Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    Posted on January 16th, 2018 at 03:32 woody Comment on the AskWoody Lounge

    For most of you, Steve Gibson needs no introduction. For the rest of you, look here.

    Steve has a new scanner, just out, that claims to scan your PC and tell you about its Meltdown and/or Spectre susceptibility.

    This InSpectre utility was designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance.

    It’s an amazing piece of code from a guy who knows whereof he speaks. Steve just posted it last night, so I expect we’ll see updates and refinements shortly.

    How well does it work?

    You all know that I don’t yet recommend installing the January Meltdown/Spectre patches from Microsoft just yet — and there are NO KNOWN EXPLOITS at this point. But you should get this little utility and stick it in your hip pocket, to keep track of your system’s vulnerabilities.

    My main machine (AMD based) has this InSpectre report:

    As is always the case with Steve’s software, there’s no installer, no flab, no bull.

    Good stuff. Version 1.0, but expect updates momentarily.

  • Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    Posted on January 12th, 2018 at 06:57 woody Comment on the AskWoody Lounge

    If you own a PC with a Haswell or Broadwell processor (roughly 2014 to 2016 vintage), I strongly recommend that you refrain from installing the Meltdown/Spectre firmware updates, when they arrive.

    Intel’s detected a teensy-tiny problem.

    Computerworld Woody on Windows.

  • Microsoft apparently reinstates Meltdown/Spectre patches for some AMD processors

    Posted on January 11th, 2018 at 11:22 woody Comment on the AskWoody Lounge

    Of course, predictably, nobody’s saying which ones are now back on the patch list.

    Computerworld Woody on Windows.

    Thx @MrBrian

    UPDATE: Just got this from JA:

    Just read your referenced article. Thank you! It explains to me why update KB4056894 fails on my laptop running Windows 7. You mentioned that it isn’t clear whether the AMD embargo includes Intel PCs with AMD video cards. FYI … Apparently it does. I have a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. Once again, thanks for your informative article.

    Anybody else out there with AMD video cards that are getting the treatment – or drivers that are failing after installing this month’s security patches?

    UPDATE: Although it doesn’t explain which machines were yanked in the initial round, AMD CTO Mark Papermaster has posted some updated information:

    Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week.

  • The Meltdown/Spectre patches will cause performance hits — but how much, and to whom?

    Posted on January 11th, 2018 at 09:21 woody Comment on the AskWoody Lounge

    Gregg Keizer has a new article in Computerworld, Windows 7 takes biggest performance hit from emergency Meltdown, Spectre updates. It relies heavily on Microsoft’s pronouncements. I’m skeptical.

    There’s a detailed post from Jampe on the Intel support forum about the effect of the Windows 10 patch on a Thinkpad T440s. The results are not good — although the devil may be in the details.

    As Jampe reports, the first test (NewBottomLine) was performed before installing the Win10 update (not sure which one), and all of the three latter tests were with the update in place.

    Our own Noel Carboni responded with a good analysis:

    Passmark PerformanceTest (or any benchmark) is known to show quite variable results for disk testing. That’s the nature of PC systems; they do a lot of different things all the time. I’ve run into variances of 2 to 1 just doing subsequent tests. I’d really like to see a whole SERIES of before/after benchmarks.

    So for those of you who dare to tread into uncharted MS-DEFCON territory — do you have any benchmark runs to share? I’m particularly interested in tests of the Windows patches separately.

  • Risk Based Security brings some sanity to the Meltdown debacle

    Posted on January 9th, 2018 at 15:52 woody Comment on the AskWoody Lounge

    I just finished reading this article, recommended by Kevin Beaumont. The Slow Burn of Meltdown and Spectre: Exploits, Lawsuits, and Perspective.

    Here’s the conclusion:

    Vulnerabilities are disclosed every day, to the tune of over 20,000 new disclosures in 2017 alone. Just because a vulnerability receives a name, a website, and/or a marketing campaign does not necessarily mean it is high risk or that it will impact your organization. As always, we strongly encourage organizations to cut through the noise and focus on the details relevant to them, and make a decision based on that alone.

    I repeat – forgive me if you’ve heard this before – but there are NO KNOWN Meltdown or Spectre exploits in the wild. Folks who run servers with sensitive data — banks, brokerage houses, military contractors, cryptocurrency exchanges — need to be concerned about Meltdown and Spectre in the near term, realizing that the data can only be snooped if you allow an unauthorized program to run on your server.

    For everybody else, the first attacks (if there ever are any) are likely to come through web browsers. You need to harden your browser as soon as the update is available. You’ll want to install the new Windows patches as soon as they pass muster. And you need to get your BIOS or UEFI updated one of these days. But there’s no big rush.

    What you’re witnessing is a colossal “Sky is Falling” routine, aided and abetted by folks who are going to make money from the havoc.

  • Best explainer yet for Meltdown and Spectre

    Posted on January 5th, 2018 at 06:59 woody Comment on the AskWoody Lounge

    Daniel Meissler posted an amazingly succinct, yet accurate, description of the tech behind the Meltdown and Spectre vulns.

    If you want to understand exactly what’s happening, read his blog post.


  • Microsoft promises firmware patches for Surface devices to nullify Meltdown and Spectre

    Posted on January 4th, 2018 at 20:19 woody Comment on the AskWoody Lounge

    There’s a new post out from the Surface team: Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability. It says:

    Microsoft will provide UEFI updates for the following devices:

    Surface Pro 3
    Surface Pro 4
    Surface Book
    Surface Studio
    Surface Pro Model 1796
    Surface Laptop
    Surface Pro with LTE Advanced
    Surface Book 2

    The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

    Apparently if you aren’t running Win10 1703 or 1709, you’re out of luck.

    Annoyingly, the post speaks in the future tense. I don’t see any notice of availability on the official release pages for those devices. (See, for example, the Surface Pro 2017 page, which lists the last firmware/driver update as Dec. 6.) I also don’t see any of the patches in the Update Catalog.

  • MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way

    Posted on January 3rd, 2018 at 16:59 woody Comment on the AskWoody Lounge

    UPDATE: 4:00 am ET: @teroalhonen just noted that Yammer is down. The reason given:

    After reviewing the logs, we determined that recent maintenance is causing a portion of cloud network infrastructure to be in a degraded state. We’re reconnecting users to a to a healthy portion of infrastructure to mitigate the impact while we address the cause.

    Does “recent maintenance” encompass deployment of the Meltdown patches? That does not bode well.

    UPDATE 3:00 am ET: The Meltdown fix is getting pushed out Windows Update, but many people haven’t seen it yet. I haven’t seen either the 1709 or the 1703 update coming down the chute.

    We now have patches — both Monthly Updates and Security-only Updates — for a wide array of Window versions, from Win7 onward. See the Update Catalog for details. (Thx, @Crysta). Note that the patches are listed with a “Last Updated” date of Jan. 4, not Jan. 3. The Win7 and 8.1 patches are Security Only (the kind you have to install manually). It looks like the Monthly Rollups will come out next week.

    BUT… you won’t get any patches installed unless and until your antivirus software sets a specific registry key. If you’re running third party antivirus, it has to be updated before the Meltdown patch installer will run. It looks like there are known problems with bluescreens for some AV products.

    There are also cumulative updates for Internet Explorer 11 in various versions of Win7 and 8.1 listed in the Update Catalog. The fixes for Win10, and for Edge, are inside the respective Win10 cumulative updates. Microsoft has also released fixes for SQL Server 2016 and 2017.

    Note that the Windows Server patches are NOT enabled by default. Those of you who want to turn on Meltdown protection have to change the registry. (Thx @GossiTheDog)

    Windows XP and Server 2003 don’t yet have patches.

    There’s an official Security Advisory, ADV 180002. One sobering comment:

    In addition to installing the January 2018 Windows security updates, you may also need to install firmware updates from your device manufacturer for increased protection. Check with your device manufacturer for relevant updates.

    Which means you, as a Windows user, aren’t fully protected until you’ve installed the Windows patch, turned it on if you’re running Windows Server, and applied the latest firmware update. According to @teroalhonen, Dell, Microsoft and HPE have yet to push firmware patches.

    Microsoft has released official installation guidance for Windows Server, for non-server versions of Windows, and also for Edge and IE. Mozilla has posted its analysis for Firefox. Chromium also has details for Chrome, which should be patched later this month.

    There’s a great deal of knowledgeable speculation that Meltdown may not be fully fixed, even with firmware updates. It may require completely new processors. Expect that debate to continue for the next decade.

    We’re likely to see exploits published in fairly short order, but as of this writing, there are NO known in-the-wild exploits that take advantage of the Meltdown holes.

    It would be a very good idea to make sure that your Windows machine has auto update turned off. Kernel changes are always, always tricky. Far better to sit and wait for a few hours, or even a day or two, than to get blindsided by a bad kernel patch.

    It’s happened before. Many times.

    UPDATE: There appears to be a working exploit, purportedly on a Mac, from Michael Schwarz. “we are publishing demo code as soon as patches are available, so I guess next week.”

    I’m moving us to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it