Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Intel releases more Meltdown/Spectre firmware fixes, while Microsoft unveils a new Surface Pro 3 firmware fix that doesn’t exist

    Posted on February 21st, 2018 at 09:01 woody Comment on the AskWoody Lounge

    You’d have to be incredibly trusting — of both Microsoft and Intel — to manually install any Surface firmware patch at this point. Particularly when you realize that not one single Meltdown or Spectre-related exploit is in the wild. Not one.

    Computerworld Woody on Windows.

  • Intel says its new Spectre-busting Skylake firmware patch is ready

    Posted on February 8th, 2018 at 07:08 woody Comment on the AskWoody Lounge

    Oh boy. I love the smell of fresh bricked PCs in the morning.

    Yesterday, Intel said it has released new firmware that — this time, really, for sure, honest — plugs the Meltdown/Spectre security hole. Says honcho Navin Shenoy:

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days.

    What he’s actually saying is something like, “Hey, we spent six months coming up with new firmware to fix Spectre, released it, and bricked a bunch of machines. We went back to the drawing board and, two weeks later, came up with new firmware that won’t brick your machines. Have at it.”

    According to the freshly updated Microcode Revision Guidance, Intel has released updates for Skylake U-, Y-, U23e-, H-, and S- chips.

    Shenoy goes on to say:

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.

    To which I say:

    Fool me once, shame on me. Fool me twice… well, you know.

    Folks, you’d have to be absolutely batbox crazy to install these new BIOS/UEFI patches as they’re being rolled out. Give them time to break other peoples’ machines — or to prove their worth in open combat. I’m sure the folks who made the new firmware are quite competent and tested the living daylights out of everything. But they did that the last time, too.

    Again, I repeat, for emphasis, there is exactly NO known Meltdown or Spectre-based malware out in the wild.

  • Update: No, Virginia, there are no Meltdown/Spectre exploits in the wild

    Posted on February 1st, 2018 at 14:33 woody Comment on the AskWoody Lounge

    A reassuring tweet from Kevin Beaumont.

    The AV-Test red line graph shows that, yes, there are more and more samples being submitted to AV-Test — but, according to people who know these things, none of them are in the wild. They’re “Proof of Concept” test samples.

    UPDATE: And AV-Test responds:

  • Putting Meltdown/Spectre in perspective

    Posted on January 26th, 2018 at 08:27 woody Comment on the AskWoody Lounge

    Just saw a set of tweets from Kevin Beaumont, a.k.a. @GossiTheDog:

    That’s so, so true.

    A little translation, if I may: The Meltdown/Spectre problem was revealed by Google’s Project Zero and a group of Ph.D.s at the University of Graz. Burger King has a great explainer on Net Neutrality:

    Did I ever mention that Beaumont’s one of my favorite white hats?

  • Did you install the latest Meltdown/Spectre BIOS/UEFI firmware update? Joke’s on you

    Posted on January 24th, 2018 at 09:56 woody Comment on the AskWoody Lounge

    What an unbelievable mess.

    At least Dell, HP and Lenovo are withdrawing all of their firmware updates. But if you heeded their call — and ignored my warning — you’re now approximately 10 meters into deep doodoo.

    Computerworld Woody on Windows

  • Intel says STOP installing firmware updates

    Posted on January 22nd, 2018 at 13:35 woody Comment on the AskWoody Lounge

    In another stunning announcement, Intel now says that you should NOT install firmware updates. No specific word on Surface devices yet, but I bet the Jan. 10 updates are suspect, as well. Of course, if you have Automatic Update turned on, your Surface device is probably already updated.

    Computerworld Woody on Windows

    UPDATE: In response to an anonymous post here, I re-read the Intel announcement, and it isn’t clear (to me) if the halt has been called just for Broadwell and Haswell chips, or for all of Intel’s product line. Here’s what the official announcement says:

    Updated Jan. 22

    We have now identified the root cause of the reboot issue impacting Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Based on this, we are updating our guidance for customers and partners:

    • We recommend that OEMs, Cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions on the below platforms, as they may introduce higher than expected reboots and other unpredictable system behavior.
    • We also ask that our industry partners focus efforts on testing early versions of the updated solution for Broadwell and Haswell we started rolling out this weekend, so we can accelerate its release. We expect to share more details on timing later this week.
    • For those concerned about system stability while we finalize the updated solutions, we are also working with our OEM partners on the option to utilize a previous version of microcode that does not display these issues, but removes the Variant 2 (Spectre) mitigations. This would be delivered via a BIOS update, and would not impact mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown).

    We believe it is important for OEMs and our customers to follow this guidance for all of the specified platforms listed below, as they may demonstrate higher than expected  reboots and unpredictable system behavior.  The progress we have made in identifying a root cause for Haswell and Broadwell will help us address issues on other platforms. Please be assured we are working quickly to address these issues.

    Then there’s a link to this list of Intel products, which includes Coffee Lake, Kaby Lake, Skylake, Broadwell, Haswell, Ivy Bridge and Sandy Bridge processors.

    Clear as mud.

    The spontaneous rebooting problem extends beyond Haswell and Broadwell. As Intel said on Jan. 17:

    we have determined that similar behavior occurs on other products in some configurations, including Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms.

    So it isn’t clear if the “Belay that order” order applies just to Haswell and Broadwell, or to Haswell, Broadwell, Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake as well.

  • Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    Posted on January 16th, 2018 at 03:32 woody Comment on the AskWoody Lounge

    For most of you, Steve Gibson needs no introduction. For the rest of you, look here.

    Steve has a new scanner, just out, that claims to scan your PC and tell you about its Meltdown and/or Spectre susceptibility.

    This InSpectre utility was designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance.

    It’s an amazing piece of code from a guy who knows whereof he speaks. Steve just posted it last night, so I expect we’ll see updates and refinements shortly.

    How well does it work?

    You all know that I don’t yet recommend installing the January Meltdown/Spectre patches from Microsoft just yet — and there are NO KNOWN EXPLOITS at this point. But you should get this little utility and stick it in your hip pocket, to keep track of your system’s vulnerabilities.

    My main machine (AMD based) has this InSpectre report:

    As is always the case with Steve’s software, there’s no installer, no flab, no bull.

    Good stuff. Version 1.0, but expect updates momentarily.

  • Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    Posted on January 12th, 2018 at 06:57 woody Comment on the AskWoody Lounge

    If you own a PC with a Haswell or Broadwell processor (roughly 2014 to 2016 vintage), I strongly recommend that you refrain from installing the Meltdown/Spectre firmware updates, when they arrive.

    Intel’s detected a teensy-tiny problem.

    Computerworld Woody on Windows.