Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Mind boggled: The Meltdown/Spectre microcode patches

    Posted on August 30th, 2018 at 07:11 woody Comment on the AskWoody Lounge

    I just read a tweetstorm from @Karl_F1_Fan to @Crysta that has my head swimming. Here’s what he says:

    Hi Crysta,

    Your quotes to Microsoft articles are right but things have developed over time. First they asked to set the bitmask for meltdown and Spectre 2 to

    FeatureSettingsOverride 1
    FeatureSettingsOverrideMask 3

    for intel clients and servers + the QualityCompat flag

    The qualitycompatflag was removed with a patch in March for both clients and servers. Then Microsoft advised the same registry mask for Intel but for AMD it was

    FeatureSettingsOverride 64
    FeatureSettingsOverrideMask 3

    (I won’t handle disable flags here for easiness.)

    With the appearance of Spectre NG the flags changed again for both AMD and Intel to

    FeatureSettingsOverride 8
    FeatureSettingsOverrideMask 3

    which Microsoft is falsely or incompletely advising now in the L1TF article. If a user is setting 1/3 it will DISABLE protection CVE-2018-3639 [speculative store bypass] also it will disable AMD protections.

    Meltdown, Spectre 2 / 3, 3a / 4 / L1TF need microcode updates or the seperate updates deployed for Windows 10 in August 2018 + 2018-08 CUs. In addition Microsoft choose that only servers need the registry keys to enable protection. I would advise all customers to apply them.

    The current situation is unbearable for average sys admins and there is too much confusion.

    IMHO Microsoft should roll out all microcode updates for any OS and enable protection by default without any registry keys it is much easier to understand how to disable it.

    The current situation is that only @Dell really cares to bring out BIOS updates for ANY systems back to 2009 whilst other OEMs don’t give a ****.. no matter if we are talking about enterprise or home.

    @ASUS there are no microcodes for all systems, as Intel provided. @HP is not updating their site accordingly so the theme sites indicate updates are missing or pending, while being partially available on the product site. We better don’t talk about lack of support from @Acer Lenovo or Medion etc. Without Win10 we would have no protection at all

    Based on a variety of 70 client pcs and servers of various OEMS / vendors only 18 received all BIOS microcode updates. 6 had too old Intel / AMD CPUs, more than 21 are only patches because Microsoft rolled out (optional) Microcode Updates. Others unprotected due to old Windows Client / Server version.

    How’s that for the very definition of falling into the briar patch?

    UPDATE: I just followed a link from @teroalhonen to a discussion on Anandtech of the new Intel processors and how they fare with Meltdown and Spectre. Clearly, whoever put together this slide didn’t have a clue.

    I sympathize. If Anandtech can’t get it right, what chance do we mortals have? Whotta mess.

    ANOTHER UPDATE: ‘Softie Jorge Lopez (@J0RGEL0P3Z) posted a few hours ago:

     

  • Patch Lady – what’s up with the Microcode updates?

    Posted on August 28th, 2018 at 09:09 Susan Bradley Comment on the AskWoody Lounge

    Yesterday we’ve been seeing potential issues with the microcode updates and they were expired off of  WSUS servers last night…

    https://www.reddit.com/r/sysadmin/comments/9apooi/kb4100347_rendering_systems_unbootable/?st=jlckzbjr&sh=94b0f954

    https://www.reddit.com/r/Windows10/comments/995k2s/got_the_kb4100347_update_july_cumulative_update/e4m9ffn

    https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4100347-intel-cpu-update-causing-boot-issues-and-pushed-to-amd-users/

    Unsure what’s up, but Microsoft appears to be pulling these updates back.

    I think there is/was metadata detection issues and they were offered up and installed on machines they shouldn’t have been installed.

    UPDATE: Günter Born has a compelling history posted on his Born City site.

  • Microsoft Patch Alert: August is much, much better than July

    Posted on August 23rd, 2018 at 14:17 woody Comment on the AskWoody Lounge

    There are still some well-known (even acknowledged) bugs, and the inanities performed in the name of Meltdown and Spectre continue to boggle my mind.

    And, of course, you can’t post any before-and-after performance statistics about the Intel microcode patches.

    Computerworld Woody on Windows.

    UPDATE: Intel has backed off its ridiculous (and likely unenforceable) gag order. See Paul Alcorn’s article on Tom’s Hardware.

  • NetSpectre — a remote Spectre v1 attack

    Posted on August 1st, 2018 at 13:36 woody Comment on the AskWoody Lounge

    Michael Heller reports on TechTarget:

    Researchers developed a new proof-of-concept attack on Spectre variant 1 that can be performed remotely (say, via a browser)… requires no attacker-controlled code on the target device… this NetSpectre variant is able to leak 15 bits per hour from a vulnerable target system.

    Kevin Beaumont had a great analysis:

    I’m still not shaking in my boots about Meltdown or Spectre.

  • New version of Chrome guards against Spectre-like attacks, but eats more memory

    Posted on July 13th, 2018 at 06:02 woody Comment on the AskWoody Lounge

    We still haven’t seen a commercial implementation of the Meltdown or Spectre security vectors, but Google’s had this “site isolation” technology in the works for six years. This week, they flipped the switch. Now, your copy of Chrome on Windows will gobble even more memory. But you’ll be protected from Spectre attacks coming from the most likely source — your browser.

    Gregg Keizer in Computerworld:

    Google has switched on Site Isolation for the vast majority of Chrome users – 99% of them by the search giant’s account.

    Good article. Check it out.

    Nipping Spectre in the browser sure beats the all-on assault that’s unfolding in the rest of the ecosystem. I continue to maintain that the first major Meltdown and Spectre infections we’ll see in the wild will come through the browser.

  • A note about the “new” Spectre NG revelations

    Posted on May 23rd, 2018 at 11:25 woody Comment on the AskWoody Lounge

    Several of you have pinged me about the Spectre NG (variously, Specter V4, Spectre V4, Specter-NG, and enough alternatives to make Google search interesting) posts by Microsoft and Intel earlier this week.

    We talked about those bad boys on May 3, when Günter Born posted his first exploration of the problems and their fleeting solutions. Born has since updated his exploration with a further discussion of the mysteries surrounding Microsoft’s patches — which are horribly documented, as usual.

    Microsoft has posted two Security Advisories, ADV180012 (for CVE-2018-3639) and ADV180013 (for CVE-2018-3640) that deal with related problems. The first Advisory says that Microsoft doesn’t have any idea which versions of Windows (or Azure) are affected. The second Advisory says that Surface machines are affected, but there’s no fix right now.

    Intel has a good overview of the “side-channel analysis” problems, which says that Intel anticipated the problem, increased its bug bounty, and:

    We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.

    Which should send a chill down the spine of anyone who’s had to deal with the earlier Meltdown, Spectre V1, V2, and V3 fire drills.

    @Kirsty has been following the latest developments in our Code Red forum. She points to excellent articles by Catalin Cimpanu, Steven Vaughan-Nichols and Martin Brinkmann.

    Big open question: How much more performance will the new mitigations consume?

    Noel Carboni has a key observation:

    It strikes me again and again that “Spectre” and “Meltdown” are first and foremost tools to manipulate the masses, used by those trying to make money in “security”.

    Nailed it.

    I’m not saying that Microsoft, Intel, AMD, Qualcomm and others had a hand in bringing down the Meltdown/Spectre curtain. I am saying they stand to make a whole lotta money out of it, and added publicity doesn’t hurt one whit.

    Oh. And it should go without saying that we haven’t yet seen one, single, solitary Meltdown or Spectre exploit in general use.

  • Microsoft offers more Spectre v2 microcode updates, KB 4090007, KB 4091663, KB 4091664

    Posted on April 26th, 2018 at 09:42 woody Comment on the AskWoody Lounge

    Yesterday, I posted a note about two new Spectre v2 patches, KB 4078407 and KB 4091666.

    The first is a Win10-only fix that has to be combined with a microcode change from your hardware manufacturer in order to accomplish anything. As @abbodi86 notes:

    KB4078407 is not a patch, it’s just an executable that enables the Spectre mitigation protection by changing two registry entries

    The second is a microcode-only, Intel-only, Win10 1507-only patch that changes the microcode for a large number of Intel processors.

    This morning, Günter Born notes on Borncity that there are now four of these microcode patches:

    In addition to the one I described yesterday, KB4091666 for Win10 1507.

    None of them are available through Windows Update. You have to manually dig into the Update Catalog to get them.

    As noted (voluminously) there are no known exploits as yet for Meltdown, Spectre v1 or Spectre v2. You might want to tuck these away in case we ever see a reason to use them.

  • Are Windows customers getting Meltdown/Spectre bullied into buying new computers?

    Posted on April 25th, 2018 at 02:29 woody Comment on the AskWoody Lounge

    Just got this from @dportenlanger:

    I think Windows users are getting snubbed. I have an old Clarksfield processor that Intel will not be updating via the BIOS. However, the Linux microcode 20180312 exists for my processor…. the Intel® Core™ i7-920XM Processor Extreme Edition (8M Cache, 2.00 GHz) at this link:

    https://downloadcenter.intel.com/download/27591/?product=43126

    So what fixes are in the 20180312 Linux Microcode? Here is a clue:

    https://www.phoronix.com/scan.php?page=news_item&px=Intel-Microcode-20180312

    I believe this is why Linux users are secure and Windows users are getting bullied (sorry, I hate that word, how about “marketed”) into new computers.

    I know this is a site for Windows Updates and news. I think this is Windows news if my conclusions are right and someone needs to call out Intel and Microsoft.

    Is that a strange conspiracy theory — or is there an element of truth to it?