News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • “Side channel” vulnerabilities and Windows

    Posted on May 19th, 2019 at 12:07 woody Comment on the AskWoody Lounge

    I’ve avoided talking much about Spectre, Meltdown and the like because there’s an endless succession of patches to Windows and the hardware – and registry changes to go with them – and we still haven’t seen a real-world exploit.

    If you’re running a high profile server, though, you should keep up on this stuff.

    Karl Wester-Ebbinghaus (@alqmar) has come up with an exhaustive list of patches, patches to patches, BIOS updates and registry settings, all related to the “side channel” vulnerabilities. Click on the comment link at the top to see the results of his extensive investigation.

  • Google’s JavaScript team: Spectre mitigation doomed to failure

    Posted on April 23rd, 2019 at 11:38 woody Comment on the AskWoody Lounge

    That isn’t exactly what they said, but it’s pretty close. Here’s what they do say:

    A year with Spectre… When it was shown that JavaScript could be used to mount Spectre attacks, the V8 team became involved in tackling the problem…  offensive research [from the white and gray hats] advanced much faster than our defensive research, and we quickly discovered that software mitigation of all possible leaks due to Spectre was infeasible… the engineering effort diverted to combating Spectre was disproportionate to its threat level… the increasingly complicated mitigations that we designed and implemented carried significant complexity, which is technical debt and might actually increase the attack surface, and performance overheads… We still know of no attacks in the wild, outside of the curious tinkerers and professional researchers developing proof of concept gadgets

    Make no mistake, Meltdown and Spectre could become nightmares. At some point in the far future. For now, don’t worry about it, OK?

  • On Security: Patch Lady Susan Bradley explains why you might — or might not — want to protect your machine from Spectre and Meltdown

    Posted on February 25th, 2019 at 03:57 woody Comment on the AskWoody Lounge

    Microsoft keeps releasing patches for Spectre, Meltdown, and similar vulnerabilities — tons of them. Do you really need them?

    Even if you have the patches installed, they may not be working. That’s intentional — in some cases you have to manually enable the patch.

    Here’s a quick overview of the problem, a look at Steve Gibson’s free InSpectre tool that’ll poke at your system, and some solid recommendations for when you might be at risk, and when you can gleefully thumb your nose.

    Out this morning to all AskWoody Plus members, in AskWoody Plus Newsletter 16.7.0.

  • Patch Lady – How to update Win10 to fix Spectre, Meltdown and other side channel vulnerabilities

    Posted on February 22nd, 2019 at 17:05 woody Comment on the AskWoody Lounge

    Patch Lady Susan Bradley’s latest column in CSOOnline:

    In January 2018, security news media was abuzz over a new class of vulnerability called side channel vulnerabilities. Spectre, Meltdown and Foreshadow are some of the best known. They exploit weaknesses in speculative execution in microprocessors to leak unauthorized information. Side channel vulnerabilities allow attackers to bypass account permissions, virtualization boundaries and protected memory regions.

    Patching these vulnerabilities is not easy. They are mitigated by a combination of patches from both the chipset vendor and the operating system provider. Worse, there is often a noticeable performance hit after installing these updates…

    Windows servers in particular need specific guidance as most of the protections are not enabled by default.

    If you’re running a server that’s potentially at risk, it would behoove you to read this article.

  • Mind boggled: The Meltdown/Spectre microcode patches

    Posted on August 30th, 2018 at 07:11 woody Comment on the AskWoody Lounge

    I just read a tweetstorm from @Karl_F1_Fan to @Crysta that has my head swimming. Here’s what he says:

    Hi Crysta,

    Your quotes to Microsoft articles are right but things have developed over time. First they asked to set the bitmask for meltdown and Spectre 2 to

    FeatureSettingsOverride 1
    FeatureSettingsOverrideMask 3

    for intel clients and servers + the QualityCompat flag

    The qualitycompatflag was removed with a patch in March for both clients and servers. Then Microsoft advised the same registry mask for Intel but for AMD it was

    FeatureSettingsOverride 64
    FeatureSettingsOverrideMask 3

    (I won’t handle disable flags here for easiness.)

    With the appearance of Spectre NG the flags changed again for both AMD and Intel to

    FeatureSettingsOverride 8
    FeatureSettingsOverrideMask 3

    which Microsoft is falsely or incompletely advising now in the L1TF article. If a user is setting 1/3 it will DISABLE protection CVE-2018-3639 [speculative store bypass] also it will disable AMD protections.

    Meltdown, Spectre 2 / 3, 3a / 4 / L1TF need microcode updates or the seperate updates deployed for Windows 10 in August 2018 + 2018-08 CUs. In addition Microsoft choose that only servers need the registry keys to enable protection. I would advise all customers to apply them.

    The current situation is unbearable for average sys admins and there is too much confusion.

    IMHO Microsoft should roll out all microcode updates for any OS and enable protection by default without any registry keys it is much easier to understand how to disable it.

    The current situation is that only @Dell really cares to bring out BIOS updates for ANY systems back to 2009 whilst other OEMs don’t give a ****.. no matter if we are talking about enterprise or home.

    @ASUS there are no microcodes for all systems, as Intel provided. @HP is not updating their site accordingly so the theme sites indicate updates are missing or pending, while being partially available on the product site. We better don’t talk about lack of support from @Acer Lenovo or Medion etc. Without Win10 we would have no protection at all

    Based on a variety of 70 client pcs and servers of various OEMS / vendors only 18 received all BIOS microcode updates. 6 had too old Intel / AMD CPUs, more than 21 are only patches because Microsoft rolled out (optional) Microcode Updates. Others unprotected due to old Windows Client / Server version.

    How’s that for the very definition of falling into the briar patch?

    UPDATE: I just followed a link from @teroalhonen to a discussion on Anandtech of the new Intel processors and how they fare with Meltdown and Spectre. Clearly, whoever put together this slide didn’t have a clue.

    I sympathize. If Anandtech can’t get it right, what chance do we mortals have? Whotta mess.

    ANOTHER UPDATE: ‘Softie Jorge Lopez (@J0RGEL0P3Z) posted a few hours ago:

     

  • Patch Lady – what’s up with the Microcode updates?

    Posted on August 28th, 2018 at 09:09 Susan Bradley Comment on the AskWoody Lounge

    Yesterday we’ve been seeing potential issues with the microcode updates and they were expired off of  WSUS servers last night…

    https://www.reddit.com/r/sysadmin/comments/9apooi/kb4100347_rendering_systems_unbootable/?st=jlckzbjr&sh=94b0f954

    https://www.reddit.com/r/Windows10/comments/995k2s/got_the_kb4100347_update_july_cumulative_update/e4m9ffn

    https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4100347-intel-cpu-update-causing-boot-issues-and-pushed-to-amd-users/

    Unsure what’s up, but Microsoft appears to be pulling these updates back.

    I think there is/was metadata detection issues and they were offered up and installed on machines they shouldn’t have been installed.

    UPDATE: Günter Born has a compelling history posted on his Born City site.

  • Microsoft Patch Alert: August is much, much better than July

    Posted on August 23rd, 2018 at 14:17 woody Comment on the AskWoody Lounge

    There are still some well-known (even acknowledged) bugs, and the inanities performed in the name of Meltdown and Spectre continue to boggle my mind.

    And, of course, you can’t post any before-and-after performance statistics about the Intel microcode patches.

    Computerworld Woody on Windows.

    UPDATE: Intel has backed off its ridiculous (and likely unenforceable) gag order. See Paul Alcorn’s article on Tom’s Hardware.

  • NetSpectre — a remote Spectre v1 attack

    Posted on August 1st, 2018 at 13:36 woody Comment on the AskWoody Lounge

    Michael Heller reports on TechTarget:

    Researchers developed a new proof-of-concept attack on Spectre variant 1 that can be performed remotely (say, via a browser)… requires no attacker-controlled code on the target device… this NetSpectre variant is able to leak 15 bits per hour from a vulnerable target system.

    Kevin Beaumont had a great analysis:

    I’m still not shaking in my boots about Meltdown or Spectre.