CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Cheers for the mention Mr Fox, I'm on an MSI motherboard though, so the following link is the page I'm paying close attention - still no updates!
https://www.msi.com/Motherboard/support/Z170A-KRAIT-GAMING-3X.html#down-bios

 

Ooops, my bad. I did not notice the spoiler with more detail.

 

The most effective security is doing everything by yourself.. no other software or antivirus can protect you from everything.. even antivirus company put backdoor for there own benefits. In the end everything is created by human so.. anything is possible no matter what... so if you want to have the best security is yourself. You are the security

 

Agreed, though the point of AV isn't total security, it's just automating parts of it. Most safety measures work best if you're also taking other precautions. Like a hard hat in addition to safety practices on a construction site. It's better to combine best practice with software or hardware assistance than to rely on either thing alone.

 

We are talking here about vulnerabilities that may be (are already?) exploited by malware, which is probable (but very less for spectre which need physical access).

As i work for an antivirus company, i can tell you nothing is safe.

- you can go to a total legit and renowned website and get infected because the site was compromised and malicious code were added to the pages (i.e. XSS attack, etc...).
- you can go to your favorite software vendors and get infected by the very installer you usually trusted because it was replaced by a weaponized one (i.e. Ccleaner, Linux Mint, etc...).
- you can have your networked PC getting infected via kernel exploits because it is just part of a compromised network. (i.e. Doublepulsar/EternalBlue/Wannacry, etc...).
- you datas can be collected because the relays routing your traffic to the website has been compromised (Man-in-the-middle).

You can't avoid this just by "common sense" and safe habits. No one is Neo and can detect malicious codes just with their eyes.
In the actual cyberscape, you need security solutions whatever it is an antivirus or browser addons or whatever apps you like .

Last week thousands of users were infected by the latest iteration of smartservice rootkit (an ads rootkit forcing your cpu to run a 100%), you can pinpoint it via a process called "Window Process Manager.exe".

Sure some skilled users don't need an antivirus but they usually use other security methods, like sandboxes, SRP, etc... but classic users do need.

People should not overlook security, there is way too many exploits/malware. Even me i am using security software, despite having the knowledge and skill to avoid many of the risks.
Security software are here to backup the users having reasonable safe habits, they can't help happy clickers or people bent on using cracks and other shady stuff.

 

And there you have it...If there's one guy here that is in the "know" its this guy.

Thanks for sharing your experience with us.

 

thank you and you are welcome

If i can advise members here, is to improve their security knowledge (via dedicated security forums, security blog articles made by vendors, etc...) which may help them to select the security solution most adapted to their need and skills.

 

Exactly, the exploits might be already in play - and for a long time - so when is the "right time" to patch to avoid infection? Right now.

You can't call it close enough to have any improvement in life quality that would outweigh the loss in life quality from being compromised - even if you never discover it occurred.

Neo couldn't figure it out either, he learned over time - virtual time - until reaction became instinctual. Neo's mind worked too slow to step in and interpret the situation and react, he wouldn't survive unless he "let go" and reacted. And, he was a top notch systems hacker to begin with.

Of course that's a movie, this is real life, right "Coppertop's"?

There is a certain satisfying value in beating the problem personally, or organizing ones computing resources such that infection doesn't matter, or is detected and dealt with automatically.

In this case we don't trust the problem, the solution, or those involved in disseminating the tools, patches, and microcode to have done a proper job developing the code.

We know they didn't have enough time testing it across a wide range of installations, fixing problems before we find them, optimizing performance so that the mitigation's don't impact our computer use, or even that it will all work to protect us enough to matter.

I'm of the camp that avoids the intrusions, is protected and backed up against loss should something come through, and I will avoid the install of additional software that I don't think is tested or vetted adequately. But, I will install the best software that is available, and learn to work around any glitches it induces.

Backup your data, image your OS's (also a backup, but it's not part of most people's backup routine) so you can restore your system to pre-infection, and pre-patched state.

Work out how to back out of the changes, patches, microcode updates before doing them. Read other's reports to get an idea what's going to happen, if anything, to your system before allowing the patches.

Then read the installation instructions carefully, and install the Windows patches you download yourself, the BIOS firmware updates when they arrive, and install them.

Or, use Windows Update and let it work out the details, prerequisite installs, so you don't need to waste time figuring it out on your own.

Then go back to work or fun, and don't worry about, until you run into something that has stopped working and decide if you want to roll back to your pre-patch-install state.

And, watch for patch, firmware, and application (browser) mitigation's as they become available.

I'll add things to the 1st post as they are available and seem ok to do - I'll wait to test them myself or get reports from others. And, if you want something added to the 1st post for others to see and use, please post here to get feedback from others, and once we are all happy with it, I will be happy to add it.

 

Pop-Up Mobile Ad's Surge as Sites Scramble to Stop Them
LILY HAY NEWMAN 01.08.1806:35 PM
https://www.wired.com/story/pop-up-mobile-ads-surge-as-sites-scramble-to-stop-them/

"Ad purchasers are apparently not well-vetted enough and are given too much leeway with regards to JavaScript code execution," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "I would like to see ad exchanges crack down on this type of aggressive code with a better screening process."

These's ad's with javascript are also an infection vector, which is one of the reason's it's a good idea to block ad's on sites that don't or can't manage them well - using services that anyone can buy "space" on and inject their own malware.

Meltdown and Spectre: Chip Vulnerabilities Could Facilitate Memory Leaks
POSTED: 4 JAN, 2018 2 MIN READ THREAT INTELLIGENCE
Most modern processors, regardless of operating system, are affected by vulnerabilities.
https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs

"The vulnerabilities are significant, since a successful exploit could allow attackers to gain unauthorized access to sensitive data, including passwords. However, exploit of any vulnerable computer would require an attacker to gain access to the targeted computer via a prior step, such as running a malicious application on it; through JavaScript which triggers an exploit in order to run as native code; or running JavaScript to map the kernel. All of these malicious activities can be blocked by Symantec products. Nevertheless, users are advised to apply operating system patches as soon as they are made available."

Meltdown and Spectre – Possible Javascript Vulnerabilities
Posted on January 5, 2018 by Dave Bennett
https://www.davebennett.tech/meltdown-and-spectre-javascript-vulnerabilities/

"Spectre Javascript Vulnerability:
As I mentioned earlier, Spectre could be exposed through Javascript or any other JIT compiled languaged. However, please don’t freak out and start disabling Javascript as some other clickbait news articles have suggested. For one, your browsing experience on most websites will be terrible if not impractical without Javascript. Secondly, the Spectre javascript vulnerability is very complicated to actually pull off."

We've already talked about the Firefox and Chrome site isolation settings, ublock origin to block ad's and other things - I turn on all the available filters and let ublock remove the duplication's, Privacy Badger to reduce the load on your browsing and information leakage, and NoScript - which I have gotten used to over many years but is a bit of a pain at first to train - disable/uncheck clearing "site preferences" for each browser in ccleaner if you have NoScript installed - it's a pain to retrain, but you get used to it.

I really hope 6 months from now all this is smoothed out, new CPU's from Intel and AMD are available or announced so these performance robbing mitigation's can be disabled.

Well, it looks like there are problems patching systems with Broadwell and Haswell CPU's too...

Intel’s Meltdown fix freaked out some Broadwells, Haswells
Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD’s admitted to Spectre problems
By Simon Sharwood, APAC Editor 12 Jan 2018 at 03:27
https://www.theregister.co.uk/2018/...ctre_fixes_make_broadwells_haswells_unstable/

"Intel’s warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable.

Chipzilla’s slipped out a statement to the effect that “We have received reports from a few customers of higher system reboots after applying firmware updates.” The problems have hit “Broadwell and Haswell CPUs for both client and data center.”

Intel’s said that if it needs to create a new fix, it will."

Security-First Pledge - An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
January 11, 2018
https://newsroom.intel.com/news-releases/security-first-pledge/

More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

 

Yees, Sir. Best security can’t fix or cure stupidity.

 

In an interesting turn of events, my Alienware 18 (haswell based) went up in smoke this evening after applying this new microcode to the BIOS. Not only is the motherboard destroyed, but for the first time in my longer computing history, the PROCESSOR (4940MX) has also died. Whether or not this is a cause of the microcode, I cannot say, but I’m alarmed to say the least and have rolled back my other machines.

Guess my Alienware 18 had a “meltdown”..... I’ll show myself out now

 

Sorry to hear that, YIPE!!

Check out the post about Haswell / Broadwell problems filed with Intel...

sigh, I'm going to +rep you and Like your post for sharing, but you know I don't "like" the situation.

Maybe you can get Intel to replace your laptop?? It's at least worth filing a claim with them, now's the time to get them to sit up and realize they might be killing CPU's on top of everything else!!

 

A Hell lot screens on last Alienwares with socket hardware blowed in the air with first builds of Windows 10. And now this, Oh'well, life sucks. But I can't think this is the culprit. Maybe post your info in the uCode fix for Spectre, HT bug fix and Meltdown thread.

 

Intel top brass smacked with sueball for keeping schtum about chip flaws
CEO, CFO under fire as lawsuits mount up
By Richard Priday 11 Jan 2018 at 20:40

Spoiler: Stockholder filed...

"An Intel stockholder filed a class-action lawsuit yesterday accusing the chipmaker of artificially inflating its stock prices by omitting to tell anyone about the Spectre and Meltdown flaws in its products.

The complaint, brought by Intel shareholder Elvis Alvira, pits investors who acquired Chipzilla's shares between July 27, 2017, and January 4, 2018, against the corporation, its chief exec Brian Krzanich, and chief financial officer Robert Swan.

The precise accusation is that Intel deliberately misled or failed to disclose important information to shareholders, that being the existence of design flaws in its processor circuitry, and the potential performance slowdown workarounds to correct the issue would cause. The secrecy of this information, the complaint stated, meant that Intel's share price was artificially inflated.

When word of the security vulnerabilities emerged on The Register's pages, and Intel's stock price dropped significantly, investments were damaged, the lawsuit alleged, and the class-action seeks to recover those losses.

The complaint filing [ PDF] pointed to Intel's Q2 and Q3 2017 financial filings, which indicated business as usual, and were signed off by Krzanich and Swan as being accurate.

The lawsuit also featured has El Reg's original article on Spectre and Meltdown, in particular the reporting of the "fundamental design flaw in Intel's processor chips" and the "ballpark figure of five to 30 per cent slow down" as evidence of what was really going on within Chipzilla's walls, and Intel's response a day later, when it admitted it had been warned by computer science experts that there were problems in its blueprints.

Within days of our first article hitting the web, Krzanich told the mainstream business press that researchers had alerted Intel about the flaws "a while ago." Indeed, apparently Google's staffers approached Chipzilla about the Spectre flaws on June 1, 2017, and Meltdown between that date and July 28, 2017.

At the time of writing, Intel has yet to file any response to the complaint. The case, Alvira v. Intel Corporation et al, was submitted to the central district court of California on Wednesday.

This is, to the best of our knowledge, the fourth sueball fired at Intel over the speculative execution engine design flaw debacle: last week complaints were filed in US district courts in San Francisco, CA [ PDF], Eugene, OR [ PDF], and Indianapolis, IN [ PDF], accusing the silicon factory of numerous things including deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

Meanwhile, the Law Offices of Howard G. Smith said last week it was investigating Intel execs' handling of the processor design flaws on behalf of Chipzilla's investors."

 

ignore if this posted before in thread;

Intel releases their internal performance analysis

https://overclock3d.net/news/cpu_ma...mance_analysis_after_spectre_meltdown_fixes/1

Today we are sharing data on several 6th, 7th and 8th Generation Intel® Core™ processor platforms using Windows* 10. We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms.

The performance impact of the mitigation on 8th generation platforms (Kaby Lake, Coffee Lake) with SSDs is small. Across a variety of workloads, including office productivity and media creation as represented in the SYSMark2014SE benchmark, the expected impact is less than 6 percent. In certain cases, some users may see a more noticeable impact. For instance, users who use web applications that involve complex JavaScript operations may see a somewhat higher impact (up to 10 percent based on our initial measurements). Workloads that are graphics-intensive like gaming or compute-intensive like financial analysis see minimal impact.

Our measurements of the impact on the 7th Gen Kaby Lake-H performance mobile platform are similar to the 8th generation platforms (approximately 7 percent on the SYSMark2014SE benchmark).

For the 6th generation Skylake-S platform, our measurements show the performance impact is slightly higher, but generally in line with the observations on 8th and 7th generation platforms (approximately 8 percent on the SYSMark2014SE benchmark). We have also measured performance on the same platform with Windows 7, a common configuration in the installed base, especially in office environments. The observed impact is small (approximately 6 percent on the SYSMark2014SE benchmark). Observed impact is even lower on systems with HDDs

PDF Link

 

Thank you for posting.

It's tough to know what's important to post from those long articles; you left out this little tidbit that casts a pall over Intel's results. In fact Intels' results as posted are partial and woefully incomplete - not enough to make a decision as to the full impact of the OS patches + firmware migrations.

Given what Cloud and Services companies have endured with only partial patches, re-jiggering their server / services mix to adapt, going to their Finance people to get funding for more resources, thinking it's all over now....

It is possible that updating firmware as a 2nd wave of updates could put them all back into the same "boat full of water" - needing to ask for more resources all over again - redoing all of their service mix, adding servers, and explaining this all over again to Finance and Customer service - not to mention those departments thinking they may need to prepare for a potential 3rd wave.

Given all that, it's very important to include all the relevant quotes from Intel's press releases, or just include it all within spoiler brackets so those interested can read the complete text within the post. I've found people tend to not actually jump to the quote site, and instead read the summary of what is in the post.

This quote from Intel in that article set's the whole tone for their results:

"We have conducted our own performance testing to look at this matter, though what must be noted is that our data does not include BIOS-level fixes for Spectre, so the impact could be higher in the future. These fixes have not been released yet for the motherboard we tested, though we plan to conduct additional testing when a new BIOS is released. "

So Intel's results are incomplete and not representative of the whole problem / solution impact on performance.

Given we have been seeing full reports of performance impact including all three mitigation's from individuals and companies for days now, it would seem Intel is still sandbagging.

Intel should be ahead of the curve, not behind the curve on the impact of the Spectre + Meltdown full performance result publication.

 

Think back to my explanations on the insider trading, design defect for product liability, and time line explanations for general legal principles. This suggests they may be suggesting a control person liability under section 20A of the exchange act with a standard 10b-5 omissions case, which hopefully there is an insider trading bit on the SEOs as well, where applicable. It will definitely be an interesting one to follow.

Sent from my SM-G900P using Tapatalk

 

Security was all an illusion and we were all duped into buying into a secure infrastructure which we are now seeing the truth. Deception is everywhere especially in big organisations.

Sent from my SM-G920F using Tapatalk

 

What's the point doing backups when security has been compromised?

Sent from my SM-G920F using Tapatalk

 

In case something goes wrong with the patches - you lose control as some have with boot-loops, frozen / dark screen at boot, unacceptable glitches or performance during normal use.

You can back up to a non-patched version, and either re-read the docs and read online before / after patching "fixes" to get rid of the problem. This full image backup let's you start over again.

Also, if the patches don't cause issues, and you boot ok, but miss or forget an app update or browser mitigation and get infected - and you notice - you can backup to a non-infected pre-patch image and start over again.

For other problems this method has given me a quick and easy way to try my own fixes for system issues - for myself and clients - I've used this method for 30+ years, always have multiple Full, incremental, and full spindle root backups - full metal backups - "image" backups.

Basically a copy of the boot partition's / volumes / drive 0. I use Macrium Reflect on Windows, and it's been my go to since Acronis borked me over a few times many years ago - when Macrium started.

Full image backup / restore gives you "infinite" "do-overs".

Here's the Macrium Reflect Free, which will let you do everything you need to image, clone, and restore from a bootable USB / DVD.

Free backup, disk imaging and cloning solution for personal and commercial use.
Protect your data, upgrade your hard disk or try new operating systems in the safe knowledge that everything is securely saved in an easily recovered backup file. Macrium Reflect supports backup to local, network and USB drives.

Macrium Reflect 7 Free Edition is ready to download now and has a number of additional features not available in version 6. It is now licensed for both home and business use.
https://www.macrium.com/reflectfree

Enjoy

 

I do backup with macrium and use images but since hearing that our cpus were compromised many years ago its not good news is it. I also use file history in Windows 10 too. I think all of the cpu manufacturers will have class action lawsuits against them for this deception. Also thanks for the info lol

Sent from my SM-G920F using Tapatalk

 

Well, you'll at least be restarting with the "clean" unfettered version of the compromised build.

The internet exploits can't be used until you go online, the damages happen after the PC goes online and you start exposing it to the internet.

So, do your image build offline, with OS, apps, patches, firmware updates all previously downloaded, and checked for "unfriendlies", then when you are all done and are happy with the build, take an image of it and save yourself the time of repeating all of those manual steps over and over again.

Even if the exposure has been there for years, it's not going to be used until you go online.

Theoretically, at least for these 3 vulnerabilities, you can build, patch, and create a "safe" from decades of exposure full image to restore from when needed again.

It's nice to have a copy of image builds to restore from. It at least gives you the illusion of control. Never underestimate the value of a few "Warm Fuzzy's", Full Metal backups, to fall back on. It shows you care about yourself, and your wellbeing.

 

Should SANs be patched to fix the Spectre and Meltdown bugs? Er ... yes and no
General assumption is yes. But five suppliers say no
By Chris Mellor 12 Jan 2018 at 10:32
https://www.theregister.co.uk/2018/..._the_spectre_and_meltdown_bugs_er_yes_and_no/

"Is the performance sapping spectre of the X86 Spectre/Meltdown bug fixes hanging over SAN storage arrays? The general assumption is "yes" but five suppliers say not.

You would expect SANs to need patching; they run their controller software on X86 servers after all.

UK storage architect Chris Evans writes: “Patching against Meltdown has resulted in performance degradation and increased resource usage, as reported for public cloud-based workloads.”

Spoiler: Details...

His understanding is that “the overhead for I/O is due to the context switching that occurs reading and writing data from an external device. I/O gets processed by the O/S kernel and the extra work involved in isolating kernel memory introduces an extra burden on each I/O. I expect both traditional (SAS/SATA) and NVMe drives would be affected because all of these protocols are managed by the kernel.”

He said he does wonder whether there’s a difference between SAS/SATA and NVMe, simply because NVMe is more efficient.

Specifically, for traditional storage arrays: “The additional work being performed with the KAISER patch appears to be introducing extra CPU load in the feedback reported so far. This means it also must affect latency. … The impact to traditional storage is two-fold. First, there’s extra system load, second potentially higher latency for application I/O."

Customers implementing this patch need to know if the increased array CPU levels will have an impact on their systems. A very busy array could have serious problems.

"The second issue of latency is more concerning. That’s because like most performance-related problems, quantifying the impact is really hard. Mixed workload profiles that exist on today’s shared arrays mean that predicting the impact of code change is hard. Hopefully, storage vendors are going to be up-front here and provide customers with some benchmark figures before they apply any patches.“

Nothing to see here - carry on...
But five suppliers say no, their SAN systems will not be affected.

In a blog post IBM says its storage appliances will emerge unscathed.

Here is a statement from Netapp: “Unlike a general-purpose operating system, Element OS is a closed system that does not provide mechanisms for running third-party code. Due to this behaviour, Element OS running on SolidFire or NetApp HCI Storage nodes is not affected by either the Spectre or Meltdown attacks as they depend on the ability to run malicious code directly on the target system.“

On this basis we would expect the same to be true for its DataONTAP FAS arrays as well.

Tintri founder and CTO Dr Kieran Harty tells us: “We are not vulnerable because we only run our own software on our appliances,” adding, “We’re not planning on patching the software that runs on our appliances.”

In effect, Tintri says it doesn’t have to make the performance or security choice - because its dedicated engineered appliance systems don’t run anybody else’s code except Tintri’s and so are secure already.

Meanwhile, DataCore told us that “once a [DataCore SAN] target request has been received by the kernel, whether from a SAN, a Hyper-Converged environment, or MaxParallel, there are no additional transitions to user space involved.

"As a result, based on the information currently available about the proposed mitigation strategies, it seems unlikely that there will be any performance impact on the storage presented by DataCore. Tests are still in progress in the lab to verify that this is the case.”

It doesn’t believe its SAN software needs patching: “DataCore has a close connection to the operation of the Windows kernel, however, it is currently believed that no software changes will be required to protect against the vulnerabilities or as a result of the mitigations. [Again] tests are still in progress in the lab to verify that this is the case.”

What is the rationale for this stance? DataCore says that in the event that a DataCore installation has been compromised, the risk of data under management being exposed currently appears to be almost zero.

A Datacore document that The Register has seen makes these claims:

In order for Meltdown to gain unauthorised access, the memory needs to have a virtual address assigned to it which is not the case for the DataCore cache. A virtual address will be assigned temporarily to individual cache buffers when performing specific operations on a snapshot, replicating data, or allocating storage to a thinly provisioned volume, but this will be released as soon as the operation is complete.

Given that the reported data access rate using Meltdown is up to 503KB/s it is implausible that an attacker would be able to identify a temporary mapping and extract data in the time available.

The DcsAddMem processes have access to user virtual addresses for the cache contents which would potentially open up an attack route using Spectre. However, Spectre requires that the application under attack be executing in order to be vulnerable and this is not the case for DcsAddMem. The processes are blocked within the kernel until virtualisation is stopped at which point the memory is released.

Infinidat CTO Brian Carmody was asked if Infinidat arrays would be affected, and told us: "Not affected. The design of InfiniBox provides no facility for non-privileged users to run 3rd party code locally on the system."

He's repeating the message put out by the other suppliers.

Reg comment
The consequences of some malware-toting person gaining access to mission-critical data could be severe so you really would not want your shared external storage arrays compromised. The Spectre and Meltdown bugs increase X86 servers' vulnerability attack surface, and SANs and filers are controlled by X86 servers, ergo … except not ergo, according to IBM, NetApp, Tintri, Infinidat and DataCore.

It seems this is a judgement call in a way. The suppliers are saying their customers do not have to make a choice between performance and security, because their systems are secure enough already. Are they? It’s not even your call as these suppliers are proposing not to patch their systems."

 

yea man, if its not broken don't fix it. my computer still the same, been using all the CPU that they claimed had issues for last few yrs. no problemo here. enterprise/cloud/business, by all means go for it or they'd probably get sued or lose client base, for me im just fine where i am. glad i didn't update this bs patch/bios update or i could be next without a working pc.

 

AMD updates their customers regarding Spectre and processor security
AMD are releasing optional microcode updates to mitigate the threat of variant 2
Published: 12th January 2018 | Source: AMD | Author: Mark Campbell
https://overclock3d.net/news/cpu_ma...rs_regarding_spectre_and_processor_security/1

"AMD has released a new update regarding the security of AMD processors, specifically regarding the recently announced exploit called Spectre. This update has left many AMD users concerned, as they consider AMD's newly released optional OS and Microcode updates for Spectre Variant 2 as an admission that the company is now at higher risk from the vulnerability.

To be clear, AMD stands by their "near zero" risk claims regarding Spectre Variant 2, with the exploit having never been demonstrated on an AMD processor. Regardless, AMD is taking steps to turn this "near-zero" risk into a no risk scenario, giving security conscious users the ability o pre-emotively install microcode updates that will provide them with total protection.

At this time it is unknown how these updates will be distributed, especially on a voluntary basis, though it is likely that these updates will be governed by as enable or disable option at a BIOS/UEFI level. These updates will be coming to both EPYC and Ryzen customers and partners.

This announcement does not mean that AMD is at any higher risk than previously announced, just that the company is taking additional steps to give their customers peace of mind and to prevent any potential future use of Spectre variant 2 on AMD Ryzen-based systems. Below is Mark Papermaster's official update on AMD Processor Security"

Spoiler: AMD Release

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.Google Project Zero (GPZ)

Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.

- We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
- Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
- Linux vendors are also rolling out patches across AMD products now.

GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.

- While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.

- AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.

- Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.

There have also been questions about GPU architectures.

- AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats"

AMD's Ryzen CPU's (Ryzen/TR/Epyc) & Vega/Polaris GPU's
http://forum.notebookreview.com/thr...ga-polaris-gpus.799348/page-394#post-10663356

 

I want to see Intel & AMD releasing ucode and other fixes directly to customers w/o 3rd party vendor involved. This will make sure customers are safe if there any exploit in the wild which must be fixed ASAP.

 

That can't happen if it's firmware updates that need to be flashed in the BIOS. And, it can't happen with OS's as the OS vendors need to develop and distribute the patches for their OS's.

All the CPU makers can do is guide, assist and test the changes.

The most important thing the CPU makers can do for themselves is to dig their way out of this by developing new CPU and chipset hardware.

It's frustrating for everyone.

 

This. To properly apply the microcode, it needs to be applied at the lowest level possible which would be BIOS, so that the microcode is loaded before Windows can load its [vulnerable] kernel. If you use the VMware method, the microcode is loaded AFTER Windows loads its kernel, which technically still makes it susceptible to attack.

Now Intel, AMD, ARM, don't have access to everybody's BIOS structure, and it varies from manufacturer to manufacturer, different all product lines as well (example: M17x R2 was Phoenix BIOS, M17x R3- A17R1 were InsydeH2O BIOS, current A17 R2-R4 use AMI/Aptio BIOS). It's up to OEMs to release the fixed BIOS, and I very much doubt anything prior to skylake will receive official OEM patching.

After the loss of the Alienware 18, I was going to go out and purchase a desktop, but I quickly remembered that I would be going out and paying top dollar exploitable hardware even today. I will wait until Intel can correct this exploit in hardware instead of going out and buying new hardware and taking a 6% performance hit right off the bat.

 

The first thing I do when I install Windows is disable that stupid file History (no offense meant) from Group Policy Editor and remove its existence from the right click context menu and the file properties. In Windows 10 RS4, the File History feature will be completely removed = https://www.windowscentral.com/microsoft-killing-file-history-windows-10-fall-creators-update

 

I don't know about everyone here, but my OS partition is, and always has been nothing but a place to install programs. I store NOTHING of value on the same partition as my OS. I have done that since the days of Windows 95. I can format my OS partition at any time without worry of losing important data.

Sent from my SM-G935T using Tapatalk

 

yep, some stuff that comes with windows you just don't need. there are some pretty awesome 3rd party software out there and macrium is one of them (well they do charge a premium for their server+ software tho). i disable windows update and restore point asap, disable windows firewall, disable page file etc etc. i dont want window to decide for me, i'll learn it and decide for myself and my own usage scenario. if i deem its less relevant or something thats too difficult to learn or too much time to understand, i will take the risk and let them choose for me but i blame myself when things go wrong, a good mindset to have.

btw phoenix, did you see ces optane 120GB m.2 SSD module? one of this will replace our raid array of flash SSD and be blazing fast. too bad it's only x2 lane and word has it from anandtech a x4 will be out later this year, so we expect to see decent sequential performance with just 1 single m.2 module.

 

yes offcourse. I move my libraries (docs, pics, music, videos, downloads) to D: and only install apps on C:. My steam and origin library are also on D: so if I have to format, I have nothing to backup, just format C: and continue

 

Current MSIBOOK's doesn't support Optane

 

I hope the next MSI refreshed GT series has an optan SSD for boot

 

Installation of all the applications, after installing the OS + drivers + tuning, migration of settings for each application, updates for the applications after installation, OS updates for each application that has updates after the installation.

Hours and hours and hours, not to mention a major hit on your download cap for the month.

All passed by instantly in real time, if you have an image backup.

Zip, bing, bang, boot, zoom, you're done and ready to try it all over again. Free and easy, no delay's, you probably won't even have time to forget what you botched that required the image restore, avoiding a disastrous repeat of recent history...

 

Time wasted recreating everything just the way you like is time you can't get back.

When you start paying attention to how much time you are losing every time you repeat the same boring re-installations and re-configuration, adding up all that time and it's a serious loss of useful life time.

The repetition of re-installation can be a calming zen like process, but there are so many other things I find much more fun.

 

yep that is what im hoping for as well, though im sure they'll have it, intel make lots of money with BGAs they'll for sure bring compatibility to it first. im not so much worried about optane not supported on MSI, rather I wish to see socket machine in their refreshed GT83VR line up, something like GT93VR?

eurocom mentioned they will refresh F5 with F7 when z390 comes out with 8 core intel CPU, so thats a 17" with socket CPU/GPU supports optane, from MSI, but honestly i'd rather have something like a 93VR support sockets while decent cooling plus 18".

well, officially, but in reality it will work. mobile equivalent of z170/270 PCIE m.2 slots should be capable of recognizing these just fine and treat them as regular SSD. in AHCI mode of course, or raid UEFI if people getting more than 1.

 

Intel Acknowledges Higher Reboots Affecting "Haswell" and "Broadwell"
PRESS RELEASE by btarunr Friday, January 12th 2018 11:24 Discuss (7 Comments)
As Intel CEO Brian Krzanich emphasized in his Security-First Pledge, Intel is committed to transparency in reporting progress in handling the Google Project Zero exploits.

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.

End-users should continue to apply updates recommended by their system and operating system providers.

 

Pay attention that this 10% perf. loss (20% responsiveness decrease in benchmark on Win10 according to Inte's tests) covers only 2 out of 3 exploits and will be stacked up with additional decrease after firmware update.
While Ryzens will avoid this decrease fully or most of this decrease at least (according to AMD they are totally immune to one variant and near-zero immune to the 2nd which takes software update with negligent performance decrease).

 

Man, this is looking good for AMD right now.

 

Couldn't have come at a better time for them with Zen+ coming out in a few months.

 

Until now AMD didn't utter a word on the CVE-2017-5715 a.k.a Branch Target Injection, same goes for Apple. But with Apple it was Intel CPUs so they will be hit with multiple slowdowns from the Meltdown a.k.a Rouge Data Cache Load (Which also affects ARM Cortex A-75 which will launch later) & 5715. Which everyone are waiting for the patch to appear.

Today Jan 12 AMD released their PR for the CVE 2017-5715. It doesn't even have anything like "Performance", where Intel tried to lessen the impact by giving false information on the minimal impact, normal browsing, etc crap and pushing a botched update. This is where Intel screwed it up as I mentioned in a post back a few pages, Haswell to be specific. Because this is the Spectre issue where Microcode update needs to be done, True for both Intel and AMD.

PCworld also says the same to wait for the news regarding the performance impact, If any.

Also believing that Near Zero Risk of exploitation statement from any of these Tech companies is laughable, considering this new/old PSP flaw same like Intel ME storm. Apple also said the same regarding the Spectre Risk, We all know how the social iCloud hack happened, And how M$'s SMB Flaw (leaked from NSA stash - Eternalblue) led to that WannaCry Cryptoransomware & Equifax ended up with the unpatched Apache Strut (+ third party malvertising later)

So it's like just waiting to happen, nothing is bulletproof when it comes to this as said by an NBR member

Nothing is changed for me on AMD or any giant, except it's worse now that learning about Intel and how the whole Industry kept this under a nice $$$ rug. 10+ year old issue came to light in 2018, after 6Months of being kept secret..what's next ?

 

If these updates significantly affect my existing CPU, Zen+ will be absolutely the top of my list for replacement chips.

 

Discovering in another 10 years that we made Skynet in 2018 and it's been running the world the entire time instead of making terminators?

 

New Security Flaw Hits Intel, Laptops this time

F-Secure has reported another serious flaw in Intel hardware, which could enable hackers to access corporate laptops. Standard password of Intels Management Engine BIOS Extension are rarely changed and can invoke business laptops vulnerable to unauthorized remote access, claims F-Secure.

"The issue potentially affects millions of laptops globally," said F-Secure consultant Harry Sintonen, who discovered the flaw. "It's of an almost shocking simplicity, but its destructive potential is unbelievable."

 

Final nail on the coffin.
Intel will need to re-design and re-structure/refactor their designs.

 

Near 0 risk means it has not happened yet that they know of. Not confidence inspiring. AMD closing the barn door before the horses get out is a good thing.

Edit; The die hard Intel fanboy's seem absent as of late, where are you guys now? Would love to hear about how great , reliable and trustworthy Intel is about now.

 

Nobody is reliable in the technology realm. The big shots (OEMs and ODMs) are all losers of varying degrees. Intel is not reliable (their products are) and neither are NVIDIA or AMD. Neither is Micro$loth. We cannot trust any of them to do the right thing on anything.

Patch testing done now. I am more convinced than ever before the ludicrous amount of hype and drama surrounding is part of a scam with an ulterior motive of some kind. The performance differences are negligible for my purposes. I actually beat my own Fire Strike high score with the "performance reducing" fixes, LOL. Cinebench and wPrime have some kind of glitch after patching, with slightly reduced scores (just a few points and some strange stutter/lag thing).

Now that this chore is out of the way... back to what I prefer. Performance trumps security for me. I don't need the patches or the crappier newer versions of the Windoze OS X abortion.

 

Steam has the general files and rebuilds once it sees the library on the other drive. No work on your end for that. Still like the stable system backup otherwise...

 

Did you ever see the show Person of Interest?