scan. It is also blocked on IE11 by the ‘smart screen filter’ when attempting a download. This is on a Windows 8.1 machine with all but the most recent updates.

    • #159622 Reply

      anonymous

      Pardon me but which patch update is the one for meltdown/spectre for Windows so I know it’s KB number so I am aware it’s in with my hidden updates I’ve hidden away? I just want to know in case.

      • #159635 Reply

        PKCano
        Da Boss

        That depends on the version of Windows you are running.
        For Win7/8.1 it is called “2018-1 Security Monthly Quality Rollup for Windows.”
        For Win10 it will be “Cumulative Update for Windows.”

        • #159674 Reply

          anonymous

          Actually PK-I got WIndows 10. So what is the KB number for the cumulative update and follow up-when were at Defcon 3-Will it be safe to install the cumulative update or so along with the other monthly updates (Minus the win 10 1709 update which I keep hidden and secure)?

           

           

          • #159678 Reply

            PKCano
            Da Boss

            If you are asking for the January patch for Win10 v1709 it’s KB4056892 for Build 16299.192

            For further Reference see the Win10 Update History page. It has all the KB numbers.

    • #159646 Reply

      bobcat5536
      AskWoody Plus

      So, a bit confused here. Installed the Jan. 3 update for Windows 10 and Gibson’s tool says I’m alright on the Meltdown but not on Spectre. If I’m not mistaken, that fix has to be in the BIO.

      I have a Dell computer that updates regular through Dell Update. Is Dell supposed to take care of this or is this up to the consumer to update this. My Windows 7 is an HP and older with no support of any kind still active. I have not installed the Jan. updates yet, so it reads negative on both counts.

      • #159704 Reply

        SueW
        AskWoody Plus

        “I’m alright on the Meltdown but not on Spectre. If I’m not mistaken, that fix has to be in the BIO.”

        For Spectre (Variant 2), CVE-2017-5715: yes, that fix has to be in the BIOS, and yes, Dell is supposed to make the fix available.

        As to your HP: I have an HP as well (Haswell, 10/2014) and have been checking this link periodically: https://support.hp.com/us-en/document/c05869091 for any BIOS/microcode information.  This is HP’s security bulletin for systems with Intel x86 processors and is updated periodically, although it’s been at version 4 since 1/12/18.

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

        1 user thanked author for this post.
    • #159654 Reply

      Carl D
      AskWoody Lounger

      Just for interest’s sake I gave this little utility a try.  I hadn’t installed any Windows Updates for this month so far (Windows 7 Professional). But, I have installed the latest BIOS update – “Update CPU Microcode” – for my motherboard a couple of days ago.

      InSpectre said I was vulnerable to both Meltdown and Spectre.

      Then, I installed the security only update KB4056897 from MS and now InSpectre says I am no longer vulnerable to Meltdown and Spectre but at the cost of a performance decrease.

      Funny thing is, after a refresh, my Windows Experience Index is exactly the same as it was before I installed this month’s security update rollup – 7.7 (everything rates at 7.9 except the processor which is an i5-7600 Kaby Lake) and I haven’t noticed any slowdown in the 15 minutes or so that I tested things.

      After that, I restored a Macrium Reflect image taken before I installed the security update so I’m back to being vulnerable again but I’m just going to sit and wait until we get the all clear from Woody.

    • #159669 Reply

      joep517
      AskWoody MVP

      Using Edge or IE Windows 10 build 17074 SmartScreen blocks the download as unsafe.

      --Joe

    • #159672 Reply

      AJNorth
      AskWoody Plus

      Martin Brinkmann has also posted an article on Steve Gibson’s InSpectre at gHacks: https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/ .

      3 users thanked author for this post.
    • #159673 Reply

      GoneToPlaid
      AskWoody Plus

      I have installed the January 2018 Security Only update on all three of my Intel Haswell Core I-5 machines. Two are desktops and the other is a laptop. It has been a week, and no issues so far since it turns out that Panda AV was inherently compatible after setting the required registry key. I have noticed some slowdowns in some situations, such as copying a plethora of small files from one location to another. Yesterday I took a chance and installed the January 2018 Security Only update on my AMD desktop. No issues so far, thank goodness. I need to test the AMD machine for a week in order to see if it remains stable.

      I am not suggesting that anyone install the January updates just yet. Do so at your own risk, and make sure that you have a way to recover if Windows won’t boot.

      7 users thanked author for this post.
      • #159676 Reply

        PKCano
        Da Boss

        Which Security Only patch are you referring to?
        Win7 4056897 or 4073578 (1/12)?
        Win8.1 4056898 or 4073576 (1/10)?

      • #159749 Reply

        anonymous

        @gonetoplaid

        How can you tell if Panda AV automatically sets the registry key? I have Panda free and it doesn’t look like the keys been set. What makes this especially bad is that I lack the skill to willingly try setting it myself.

        • #159751 Reply

          PKCano
          Da Boss

          I don’t use Panda, I use TrendMicro. I had to update the Program (engine, not just the definitions) to get it to set the key. The older engine didn’t do it. You might try that.

          The other thing that could keep you from seeing the Jan updates is your processor. Microsoft is blocking certain AMD processors because the updates cause a BSOD.

          • #159753 Reply

            anonymous

            Thank you @pkcano, I’ll look in to that. I never really thought about the version of the program being the problem.

          • #159780 Reply

            moonbear
            AskWoody Lounger

            @pkcano

            I’m the person that asked about Panda AV and as far as I can tell I have the latest free version. You also said it could depend on whether my processor was AMD or Intel, I have an Intel Pentium dual core E2180. But as of 2 days ago I could pull down the 1-2018 rollup in WU. Even though as I said in my anonymous post, I don’t have the registry key. That shouldn’t be possible, should it?

        • #159881 Reply

          GoneToPlaid
          AskWoody Plus

          Panda has not yet set the registry key. I have tested the 2016 and 2017 free versions of Panda Antivirus, and 2016 and 2017 Panda Internet Security. There have been absolutely no issues so far, after a full week of testing on my various computers.

          Note that if you also have any other AV products aside from Panda installed, you should uninstall them for the time being. For example, the latest free version of Malwarebytes is supposed to be compatible with the January update, but I discovered that it is not. Well, that was a week ago. Maybe Malwarebytes has fixed the issue.

          Attached is ZIP file which contains a text file called “Meltdown and Spectre Set Registry Key.reg”. All .reg files are text files which you can view in Notepad or any other text editor.

          The contents of Meltdown and Spectre Set Registry Key.reg is what is shown below in between the two rows of asterisks.

          ***************************

          Windows Registry Editor Version 5.00

          [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionQualityCompat]
          “cadca5fe-87d3-4b96-b7fb-a231484277cc”=dword:00000000

          ***************************

          Note: I tried copying and pasting the above lines in between the asterisks into Notepad, but the quotes did not paste as ASCII quotes. Thus, use the reg file in the attached ZIP file.

          You can copy and paste the above lines which are in between the two rows of asterisks into Notepad, and then save the file as Meltdown and Spectre Set Registry Key.reg. Or you can simply use the reg file which is in my attached ZIP file and which is identical to the above. In either case, you simply right-click on the .reg file and then select Merge in the popup in order to merge the file into your Windows registry. Windows will ask you if you are sure that you want to continue. Click Yes. You do not need to reboot after doing the above.

          After doing the above, go to Windows Update and check for updates. Windows Update will now show the January Monthly rollup. I chose to hide this rollup. After hiding this rollup, I then manually downloaded and installed the January Security Only update from the Microsoft Update Catalog.

          If you are running Windows 7 64-bit, then here is the direct download link for the January 2018 Security Only update:

          2018-01 Security Only Quality Update for Windows 7 for x64-based Systems (KB4056897)

           

           

          Attachments:
          1 user thanked author for this post.
          • #159902 Reply

            moonbear
            AskWoody Lounger

            Thanks for the breakdown @gonetoplaid, for about a week I was convinced I had somehow messed up my Panda free AV because the Meltdown page on their site at 1st glance makes it look like the key should have been switched on the 9th. I’m in group A when it come to Windows patches, will anything be messed up by installing the security only update?

            • #159903 Reply

              PKCano
              Da Boss

              The security only patches have the same required key. However. the lack of the key does not prevent manual installation – AT YOUR OWN RISK. If you go this route, you will need to install the IE11 Cumulative Update as well. It is download from the Catalog, install manually also.

            • #159909 Reply

              moonbear
              AskWoody Lounger

              Ok, thats what I thought. In that case I’ll stick with rollup. One last thing at the moment, when I check WU the January rollup is still dated from the 4th, is that accurate?

            • #159911 Reply

              PKCano
              Da Boss

              I believe that date is correct. However it is my understanding the Rollup did not receive the fix for AMD. It will do so in the next release. There may be some more out of band releases, so WAIT to install until we know what’s going on.

              1 user thanked author for this post.
            • #159927 Reply

              moonbear
              AskWoody Lounger

              Ok, I’m locking down for the time being. At the moment I’m way more worried about the patches than the actual vulnerabilities.

    • #159681 Reply

      anonymous

      Question: While we are awaiting the go ahead to install the January Win 7 Monthly Rollup, wouldn’t it be a good idea to install the other January updates (5 MS Office & Malicious Software Removal Tool), and manually download/install the IE11 security only update KB4056568 since IE is a possible entry point?

      Or, do these also have issues?

      Also, I have received a Security and Quality Rollup for .NET Framework KB4055532 but it is not checked? Anyone know of issues?

      KR

      • #159684 Reply

        PKCano
        Da Boss

        We have been so involved with the Meltdown/Spectre vulns and the rushed Windows patches that we have had little focus on the Office or IE patches to know if there are any problems. There have been problems with some of the .NET Rollups.

        But, MS-DEFCON settings apply to ALL the January patches.

        4 users thanked author for this post.
        • #160436 Reply

          anonymous

          So not to be argumentative, but if no one is separtely reviewing or commenting on these other items especially the IE update that closes one of the main access to deliver these safety concerns to home computers, should’nt we consider installing them now as we will have no better info down the line when Defcon goes to 3?

          FMI if I install the separate IE only security update KB4056568 which is included in the January Monthly Rollup KB4056894 will it cause any problems when we get the go ahead to  install KB4056894?

    • #159683 Reply

      Microfix
      Da Boss

      I’m trusting my instincts on this, usually, and in the past, Steve Gibsons site is a cut above many others when it comes to security checks and utilities (Respect to Steve). BUT, I’m keeping on DEFCON 1 due to the fact there are too many erroneous fixes related to Meltdown/ Spectre.

      Firstly Intel, MS, then 3rd Party AV’s in conjunction with NO BIOS updates from Motherboard manufacturers (for our mobo’s) and now AV’s throwing false positives for something that is supposed to fix a problem. This could potentially be made worse by miscommunication between all the parties concerned AND create more problems later once a proper fix is established. There’s a possibility that overcomplicating ‘a fix’ by numerous sources can have a detrimental affect on PC’s, therefor, making future troubleshooting an absolute nightmare!

      My advice is to stick to Woody’s MS-DEFCON system. Anti virus programs have issued fixes in updates which can easily be reversed should there be a problem further down the line.

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      • #159685 Reply

        PKCano
        Da Boss

        You forget the BROWSERS which will probably be the first point of exploit. And any other program that uses the instructions.

        2 users thanked author for this post.
        • #159686 Reply

          Microfix
          Da Boss

          Yup, more importantly Browsers and Javascript. Thanks PKCano

          ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        • #159700 Reply

          Elly
          AskWoody MVP

          Pale Moon Forum site says,

          “Pale Moon already set the granularity for the performance timers sufficiently coarse in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.

          Pale Moon also, by design, doesn’t allow buffer memory to be shared between threads in JavaScript, so the “SharedArrayBuffer” attack is not possible.”

          I’ve been using Pale Moon as my primary browser… it works well for my needs…

          Win 7 Home, 64 bit, Group B

          5 users thanked author for this post.
          • #159814 Reply

            Noel Carboni
            AskWoody_MVP

            Same here, Pale Moon is a decent browser, especially if also augmented with uBlock Origin. I like that it already dealt with the issues – months ago – now having to be patched in a hurry in FireFox, Chrome…

            -Noel

            3 users thanked author for this post.
            • #160269 Reply

              anonymous

              I downloaded Pale Moon to try it out, since enabling the Strict Site Isolation flag that helps protect against Meltdown and Spectre has slowed down Chrome on my Windows 7 64 bit laptop. Definitely faster.

              But I was surprised to see that PM uses the NPAPI version of Adobe Flash. I thought NPAPI plugins were considered unsafe these days? Do you know if/how these are impacted by the vulnerabilities?  I can’t find any info on this.

              I’ve gotten so used to Chrome’s built-in, self-updating PPAPI Flash. Not sure I want to mess with separate Flash updates again.

               

          • #159861 Reply

            Sessh
            AskWoody Lounger

            I have switched to Pale Moon as well and although there are little things that don’t quite work right (smileys on this forum don’t display properly and appear as little squares with two rows of letters/numbers inside), I generally like it. It’s been a long time since I used a Firefox-based browser on a regular basis, but I’m finding that I really missed it. What I don’t miss is not being able to shut off auto updates and trying to avoid them due to not being able to trust Mozilla not to remove features I liked and generally degrade the browser.

            I don’t have to worry about that with Pale Moon and update it soon after I am notified that an update is available. I do like Slimjet (Chromium) a lot too and it generally works just a little bit better, but it’s just a little bit. I think I’ll be staying with Pale Moon until it gives me reason to look elsewhere.

            2 users thanked author for this post.
          • #160151 Reply

            OscarCP
            AskWoody Plus

            Waterfox latest version (56.0.2) also has the timing granularity increased to foil attacks with Spectre, same as Firefox and, as I learn here, Pale Moon. I do not know if the second feature, it seems already available in Pale Moon and for some time now, that does not allow buffer memory to be shared between threads, has been implemented already in Waterfox as well. It would be there, almost certainly, if it has been put also in Firefox.

            I have installed recently Waterfox in both the Mac Sierra and the Windows 7 PC. But not Pale Moon, which is only for Windows, in the PC, yet. So far, quite happy with Waterfox.

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

    • #159702 Reply

      anonymous

      Do I understand correctly that Spectre is only being fixed by BIOS updates? Because, if so, and that remains true, that is horribly irresponsible. The vast majority of people do not patch their BIOS and wouldn’t even have the technical know-how to do it safely.

      Still, if this is true, then what does the button to Enable Spectre Protection in this app actually do?

      1 user thanked author for this post.
      • #159758 Reply

        MrBrian
        AskWoody_MVP

        For Spectre variant 2, Windows users need both the microcode update and Windows update. That setting probably controls whether Windows support for Spectre variant 2 is enabled.

        Spectre variant 1 has been addressed in other comments in this topic.

        1 user thanked author for this post.
    • #159705 Reply

      anonymous

      Hello Woody, Thank you for your excellent work and to those here that help here.

      You said, “For most of you, Steve Gibson needs to introduction.  (no introduction)

      You meant: “For most of you, Steve Gibson needs no introduction.”

      1 user thanked author for this post.
    • #159723 Reply

      John
      AskWoody Lounger

      Nice little utility, confirmed what I already knew but nice to have such a easy tool to check. Unfortunately one of my PC’s probably won’t ever get a firmware update to address the Spectre threat.

    • #159741 Reply

      anonymous

      Just making sure, after glancing through the comments here: On a 32-bit system, installing the January update would be entirely pointless from the point of view of mitigating these vulnerabilities, right? So possible bugs, likely performance loss at some leve lor another, but zero gain, hence don’t. Or did I miss something?

      Why did MS release that fix for 32-bit too then? I mean, what’s even in it? Wouldn’t it have made sense for the 32-bit file to not contain that part, assuming there was anything else in it, or to not be released at all if there was nothing else tackled?

    • #159771 Reply

      anonymous

      An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited. But given those conditions, the attacker would have access to the information protected by the TPM, such as cryptographic keys.

       

      Is this true for both variants?

    • #159777 Reply

      anonymous

      Dumb question from a non-techie regarding both these vulnerabilities. If the only attack vector for both is via javascript in browsers, why cannot updated browser(s) with script blockers and updated decent antivirus deal with the issue vs. cobbling the O/S and processor with updates which aren’t needed??? Or is there some other vector for Meltdown & Spectre attack?

      • #159787 Reply

        MrBrian
        AskWoody_MVP

        The browser mitigations are mitigations for Spectre variant 1 but not Spectre variant 2 or Meltdown.

    • #159805 Reply

      Carl D
      AskWoody Lounger

      A new version of InSpectre has been released since I downloaded and tried it yesterday.

      2 users thanked author for this post.
    • #159880 Reply

      Cybertooth
      AskWoody Lounger

      I have switched to Pale Moon as well and although there are little things that don’t quite work right (smileys on this forum don’t display properly and appear as little squares with two rows of letters/numbers inside), I generally like it.

      Ahhh, so it’s not just me who gets those little squares in Pale Moon instead of a smiley. I’d been wondering if I just couldn’t get the hang of using smileys at Woody’s.

      That said, I too continue to use PM for all its other advantages over FF, as you described.

      1 user thanked author for this post.
    • #159877 Reply

      anonymous

      InSpectre Release #2 is being accepted by Sophos.

      Virustotal test only has one malware warning remaining.

      This indicates that there are still some “suspicious” features which could trigger future false-positives, but for now at least, Sophos is allowing me to download and run this.

      Seems to work well.

      Thanks Steve!

      Chris.

       

    • #159942 Reply

      AJNorth
      AskWoody Plus

      InSpectre Release 3 is now available (https://www.grc.com/inspectre.htm).

    • #159944 Reply

      anonymous

      I ran the program and it’s stating I’m vulnerable to both; however, I have the latest Win10 update and updated the BIOS on my ASUS Z170-A motherboard. Under the the system’s current situation, the first and last bullet are in red (2nd and third are green). What else do I need to do? Thanks for your assistance.

      • #159950 Reply

        MrBrian
        AskWoody_MVP

        What is the text for the red bullet points?

        Independently, please make sure to see https://www.askwoody.com/forums/topic/scan-for-meltdown-and-spectre-with-steve-gibsons-new-inspectre-utility/#post-159584.

        • #159952 Reply

          anonymous

          Bullets in red:

          • This 64-bit version on Windows is not aware of either the Spectre or Meltdown problems. Since Intel processors are vulnerable to both these attacks, this system will be vulnerable to these attacks until its operating system has been updated to handle and prevent these attacks.
          • This system is not currently providing any protection against the Meltdown vulnerability. Either the operating system is unaware of this problem (which can be resolved by any operating system) or the operating system’s protection has been deliberately disabled.

          Edit ti remove HTML

          • #159976 Reply

            anonymous

            Also not sure if it matters but the Enable Spectre and Meltdown Protection buttons are greyed out for me.

            • #159988 Reply

              EP
              AskWoody_MVP

              any one or all options are greyed out if you do not install any of the January 2018 updates for Win10 (which release of Win10? – 1703, 1709?).

              Still I wonder how running Steve Gibson’s “InSpectre” tool does when used on AMD based CPUs instead of Intel CPUs. have to try that tool out on a Toshiba based Win8.1 x64 laptop using an AMD A6-5200 APU w/ AMD Radeon HD Graphics 8400 R3.

            • #159990 Reply

              anonymous

              Win10 Home Ver.1709 Build 16299.125

            • #160024 Reply

              MrBrian
              AskWoody_MVP

              You don’t have the latest build of v1709. See https://support.microsoft.com/en-us/help/4043454.

    • #159995 Reply

      anonymous

      So basically:

      1st status – installed and active 2018-01 patch

      2nd status – updated BIOS from the manufacturer

      3rd status – windows 10

      So basically 3rd status will always be false till 2020 for me, and I do not have updated BIOS yet.

      But I like the written explanations in the tool, good job!

    • #160033 Reply

      AJNorth
      AskWoody Plus

      InSpectre Release 4 is now available (https://www.grc.com/inspectre.htm).

      3 users thanked author for this post.
      • #160035 Reply

        abbodi86
        AskWoody_MVP

        From admin commandline:

        start /wait InSpectre.exe probe
        echo %ERRORLEVEL%

        the returned value will be a sum of Trouble Itemization values
        i.e. for me i get 253, which include all items except 2 😀

        1 user thanked author for this post.
        • #160484 Reply

          HiFlyer
          AskWoody Plus

          “the returned value will be a sum of Trouble Itemization values
          i.e. for me i get 253, which include all items except 2”

           

          Pls clarify meaning for this dummie.

        • #160749 Reply

          abbodi86
          AskWoody_MVP

          It’s hard to explain, i myself don’t understand the binary values

          the values listed in the table:
          1+2+4+8+16+32+64+128=255

          the errorcode you get after running InSpectre represent the sum of previous values
          subtract the previous values, starting with the bigger number to see which value item match your macine result

          • #160761 Reply

            windows7forever
            AskWoody Lounger

            It’s hard to explain, i myself don’t understand the binary values

            See http://grc.com/inspectre.htm / Release History / Release #4:

            1    OS is not aware of the Meltdown vulnerability
            2    OS is not aware of the Spectre vulnerability
            4    The system is vulnerable to Meltdown
            8    The system is vulnerable to Spectre
            16    CPU does not support Spectre (microcode not updated)
            32    CPU does not support low-overhead Meltdown protection
            64    Meltdown protection disabled by registry setting
            128    Spectre protection disabled by registry setting

      • #160224 Reply

        Microfix
        Da Boss

        Version Info:

        Release #1
        The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

        Release #2
        This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let’s see how this second try fares.

        Release #3
        InSpectre’s more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine’s CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector’s analysis of its operating environment.

        Release #4
        When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system’s status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system.

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        1 user thanked author for this post.
    • #160053 Reply

      GoneToPlaid
      AskWoody Plus

      On a sobering note (… not talking about InSpectre), the 2017 CCleaner hack shows us that if the binaries are hacked at the backend & then released undiscovered, most antivirus will still duly catergorize them as safe due to the good reputation of the developer. For the CCleaner case, I recall that only 1 antivirus (can’t remember which) amongst the long VirusTotal list repeatedly flagged the compromised CCleaner as a trojan over the 1 month that the hack went undiscovered. If I saw the result back then, I would probably think that it was a false-positive.

      This is just a “heads up” to anyone who installed CCleaner 5.3.3. Anybody who was unfortunate enough to install CCleaner 5.3.3 and then think that CCleaner 5.3.4 or 5.3.5 fully removed the malware is mistaken. Yet this is a long story and for another topic.

      Here is a quick summary. The following might not look like a quick summary, yet it is, based on what I discovered:

      If you installed CCleaner 5.3.3, restoring to any System Restore points prior to August 2017 when CCleaner 5.3.3 was released will NOT resolve the issue. No AV product will detect the issue. Only GMER will occasionally detect the issue in the form of a couple of unknown threads which may show up when GMER is run. Why? Because I strongly suspect that DEP was skillfully defeated. Either Piriform completely missed that when they analyzed the malware and thus was never aware of this additional malware component, or Piriform completely missed that additional malware which defeated DEP was probably immediately downloaded and installed by the malware.

      Interestingly, the defeat of DEP also involves precise timing issues — just like the timing issues behind Meltdown and Spectre. Why do I say that I strongly suspect that DEP was defeated. Because I was perhaps the first to report an in-the-wild defeat of DEP in XP way back in September 2009. No AV product on the market could detect it. As much was said in a research paper about how DEP could be theoretically defeated in XP. I say “theoretically” since the research paper authors responsibly never publicly published “proof of concept” code. I recall that the research paper was published either the previous year or perhaps another year or two before. The research paper did not include any code whatsoever. Instead, it merely described how DEP might be defeated via timing, and showed that all AV programs, after running non-disclosed code, could not detect the defeat of DEP. Thus, non-published code was used to prove that all AV programs could not detect either the defeat of DEP or any malware which was hidden from all AV programs by the defeated DEP. And that was enough. Say that it is possible, and somebody will eventually do it. Today, the same applies to Meltdown and Spectre. The difference today is that, with regards to Meltdown and Spectre, proof of concept code has been published. Publishing proof of concept code was sheer stupidity, given the magnitude of just how severe these exploits potentially are in terms of the compromise of passwords, other highly sensitive information, and virtually everything which any person does on their computer.

      Back to the 2009 defeat of DEP in XP. Only one obscure beta stage program which I used could very indirectly detect the defeat of DEP because this program would throw an error message, once and only once on bootup, that it could not find an entry point in USER32.DLL for a specific DEP function call. That was the only clue, and this clue was an obscure one at that. Repeatedly closing and then relaunching this beta program would subsequently report that all was fine. Scans by over a dozen available AV products reported zero, zilch, nothing. Just like the research paper said.

      In other words, on bootup and when the beta program was running, the defeat of DEP was in the millisecond process of occurring when when this error message was thrown by the beta program since DEP was still in the process of being “fixed” by the malware, such that DEP wouldn’t subsequently report any errors. After I contacted the AV company which created the beta program, it took the AV company over two months to finally confirm what I found, and to blacklist both the web site and all programs on that website from which I had downloaded the program which contained the malware. What was the program? The program name was DVDVideoSoft Free DVD Video Burner and the file name was FreeVideoToDVDConverter.exe.

      The final upshot is that DEP’s design intentions were good. Yet DEP is flawed in the sense that if DEP is defeated, the defeated DEP itself and due to DEP’s inherent design, prevents AV programs from not only seeing that DEP has been defeated, but also from seeing where in memory the malware which defeated DEP is running. It is like, “Criminals broke into my bank vault, but the criminals are now forcing me to never let you see that they broke into my bank vault, or to let you see what they are doing right now inside of my bank vault.” This is the inherent design flaw in DEP. DEP has no ability whatsoever to ever report that DEP itself has been compromised, other than when a DEP function call momentarily doesn’t work because DEP is in the process of being compromised.

      2 users thanked author for this post.
    • #160082 Reply

      anonymous

      InSpectre is greyed out in version 4

      ran as admin, no diff

      • #160171 Reply

        EP
        AskWoody_MVP

        what kind of CPU are you using when you ran InSpectre? Intel or AMD

        all options seemed to be grayed out when used on AMD based CPUs, even with the January 2018 updates installed.

        folks do NOT visit Steve Gibson’s InSpectre page using either Internet Explorer or MS Edge. Use either Firefox or Chrome to download the tool. remember Woody’s advice to use Firefox or Chrome, but not IE or Edge for this one.

    • #160316 Reply

      EP
      AskWoody_MVP

      The InSpectre tool is now at release 5.

      1 user thanked author for this post.
    • #160440 Reply

      anonymous

      spectre 5 still grey-out on amd 8350.

      downloaded with pale moon.

      version 3 was not greyed but I chickened out.

      Now I just cant

    • #160481 Reply

      anonymous

      Interesting, InSpectre shows my fully-updated-from-scratch installation of 1703 as vulnerable to Spectre and show my  fully-updated-from-scratch-installation of 1709 as NOT vulnerable to Spectre :/

      Both installed on the same Optiplex 5050  i7-7700 patched with latest BIOS from Dell (supporting the mitigation according to InSpectre)

      Anyone can confirm this?

      Why would 1709 be safe and not 1703 ? I don’t see any mention of that anywhere …

    • #160744 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,

      I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this?

      Just asking.

      Dave

      • #161417 Reply

        anonymous

        Hi Dave,

        May I ask what version of Window 10 you running on?

        I’m still trying to figure out why InSpectre shows my 1703 vulnerable to Spectre and 1709 NOT vulnerable on exactly the same machine, with same patched BIOS and fully patch clean install of Windows.

    • #160772 Reply

      ViperJohn
      AskWoody Lounger

      Woody, I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this? Just asking. Dave

      Intel and ARM CPU’s are vulnerable to both both Meltdown and Spectre exploits.  AMD CPU’s are vulnerable to Spectre exploits but not Meltdown according to AMD.  I am really not sure how you could have come up with “Intel not vulnerable” think ( No Dis Intended) on this but it is troubling that you did as others may have as well.

      It appears that virtually all modern CPU’s used in darn near everything (computer, phones, consoles, routers, LoT items, etc, etc) may be / likely are vulnerable to some form of Spectre attack.  Now that said there is a big difference between “being vulnerable” and having an attack vector to actually be able exploit that vulnerability on a given device.

      Web Browsers are the most likely way right now ATM however browsers from MS (IE11 –  Edge), Firefox and Chrome have updates out with mitigation in them.

      Viper

      1 user thanked author for this post.
    • #160788 Reply

      Pepsiboy
      AskWoody Lounger

      Woody, I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this? Just asking. Dave

      Intel and ARM CPU’s are vulnerable to both both Meltdown and Spectre exploits. AMD CPU’s are vulnerable to Spectre exploits but not Meltdown according to AMD. I am really not sure how you could have come up with “Intel not vulnerable” think ( No Dis Intended) on this but it is troubling that you did as others may have as well.

      It appears that virtually all modern CPU’s used in darn near everything (computer, phones, consoles, routers, LoT items, etc, etc) may be / likely are vulnerable to some form of Spectre attack. Now that said there is a big difference between “being vulnerable” and having an attack vector to actually be able exploit that vulnerability on a given device.

      Web Browsers are the most likely way right now ATM however browsers from MS (IE11 – Edge), Firefox and Chrome have updates out with mitigation in them.

      Viper

      ViperJohn,

      Thank you very much for correcting me. I guess I read the original post about this wrong. No criticism taken. This month’s updates have been, and are going to continue to be a GIANT [pain]. I’m getting a migraine that doesn’t want to go away. Hopefully it will when this straightens out.

      Many thanks for the tips.

      Dave

    • #162847 Reply

      SueW
      AskWoody Plus

      The InSpectre tool is now at Release #6:

      “Release #6 — Worked around a Microsoft bug and more . . .
      Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator’s Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator’s Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system’s true protection.

      And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :)”

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

      2 users thanked author for this post.
      • #168436 Reply

        Kirsty
        Da Boss

        I’ve checked it again today, and it’s still at v.6, but showing the date as January 31st…

        • #168437 Reply

          Bill C.
          AskWoody Plus

          It says Release 6 on the site, but the newest version says Release 6b on the applet itself.

          1 user thanked author for this post.
    • #173338 Reply

      Kirsty
      Da Boss

      Steve Gibson has tweeted today to say that v.7 InSpectre has just been released.

      Release #7 — Added the display of the system’s CPUID . . .
      Microsoft will be making Intel (and perhaps AMD?) processor microcode patches available for the most persistent Spectre Variant 2 vulnerability. These will become available over time as they become available from Intel and they will apparently need to be manually installed by interested Windows users. It is not yet clear whether Microsoft will be willing or interested in making these patches available for earlier versions of its Windows operating systems, but we can hope.

      The patches are applicable to specific CPU models only, which are identified by each chip’s “CPUID.” For this reason, InSpectre now prominently displays the system’s processor CPUID at the top of its system summary.

      Please check this page on Microsoft’s website to see whether a microcode patch for your CPU, determined by its CPUID, is available at any time:
      KB4090007: Intel microcode updates

      You can also use your favorite Internet search engine to search for the string “KB4090007” which should always take to that page and to its related Microsoft Update Catalog page to obtain the specific Windows update.

      4 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.