CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

(They're already gonna do a BIOS update with the latest Spectre-fixed microcode, so neither here nor there.)

 

Linux 4.16 arrives, erases eight CPUs and keeps melting Meltdown
Kernel’s now 450,000 lines lighter after ditching chip architectures nobody used
By Simon Sharwood, APAC Editor 3 Apr 2018 at 04:01
https://www.theregister.co.uk/2018/04/03/linux_4_16_released/

"... Linux 4.16 continues the effort to deal with the Meltdown and Spectre CPU design messes: it adds protection for s390, Hyper-V, 64-bit Arm CPUs, and further refines fixes for x86s.

Developers will enjoy new drivers that make Linux a better-behaved guest in Oracle’s popular VirtualBox desktop hypervisor. Also on matters virtual, changes to KVM mean AMD Secure Encrypted Virtualization should now work under Linux.

There’s also a stack of networking improvements, the usual tweaks to file systems, improvements to establish Thunderbolt connections more quickly and support for more hot-swappable GPUs.

As ever, full details and downloads are on offer at kernel.org."

Linux Kernel 4.16: Networking Patches and More
PAUL BROWN, APRIL 2, 2018
https://www.linux.com/blog/2018/4/linux-kernel-416-networking-patches-and-more

"Linus Torvalds released version 4.16 of the Linux Kernel on Sunday, April 1st, nine weeks after the previous version. After the rather eventful 4.15 cycle, which included the loss of the Linux Kernel Mailing List for several days and the fallout from the Meltdown and Spectre bugs, 4.16 has been mercifully smooth.

Not all smooth, though. There was a big bump in the amount of patches in RC7 that nearly derailed Sunday's release. However, looking into it, Torvalds noted that the abnormal number of submissions may have been due to the fact that during the RC5 and 6 cycles there had been almost no patches regarding networking. This meant there was a backlog of " 2.5 weeks worth of networking stuff, and that makes rc7 look artificially bigger. That's my story, and I'm sticking to it. " Torvalds said.

Getting back to Meltdown and Spectre, the dust kicked up by both bugs still hasn't completely settled. Quite a few patches were included to try and ameliorate some of their effects. Both 64-bit ARM and IBM z s390 architectures get patches that mitigate possible exploits. Meanwhile, access to /dev/mem is now more restrictive and the code that keeps x86 architectures safe has been cleaned up and optimized.

In more productive news, the VirtualBox Guest driver was merged into the mainline kernel. This means that the VirtualBox VM should work better on Linux from now on. Vaguely related, Jailhouse, a partitioning Hypervisor developed by Siemens, is now also supported in the mainline kernel. Jailhouse is different to other hypervisors in that it can be loaded and configured by a normal Linux system.

Other stuff to look forward to in Linux kernel 4.16

• The AMD GPU DC display code has been improved so as to incorporate better multi-display support. This means that the highest display rate will be used when synchronizing several monitors. The new code also mitigates underflow/corruption problems which manifest as flickering ghosts when elements are moved on the desktop.
• Operations for in-kernel filesystems will probably become faster thanks to a patch that optimizes the update of inode data and metadata. In some cases, the speed registered in read bandwidth increased to more than 200 percent.
• There have been updates to the open source Risc V ISA, which was merged in 4.15. However, there are no device drivers yet.
• Some new devices that are now supported in the mainline kernel include the Orange Pi R1, NVIDIA's Tegra TX2, and the second generation "One by Wacom" tablets.

As usual, you can find out more by checking out the writeups at Kernel Newbies and Phoronix. "

 

@hmscott I'll give it a go.

 

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed
And won’t fix Meltdown nor Spectre for 10 product families covering 230-plus CPUs
By Simon Sharwood, APAC Editor 4 Apr 2018 at 01:15
https://www.theregister.co.uk/2018/04/04/intel_says_some_cpus_with_spectre_v2_cant_be_fixed/

"Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities.

The new guidance, issued April 2, adds a “stopped” status to Intel’s “production status” category in its array of available Meltdown and Spectre security updates. "Stopped" indicates there will be no microcode patch to kill off Meltdown and Spectre.

The guidance explains that a chipset earns “stopped” status because, “after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons.”

Those reasons are given as:

• Micro-architectural characteristics that preclude a practical implementation of features mitigating [Spectre] Variant 2 (CVE-2017-5715)
• Limited Commercially Available System Software support
• Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Thus, if a chip family falls under one of those categories – such as Intel can't easily fix Spectre v2 in the design, or customers don't think the hardware will be exploited – it gets a "stopped" sticker. To leverage the vulnerabilities, malware needs to be running on a system, so if the computer is totally closed off from the outside world, administrators may feel it's not worth the hassle applying messy microcode, operating system, or application updates.

"Stopped" CPUs that won’t therefore get a fix are in the Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield, and Yorkfield Xeon families. The new list includes various Xeons, Core CPUs, Pentiums, Celerons, and Atoms – just about everything Intel makes.

Most the CPUs listed above are oldies that went on sale between 2007 and 2011, so it is likely few remain in normal use.

Intel has not revealed which of the "stopped" CPUs listed can’t be mitigated at all, and which Chipzilla can't be bothered finishing patches for. We’ve asked Intel to provide that list, and will update this story if the biz replies.

There’s some good news in the tweaked guidance: the Arrandale, Clarkdale, Lynnfield, Nehalem, and Westmere families that were previously un-patched now have working fixes available in production, apparently.

“We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero," an Intel spokesperson told The Reg.

"However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”

Now all Intel has to do is sort out a bunch of lawsuits, make sure future products don’t have similar problems, combat a revved-up-and-righteous AMD and Qualcomm in the data centre, find a way to get PC buyers interested in new kit again, and make sure it doesn’t flub emerging markets like IoT and 5G like it flubbed the billion-a-year mobile CPU market."

Comments

 

hmscott, that article is wrong. They didn't say they 'can't be fixed'. They simply state they won't spend the resources to do so.

Business decision (period).

Sigh...

 

The article is quoting Intel's stated reasons for their decision. It doesn't mean the article or the reporting is wrong, it means Intel isn't telling the whole truth.

If anything it's Intel trying to staunch the bleeding wherever it can.

We know that already from Intel's past behavior to question what they say, and to question Intel's stated motivations.

It isn't a surprise for Intel to provide misleading and understated information, and it's always a good idea to follow the money (costs) to find Intel's real motivations,

If enough people complain, the right people (with money) could reverse individual CPU mitigation coverage by Intel - changing Intel's motivation to fix a class of CPU, or individual sku.

It is also possible to "encourage" Intel to perform - sue them, bad press, government intervention - so this is by no means the end status for each CPU Intel is saying it's not covering.

Intel's press release and details submitted through Intel's ongoing mitigation coverage list is a point in time statement by Intel - testing the waters.

Intel's final responsibility for each affected CPU is not going to be finally decided over for quite a long time.

 

I can't really see people/organisations making a fuss about lack of Spectre support for the older models of CPU listed as 'stopped' in terms of microcode development - there's not many of those systems being used at the moment, or at least not connected to the internet (that's what they said, and I can imagine that to be the case). So based on that, is it gonna be a big deal that they've stopped microcode development for those older CPUs, I'm thinking not so much.

 

The installed base of Windows 7 computers is still *larger* than the installed base of Windows 10, and it doesn't look like that is going to change anytime soon.

So there are a lot of *old* computers with old CPU's running in the field, some still on that list to be fixed, and some on the list of not to be fixed.

A large portion of those old systems are government, military, and large corporate installations. Those are the people with the money and legal influence to sway Intel one way or the other to cover mitigation for specific old CPU's.

Intel may have taken polls with some of those installations technical people as to which CPU's to cover, but as per typical, the screaming from the financial people hasn't started yet.

The technical people want an excuse to upgrade - spend money - but as soon as they ask the financial people to replace large numbers of systems with the justification that "Intel screwed up", the natural response is to apply their Legal resources to get Intel to "pay for it".

Intel would rather invest in fixing the problem than paying penalties and restitution, so depending on the exposure for each CPU clients still have running, the classification of some of those "abandoned" CPU's will be changed "to be fixed".

Intel is testing the waters with that publication of intent, and I wouldn't be surprised to find some of those CPU's on the "not to be fixed" list will be fixed in the end.

Like I said, this is going to keep going on for a long long time.

 

Well maybe, we'll see what happens.

 

Intel will continue to "get away with" not fixing what they can get away with, it will be interesting to see what they can pull off and not get called on down the road. And, how much the World industry and government get involved in making Intel fix more than they want to on their own.

The more interesting thing I am waiting for are the new CPU's from Intel, AMD, ARM, etc to counter these vulnerabilities and how it improves performance vs the "fixed" legacy CPU's, and how quickly the legacy CPU's lose their value.

Closer to current time, I am interested to see how the recently released Intel 8th generation CPU's treat this problem. Are they "fixed" in the sense that there are Zero vulnerabilities, are the same fixes merely baked into the CPU - not requiring microcode patches - and if those fixes are able to be disabled - what performance hit is had by enabling the fixes vs disabling the fixes.

It's something I haven't seen anyone mention in the 8th gen vs 7th gen CPU reviews currently available. I wonder how much better / worse those performance improvements are with the mitigations enabled and disabled, for both generations.

 

You're the judge and jury for Intel, it seems.

Those ancient chips used (or 'hardly' used today...) make no economic sense to contain partial fixes for Intel to implement or anyone else to want to continue using if security is really their primary goal.

There is nothing misleading about what Intel has stated; the fixes provided for 9 plus years of CPU's is more than enough for me to say I'd have gotten my $$$'s worth (if I was even running anything that old...).

Regardless of what O/S has a bigger installed base...

As for the litigation that is looming over Intel? Those older products didn't change overnight from when they were sold as to how they were promised to perform... a case like that would be thrown out in a minute in any logical court in the land.

 

Intel has promised to include hardware fixes for Meltdown Spectre vulnerabilities by the end of 2018, so the new 8th Gen H CPU's aren't fixed in hardware, as it's still the beginning of 2018.

Here's the Intel promise for hardware fixes in CPU's shipping near the end of 2018:

Hardware-based Protection Coming to Data Center and PC Products Later this Year
By Brian Krzanich, March 15, 2018
https://newsroom.intel.com/editorials/advancing-security-silicon-level/

"... These changes will begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel® Core™ processors expected to ship in the second half of 2018. As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance."

You can see the whole blog post at the link above.

The new Intel 8th Gen H laptop CPU's are just as vulnerable to Spectre and Meltdown as every previous Intel CPU so make sure your OS has the latest patches installed if you are concerned about security issues related to those vulnerabilities.

 

There is a definite difference in the way we are responding to Intel abandoning large swath's of generations of CPU's. I have CPU's in service that are on that list of "STOPPED Production Status", so for me it is a personal reaction.

My reaction, like the corporations, government, and military installations that still run CPU's in STOPPED status, isn't a positive one.

I know how they feel because I know how I feel, and given the ability to force Intel to provide fixes for my production CPU's, I would apply pressure to make Intel do so.

Intel already has a boatload of lawsuits against them, but now Intel has given a wider range of victims specific cause to sue Intel for refusing to fix their CPU's vulnerabilities.

Simply put, you have nothing to loose, and therefore have nothing useful to say, no valid opinion on Intel's reversal of their promises to fix legacy CPU's security vulnerabilities, because you are unaffected.

Intel is now backing out of their promise to make fixes for all of it's customers that have an investment in legacy Intel hardware, believing their investment was secure, at least at the hardware level.

Intel's "reversal" has only just been announced, so it will take a little time for the blow back to come out, and I for one am hoping Intel reverse's their reversal on supporting my hardware ( 980x, 970, 920) in particular.

Intel Reverses Course on Patching Older Chips for Spectre/Meltdown
April 5, 2018 by Tiffany Trader
https://www.enterprisetech.com/2018...on-patching-older-chips-for-spectre-meltdown/

"...Intel announced in February it is facing dozens of lawsuits from parties seeking damages over the hacking threat and/or slowdown effect of patches. It remains to be seen what effect its redressement strategy will have on the outcome of pending or potential future litigation."

 

Security Exploits and Intel Products
April 6, 2018
https://newsroom.intel.com/press-kits/security-exploits-intel-products/

"Security researchers on Jan. 3 disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with different vendors’ processors and operating systems.

Intel is committed to product and customer security and to responsible disclosure.

The Newest:

April 6, 2018: Bringing the Security-First Pledge to Life with New Intel Product Assurance and Security Group
By Date:
Jan. 3, 2018: Intel Responds to Security Research Findings
Jan. 4, 2018: Intel Issues Updates to Protect Systems from Security Exploits
Jan. 4, 2018: Industry Testing Shows Recently Released Security Updates Not Impacting Performance in Real-World Deployments
Jan. 8, 2018: Intel CEO Addresses Security Research Findings during 2018 CES Keynote Address
Jan. 9, 2018: Intel Offers Security Issue Update
Jan. 10, 2018: Intel Security Issue Update: Initial Performance Data Results for Client Systems
Jan. 11, 2018: Intel’s Security-First Pledge
Jan. 11, 2018: Intel Security Issue Update: Addressing Reboot Issues
Jan. 17, 2018: Firmware Updates and Initial Performance Data for Data Center Systems
Jan. 22, 2018: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
Feb. 7, 2018: Security Issue Update: Progress Continues on Firmware Updates
Feb. 14, 2018: Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards
Feb. 20, 2018: Latest Intel Security News: Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors, Intel Xeon Scalable Processors and More
March 15, 2018: Advancing Security at the Silicon Level

Resources

• Microcode Revision Guidance
• Intel Analysis of Speculative Execution Side Channels (Intel White Paper)
• Intel Investor Call Regarding Security Research Findings (Webcast Replay)
• Situation Overview
• User Resources
• Frequently Asked Questions

Partner Announcements
Microsoft Azure: Securing Azure Customers from CPU Vulnerability
Google Security Blog: More Details About Mitigations for the CPU Speculative Execution Issue
Amazon AWS: Processor Speculative Execution Research Disclosure
Apple: About Speculative Execution Vulnerabilities in ARM-Based and Intel CPUs "

 

Here is another of your assumptions where you lose more credibility with your obviously biased opinions.

If Intel can be 'forced' (by litigation or otherwise) to offer fixes to those ancient/obsolete (my opinion) systems; I would not argue against such fixes.

However, as it stands today, Intel has made a business decision that will offer it's shareholders and users of its products the best balance going forward.

While I may be unaffected personally, I do have the logic capacity to analyse the situation objectively. My opinion is based on facts and may be more valid than an affected customer (possibly).

You can try to dismiss my point of view and you may even end up being right in the end. That doesn't change the valid points I'm bringing to this conversation.

And for what it's worth; now that I know you personally have affected systems I genuinely do hope that Intel provides fixes (if possible). Even at the cost of being proven 'wrong' in your eyes.

 

so are the new 8th gen Intel CPUs affected by the Spectre/Meltdown bug?

 

Yes

 

Is intel dumb or what? So if they discovered the vulnerability a few months ago, how come they release another generation of CPUs with that bug as well?

 

I suppose the pipeline of development through to product launch creates a long 'lead time' that means they can't just redesign the whole chip based on a recently discovered threat. They are committed to fix this problem in hardware though for later released CPUs (I read), I can't remember from which point they will have them fixed nor for which architecture. I think it was 2019, but don't quote me!

 

Most likely it will come this year with the coming 8 core chips.

 

http://forum.notebookreview.com/thr...patches-and-more.812424/page-92#post-10707582

http://forum.notebookreview.com/thr...patches-and-more.812424/page-34#post-10659973

 

AMD rolls out CPU firmware and Windows 10 patches to protect against Spectre exploits
"I’d expect to see many Ryzen-era motherboards patched to include CPU microcode that protects against Spectre, but don’t hold your breath for older systems. On the Intel side, no motherboard vendors have pledged to release BIOS updates for anything older than 6th-gen “Skylake”-era systems, which launched in 2015. AMD’s firmware updates do no good if you can’t get them on your older PC. AMD links to central hubs for BIOS updates and system resources from its hardware partners here."

 

Such litigation should be viewed as frivolous on face value and only a move to be made by opportunistic money-grabbers. If nothing has happened, there is no element of damages. Risk is not a liability, it's merely a fact of life. If antique products haven't already been exploited due to vulnerabilities for this many years, there is no basis for it to suddenly become an issue now. Warranty aside, aren't we also beyond the statutes of limitations for product liability in most venues for the older products? And the element of reasonable foreseeableness is also questionable. The only motivation for this kind of silliness would be secondary gain for those in a position to milk the legal system that have not actually suffered any loss or damages (i.e. attorneys).

Here is rub... how many logical courts do we have left? I'm thinking, not many. I think a lot of the judges are more screwed up than the crooked attorneys. (There are probably more really good, honest, level-headed judges and attorneys than there are bad ones, but they seem to keep a low profile and shy away from frivolous and politically-charged stuff like this.)

I still wonder... Is there a documented record of any entity that has suffered actual loss or damages from an Intel- or AMD-powered system as a result of the Spectre (or Meltdown) vulnerabilities, or are some folks still wigging out about what could happen someday in the worst case scenario? I guess it gives the media something to write about, LOL. Seems they thrive on jumping from crisis to crisis, be it real or hypothetical. Their clamor is both comical and pathetic.

 

An Update on AMD Processor Security
https://www.amd.com/en/corporate/security-updates#paragraph-290416

"Spectre Mitigation Update - 4/10/18

Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.

As a reminder, GPZ Variant 1 (Spectre) mitigation is provided through operating system updates that were made available previously by AMD ecosystem partners. GPZ Variant 3 (Meltdown) does not apply to AMD because of our processor design.

While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk. A whitepaper detailing the AMD recommended mitigation for Windows is available, as well as links to ecosystem resources for the latest updates.

Operating System Updates for GPZ Variant 2/Spectre

Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.

AMD Microcode Updates for GPZ Variant 2/Spectre

In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first "Bulldozer" core products introduced in 2011.

AMD customers will be able to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers. Please check with your provider for the latest updates.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop solutions to protect users from security threats.

Mark Papermaster, Senior Vice President and Chief Technology Officer"

AMD Issues CPU Updates for Spectre Variant 2 Attacks
By Kurt Mackie, 04/10/2018

"AMD has released microcode updates to its original equipment manufacturing (OEM) partners to address Spectre variant 2 attack methods for Windows 10 systems, according to an April 10 AMD announcement.

The chipmaker previously had released microcode updates for Spectre variant 2 on Linux systems earlier this year. Microcode updates for Windows Server 2016 are still at the testing and validation stage, according to an AMD spokesperson.

Typically, these microcode updates get released by chipmakers to PC and server OEMs. After OEM testing, they get publicly released.

These releases are tied to a general industry response to the Meltdown and Spectre attack methods, first publicized by Google Project Zero researchers back in early January. Adding protections against the attack methods basically is a two-step process that entails applying firmware updates to chips along with updates to operating systems (both Linux and Windows systems).

To recap, researchers found three variants of the two attack methods, which overall affect all modern CPUs on Linux and Windows operating systems:

• Variant 1: bounds check bypass (CVE-2017-5753) labeled "Spectre"
• Variant 2: branch target injection (CVE-2017-5715) labeled "Spectre"
• Variant 3: rogue data cache load (CVE-2017-5754) labeled "Meltdown"

For AMD-based systems, Spectre variant 1 gets fixed through an operating system update, which apparently was released back in January. The Meltdown attack method doesn't affect AMD processors, according to AMD. Meltdown only pertains to Intel chips and some ARM chips.

Microsoft's Jan. 3 OS fix for the Meltdown and Spectre attack methods initially caused some AMD machines to become unbootable, but the issue was subsequently resolved. In the case of AMD-based machines, Microsoft's Jan. 3 Windows security update likely contained the Spectre variant 1 patch.

Microsoft's April 10 Windows security update similarly is bringing an OS fix to Windows 10 version 1709, but this fix is for Spectre variant 2, according to AMD's announcement:

Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.

Microsoft described this update in Knowledge Base article KB4093112.

AMD has now released microcode updates for Spectre variant 2 for its processors "dating back to the first 'Bulldozer' core products introduced in 2011," according to the announcement."

It looks like I have AMD CPU's not covered as well, sigh... why would they both stop coverage at about the same time, suspicious, yes it is - perhaps there is some case law that can back this up for them, but it's not cool to leave running hardware unprotected to save a few bucks, for either company.

Time to complain to both.

 

Hey, that's interesting, I'm curious to see what kind of performance impact (if any) is seen by those mitigations.

I don't know if anyone has suffered any damages from Spectre yet, but there is Malware out there in the wild that is trying to exploit it, so it does seem to be some kind of threat, they still have to compromise your system in the first place before the 'Spectre attack' can be used though:
http://www.tomshardware.co.uk/meltdown-spectre-malware-found-fortinet,news-57826.html

 

The source of Fortinet's report is pretty old now - Jan 30 and previously posted, but I haven't found anything new about active malware.

These early exploit tests were using the exploit POC code, and Firefox and Chrome have since released versions that mitigate those POC threats specifically.

IDK if we would hear about actual exploit's right away anyway, what with the Government interventions to grab useful exploits for "defensive use":

The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?
APRIL 12, 2017 | LEVI MAXEY
https://www.thecipherbrief.com/the-...vernment-disclose-company-cyber-security-gaps

"Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts.

The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to glean crucial intelligence, or, instead, to collect and disclose security flaws to companies so that they may design and distribute patches for them."

If there came to be functional exploits, we might not hear about them... for another 10-20 years.

 

It depends who finds the exploits though, it's not always the government I would have thought.

 

Yet the government finds them and uses them all - so wherever they come from, they will end up collected elsewhere, used for purpose, and not disclosed.

It may take some deep pockets and a firm determination to go through lots of dead-ends to make the exploits - or it might be a simple weekend project for the right person.

I doubt in either case, or in any case I can think of, it will be made public when made, or detected.

It's better to fix known vulnerabilities than to wait for an exploit.

Lock your windows and doors, don't wait for the exploiters to act.

 

InSpectre tool v8 (Updated version - Apr 11, 2018)

Spoiler: Changes for Release #8

Release #8 — Now shows whether an Intel microcode patch is (ever) available for Spectre.
Intel has finished designing microcode update patches for its processors. On April 2nd, 2018, they announced that processors that have not yet been patches will never be patched. Their full statement is available in this PDF document. In that document, Intel specifies which of their many processors do have patches and which of their more recent processors will never receive updated firmware. Now that the industry has this information, this 8th release of InSpectre incorporates that list of CPUIDs and displays whether microcode firmware updates exist for the system's Intel CPU

 

The real bonus to this tool is you can patch the system and turn off the protection any time you want to. It seems performance is fully restored with the registry tweaks (or this tool to automate them) to remove the crippling effect of the patching. As part of my testing, I confirmed my benchmark scores were the same after disabling the vulnerability patching.

 

Yes, I can confirm the same from testing I've done on my system. It's a very cool tool that Inspectre tool!

 

The reason I post about this InSpectre tool and updates in this thread... Not all know about the tool. And not everybody is comfortable with reg tweaks. A must have tool

 

looks like intel might use the iGPU to do the work of the spectre/meltdown patches instead of the CPU

https://www.notebookcheck.net/Intel...PUs-in-new-Spectre-Meltdown-fix.299378.0.html

 

What about normal use for laptops that use the iGPU as their primary GPU? IDK, this seems like a variably poor / bad idea, depending on how the owner is using their laptop. Will it induce lag during gaming / streaming video? Could it bounce processing back and forth between the iGPU and CPU depending on the application load?

It sounds like Intel is working through these issues as a strawman for working out how to move forward with their CPU architecture, perhaps including additional silicon dedicated to the problem(s)?

Also, confused on whether this methodology is actually involved in mitigation of the Spectre / Meltdown issues specifically, or is Intel using this as a general solution for malware scanning, not only for the failure of current / past Intel CPU architecture

This idea sounds like it was already out there, maybe in process, and Intel is throwing it out there to show activity in Spectre / Meltdown mitigation, when it's really non-specific to these vulnerabilities.

Intel is offloading virus scanning to its GPUs to improve performance and battery life
By Tom Warren@tomwarren Apr 16, 2018, 11:00pm EDT
https://www.theverge.com/2018/4/16/17244996/intel-virus-scanning-integrated-gpus-memory

"Intel is planning to allow virus scanners to use its integrated graphics chipsets to scan for malicious attacks. The change could see performance and battery life improve on some systems. “With Accelerated Memory Scanning, the scanning is handled by Intel’s integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption,” explains Rick Echevarria, Intel’s platform security division VP. “Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.”

Intel’s Threat Detection Technology will be available on 6th, 7th, and 8th generation Intel processors, allowing a variety of machines to take advantage of moving some virus scanning activity to the GPU instead of the CPU. Virus scanners currently use the CPU to detect against memory-based attacks, but a machine takes a performance hit as a result. Intel hopes by moving this way from the CPU that performance and power consumption will improve, as typical machines do not fully utilize onboard graphics cards most of the time.

Intel is partnering with Microsoft to support this initially, with the change coming to Windows Defender Advanced Threat Protection (ATP) this month. Intel is also working with other antivirus vendors so others can take advantage of this silicon-level change.

Intel revealed last month that it’s redesigning its processors to protect against a future Spectre-like attack, and it’s detailing some of those silicon changes today. Intel Security Essentials includes secure boot and hardware protections to protect applications from being attacked. These changes, integrated directly into the silicon, are designed to “minimize the impact of security on performance,” according to Intel.

Existing Spectre security updates have, in some cases, impacted performance, but that shouldn’t be the case for future processors. “As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical,” said Intel CEO Brian Krzanich last month. “Our goal is to offer not only the best performance, but also the best secure performance.”"

 

I still can't tell if this is newer than Spectre and Meltdown, or if it's been in the works for quite a while and is now coming out and coincides with Intel's vulnerability exposure.

AFAIK there are no active exploits to "S&M" for it to be scanning.

Intel® Threat Detection Technology (Intel® TDT)
https://www.intel.com/content/www/u...e/threat-detection-technology-demo-video.html

"Intel® Threat Detection Technology (Intel® TDT) Demo Video
Watch the demo video that showcases how a Intel® Threat Detection Technologies suite of hardware assisted technologies can be incorporated into ISV security solutions to augment their existing capabilities to improve the detection of advanced cyber threats and exploits."

Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties
Coprocessors drafted for threat detection duties
By Thomas Claburn in San Francisco 17 Apr 2018 at 03:00
https://www.theregister.co.uk/2018/04/17/intel_gpu_malware_detection_security/

" Updated Having weathered revelations in January that its chips can be attacked through a novel class of side-channel vulnerabilities – mostly addressed through microcode fixes – Intel is adding broader silicon-level security improvements to its processors.

In conjunction with the RSA Security conference in San Francisco this week, Intel plans to reveal two threat detection enhancements and a cybersecurity education initiative on Tuesday.

Most companies, said Rick Echevarria, VP of Intel's software and services group, during a media call last week, are focused on four outcomes: preventing, detecting, and recovering from threats. and using technology like machine learning to predict where new ones will emerge.

"Our value to the industry is really to understand how we can use our silicon to improve these outcomes," he said.

Toward that end, Chipzilla plans to announce Intel Threat Detection, a set of security capabilities built into its silicon, and Intel Security Essentials, a framework that standardizes Intel security capabilities across its Atom, Core and Xeon product lines.

Intel Threat Detection currently includes two capabilities. The first is Accelerated Memory Scanning, which offloads the work of memory scanning to the Intel’s integrated graphics processor.

"Malware is one of the fastest evolving workloads we're dealing with," said Echevarria. "It's evolving to evade threat detection."

Often, he said, it tries to hide itself in memory or the attack technique attempts to deliver the malicious code directly into memory.

Moving the workload from the CPU to the GPU makes memory scanning faster and more energy efficient. Intel claims its benchmarking tests indicate that the shift decreased CPU utilization from 20 per cent to as low as 2 per cent.

Echevarria, however, acknowledged that if the GPU is busy with a different process, the gains might not be so great.

During the phone briefing, he said GPU-based memory scanning reduced system-on-a-chip power consumption by 52 per cent, a figure also cited in a draft release. That figure however vanished from the final version, suggesting maybe that claim didn't hold up.

WinTel alive and well
The second silicon-level security mitigation is Intel Advanced Platform Telemetry, a way to make hardware diagnostic data available for use with machine learning to improve threat detection and reduce false positives.

Microsoft plans to incorporate Accelerated Memory Scanning into Microsoft Windows Defender Advanced Threat Protection’s antivirus code later this month. Cisco, meanwhile, intends to support Intel Advanced Platform Telemetry in its Xeon-based Tetration data center product.

According to Echevarria, Intel Security Essentials represents a way to ensure the integrity of platform defense technologies like secure boot, hardware protection for keys and the like, crypto-acceleration, and trusted execution enclaves.

"The combination of telemetry and machine learning algorithms will improve the detection of advanced threats," he said.

Asked to be more specific about the kinds of data collected, Echevarria declined.

"Privacy is an important design point in anything we do," he said. "I won't get into the details of everything we're providing with telemetry. In general, data is anonymized and generalized."

In addition to its hardware enhancements, Intel has worked with Purdue University to launch the Design for Security Badge Program. Created for both students and professionals, the program aims to address the cybersecurity skills shortage. ®

Updated to add
At an Intel get-together during the RSA conference, a few more details were shed on the GPU memory scanning. Essentially, Intel integrated GPUs can be instructed, via an Intel driver, to scan physical RAM for particular malware signatures. When malware is stored on disk, it can be obfuscated using polymorphic algorithms, or just plain encrypted. When unpacked in memory, it should be more easy to detect, or so the theory goes.

Since integrated Intel graphics chips have full access to physical RAM – as opposed to third-party GPUs connected via PCIe or some other interconnect – they can run through memory looking for fingerprints of known software nasties. This can be regulated or scheduled depending on how busy the GPU is – for example, if it's rendering a video game, scanning may be delayed or restricted to free cores within the graphics processor.

Windows Defender will be able to control this scanning right out the gate; other antivirus tools will follow, as Intel chats to their engineers about implementing the automated inspection. The antimalware packages will have control over scheduling the scans, as well as providing the fingerprints to look for, so as not to overload the system.

Finally, it appears this is all controlled at the kernel level. If malware is able to get down into the heart of the operating system, it can potentially disable the GPU scanning and report the all clear back to the antivirus packages.

FYI Intel is gonna let Windows Defender and other antivirus tools use integrated Intel GPUs to scan physical memory for #malware. This inspection will be moderated depending on how busy the GPU is. Intel will provide a software driver to perform this offload. pic.twitter.com/o5DC9Pe3dV
— Chris Williams (@diodesign) April 17, 2018

Meanwhile, the previously reported partitioning of future CPUs to mitigate Meltdown and Spectre-class vulnerabilities will be revealed in detail by Chipzilla later this year, we're told."
Comments

IDK, Intel's iGPU's are already pretty lame, and except for the iGPU's with extra EDRAM they would be really limited in performance on any task, as a proof of concept for use in future CPU architectural designs this seems like a reasonable thing to do, but trying to roll it out in parallel with users trying to live on their iGPU's for display and rendering at the same time doesn't seem like a good idea.

There are lots of high end laptops that don't have iGPU's enabled, and if they have them they aren't available at the same time as the dGPU, they switch between them with a "physical" MUX switch.

So now the CPU *and* the iGPU are going to be compromised in performance... except for the Intel / AMD hybrid this doesn't bode well for Intel CPU/iGPU performance on a lot of hardware.

 

Yeah, long live the LGA laptops

 

Sounds like a great solution to use the useless iGPU I have sitting around in my system.

 

Do you have Optimus, or is it controlled by MUX?

 

Sounds like a good idea. But, it's got nothing to do with Spectre or Meltdown specifically, although it might have been initially prompted by them - it's 'just' virus scanners taking advantage of the idle iGPU to run real time virus scans. So, that could help bring back a little CPU performance lost from the Spectre & Meltdown bugs, but how much CPU resources does real time virus scanning take up on a PC, not even 1% I reckon, so it's not gonna give back the 3% performance loss of the Spectre patch (my measurements on Firestrike Physics tests).

 

Spectre & Meltdown vulnerability/mitigation checker for Linux
Updated release April 18th, FYI
https://github.com/speed47/spectre-meltdown-checker

v0.37 speed47 released this Apr 18, 2018

Assets

• Source code (zip)
• Source code (tar.gz)

• Feature: add a detailed explanation of "what to do" when system if found vulnerable against one of the vulnerabilities (skip with --no-explain)
• Feature: rework output for IBRS/IBPB check and better detection for newer kernels (IBRS_FW, IBPB without IBRS, ...)
• Feature: check for Red Hat 7/CentOS 7 specific retp_enabled knob in sysfs
• Feature: detect arm64 Spectre Variant 1, Spectre Variant 2 and Meltdown (Variant 3) mitigations
• Feature: add retpoline detection for BSD
• Feature: add microcode information under BSD
• Feature: add PTI performance check under BSD
• Feature: add detection of AMD-specific STIBP, STIBP-always-on, IBRS, IBRS-always-on and IBRS-preferred CPUID feature flags
• Feature: when ibpb_enabled=2 (Red Hat), warn if SMT is not disabled
• Feature: detect whether the kernel supports RSB filling (important for Skylake+)
• Feature: add --paranoid to make IBPB required in addition to retpoline for Variant 2
• Refactor: don't test AMD-specific flags on Intel and Intel-specific flags on AMD for clarity
• Fix: when PTI activation is unknown, don't say we're vulnerable
• Fix: don't hide microcode information for AMD CPUs
• Misc: other minor fixes and enhancements

https://github.com/speed47/spectre-meltdown-checker/releases

 

Hey, look what happened on April 24th, I've not seen this reported anywhere, but then again maybe I didn't have my eyes open - Microsoft have updated their Spectre microcode rollout to include Broadwell & Haswell (previously it was just Coffee/Kaby & Sky):
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

From my point of view, I'm just interested in them updating this KB409007 with Sandybridge support so I can update my laptop & see the effects (my desktop is already patched being Skylake).

 

Microsoft to Windows users: Here are new critical Intel security updates for Spectre v2
Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.
By Liam Tung | April 27, 2018 -- 10:54 GMT (03:54 PDT)
https://www.zdnet.com/article/micro...itical-intel-security-updates-for-spectre-v2/

Spoiler: Details...

"Microsoft has released new Windows updates that include Intel hardware fixes to address the Spectre variant 2 CPU flaw.

Microsoft this week published on the Microsoft Update Catalog KB4078407 and KB4091666, respectively a software update for Windows 10 and Windows Server 2016, and an update targeting Intel machines that includes the chip-maker's microcode updates.

The two updates address Spectre Variant 2 CVE-2017-5715, known as a branch target injection vulnerability disclosed by Google researchers in January.

Of all three variants that constitute Meltdown and Spectre, variant 2, which only affects Intel chips, has been the most problematic.

Intel halted the rollout of its initial microcode updates after it was found they caused unexpected reboots. Intel last month completed re-releasing microcode mitigations for the Spectre variant 2 flaw in all CPUs ever released over the past nine years.

While hardware manufacturers were meant to release Intel's updates, Microsoft in March began releasing them, starting with the Windows 10 Fall Creators Update, version 1709, on devices with specific 6th Generation Intel Core and Core m processors: Skylake H/S (CPUID 506E3) and Skylake U/Y and U23e (CPUID 406E3).

Microsoft recommends users check with their device manufacturer before installing KB4078407.

The KB4091666 Windows Update brings Intel's microcode updates to more families of Intel CPUs than the initial March update KB4090007. The newer update covers Intel Core, Pentium, Celeron, and Xeon processors from Skylake, Broadwell, and Haswell CPUs.

"We will offer additional microcode updates from Intel thru this KB Article for these operating systems as they become available to Microsoft," Microsoft noted in a support document.

Microsoft has also released a new KB4090007 package for the Fall Creators Update with Intel's hardware updates for more Skylake, Broadwell, and Haswell CPUs"

Microsoft offers more Spectre v2 microcode updates, KB 4090007, KB 4091663, KB 4091664
Posted on April 26th, 2018 at 09:42 woody Comment on the AskWoody Lounge
https://www.askwoody.com/2018/micro...ode-updates-kb-4090007-kb-4091663-kb-4091664/

"Yesterday, I posted a note about two new Spectre v2 patches, KB 4078407 and KB 4091666.

The first is a Win10-only fix that has to be combined with a microcode change from your hardware manufacturer in order to accomplish anything. As @abbodi86 notes:

" KB4078407 is not a patch, it’s just an executable that enables the Spectre mitigation protection by changing two registry entries"

The second is a microcode-only, Intel-only, Win10 1507-only patch that changes the microcode for a large number of Intel processors.

This morning, Günter Born notes on Borncity that there are now four of these microcode patches:

• KB4090007 for Win10 1709/”Server 2016 version 1709″
• KB4091663 for Win10 1703
• KB4091664 for Win10 1607/Server 2016

In addition to the one I described yesterday, KB4091666 for Win10 1507.

None of them are available through Windows Update. You have to manually dig into the Update Catalog to get them.

As noted (voluminously) there are no known exploits as yet for Meltdown, Spectre v1 or Spectre v2. You might want to tuck these away in case we ever see a reason to use them."

So tell me again what’s happening with the two new Spectre v2 patches, KB 4078407 and KB 4091666
Posted on April 25th, 2018 at 11:33 woody Comment on the AskWoody Lounge
https://www.askwoody.com/2018/so-te...spectre-v2-patches-kb-4078407-and-kb-4091666/

"Yesterday, Microsoft released two patches that tackle the Spectre v2 vulnerability — the one that’s never been seen in public.

The first patch, KB 4078407, is a Windows 10-only fix that has to be combined with a microcode change from your hardware manufacturer in order to be effective.

The second patch, KB 4091666, is a microcode-only, Intel-only, Win10 1507-only patch that covers a lengthy list of affected Intel processors. The KB article says:

" This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 Release To Market (RTM). This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). We will offer additional microcode updates from Intel thru this KB Article for these Operating Systems as they become available to Microsoft."

… which is as muddled a bunch of gobbledygook as I’ve ever seen in a KB article. If you can parse it, tell me. All I know for sure is that the Microsoft Update Catalog entry tells me that the patch is only for Win10 1507.

You may recall that Microsoft released KB 4090007 back in March. It was intended to provide Intel-offered microcode patches to Win10 1709 machines for 6th gen Skylake processors, but it mutated several times — to the point that I don’t know what it does now.

Of course, there’s no advice about the obvious overlap between KB 4090007 and KB 4091666.

Sigh."

 

Why are Spectre and Meltdown So Dangerous?
Techquickie
Published on May 1, 2018
Spectre and Meltdown are security flaws that, between them, affect nearly all of the world's PCs and smartphones! How did this happen, and what makes these bugs so sinister?

 

Intel have Updated Linux* Processor Microcode Data File Version: 20180425 (Latest) Date: 4/25/2018. Create your own if you haven't updated firmware. I'm not sure Microsoft have made ready their Microcode patches for Win 10 1803 April Update.
http://forum.notebookreview.com/thr...fix-and-meltdown.806451/page-10#post-10722241

 

As noted by @Robbo99999 in his Windows 1803 update report in the Windows 10 thread:

"One thing to note, if you've used KB4090007 to install the latest Spectre-protected Intel microcodes then that KB is no longer compatible with this new version of Windows (v 1803), so we have to wait for them to release a microcode KB that is meant for this latest version of Windows, they've not released it yet. Progress regarding 1803 microcode support I assume will be listed at the following link, so you can check this link to see when Microsoft release Spectre microcodes for the latest version of Windows 10 (version 1803):
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates "

No mention if the 1803 update comes with it's own microcode update included, or if it impacts a system with already updated micocode, but it's a good thing to be aware of - check your Spectre / Meltdown status apps to make sure you are protected now.

I'll ask in the Windows 10 thread what the status is after the Windows 10 1803 update, and update this post:

@Robbo99999

"I checked with InSpectre tool - it's Meltdown protected but not Spectre protected. My motherboard doesn't have a Spectre protected microcode built in so I was relying on the Microsoft issued Spectre-protected microcodes from their manual KB downloads. I'm just saying that at the moment there are no microcode KB's compatible with version 1803 - we have to wait for Microsoft to release a microcode KB that is compatible with 1803."

Thank you for the update and additional details!

 

Spectre Next Generation vulnerabilities affect Intel processors

https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/

By the way, I just bough a new laptop. It has also vulnerable Intel Management Engine firmware (SA-00086) and no fix available from laptop manufacturer.

 

Just saw this this morning:

http://www.guru3d.com/news-story/ei...r-intel-discovered-four-of-them-critical.html

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
by Hilbert Hagedoorn on: 05/03/2018 10:55 AM | Source | 45 comment(s)



News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.

German c't / Heise reports and breaks the news today, as the new vulnerabilities have not been made public just yet. There would be 'no doubt' that these are real vulnerabilities. While technical details are missing, the attack scenarios resemble close to what the Spectre vulnerabilities are.

Currently, most at risk are shared hosting providers, once you have access to your rented server-container, you could exploit the processor to retrieve secure data. All eight vulnerabilities share the same design problem that the "Meltdown and Spectre" vulnerabilities detailed as well - they are, so to speak, Spectre Next Generation ergo Spectre NG. c't mentions they have concrete information about Intel's processors and their patch plans. However, there are some indications that other processors are affected as well, at least some ARM CPUs are also vulnerable to some extent. Further research into whether and to what extent the AMD processor architecture is vulnerable at (if at all), is not yet known.

Intel is reportedly actively and nervously working on Spectre NG patches behind the scenes; other patches are developed in collaboration with the operating system manufacturers (Microsoft / Linux etc). When exactly the first Spectre NG patches and firmware updates will become available is not yet clear. According to information, Intel is planning at least two patch waves: a first one should start in May; a second is currently scheduled for August. For at least one of the Specter NG patches is already a specific date as it was Google's Project Zero that has found one of the vulnerabilities, on May 7 - the day before the Windows Patchday - the 90-day warning period expires. So it's likely that when the first patch would be released for Microsoft Windows. Microsoft is preparing CPU patches: they appear to be in the form of optional Windows updates, and not so much microcode updated (firmware). The PC motherboard and server manufacturers probably need too long for BIOS updates.

Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes.

 

Thank you for the heads up, I am going to include the attributed article text here in case it changes, and there are lots of good new details to know about these new vulnerabilities, Thank you again for posting!!

Spectre Next Generation vulnerabilities affect Intel processors
by Martin Brinkmann on May 03, 2018 in Security - Last Update: May 03, 2018 - 15 comments

"Intel is facing another wave of reported security issues that affect the company's processors. The vulnerabilities, called Spectre Next Generation or Spectre NG, have not been disclosed publicly yet.

A report on the German computer magazine site Heise suggests that eight new vulnerabilities were reported to Intel recently. Intel gave four of the eight vulnerabilities a severity rating of high and the remaining four a severity rating of medium according to Heise.

The exploitability of one of the vulnerabilities appears to be higher than that of previous issues as attackers may abuse the issue to break out of virtual machines to attack the host system or other machines, reports Heise.

Companies that provide cloud hosting or cloud services are primary targets for the vulnerability as attackers may exploit it to gain access to data transfers and data.

Intel released patches and updates for the majority of processors that it announced would receive updates to protect against the previously disclosed Spectre and Meltdown variants. Some updates are still missing, however, and it is likely that many computer systems are not yet protected against attacks.

One reason for that is that Microsoft has not distributed updates through Windows Updates yet. The company released standalone updates for Windows 10 but not for Windows 7 or Windows 8.1, or the recently released Windows 10 version 1803.

It appears that Windows 10 version 1809 (the next feature update for Windows 10) will include the updates.

Microsoft's track record of protecting customer devices against potential attacks is not the best. The company did release initial patches in January but retracted them after a short while. While it has released updates for some of its supported operating systems, updates for other versions are still nowhere to be seen.

Even worse, the Meltdown updates for Windows 7 and Windows Server 2008 R2 introduced a new vulnerability on patched systems that the researcher called Total Meltdown.

Heise's report suggests that Intel plans to release patches for Spectre Next Generation vulnerabilities in two batches. The first patches could be released as early as May 2018, the second patches in August 2018.

If Intel's current track record holds, it is likely that the patches will be released at different times for different processor families.

Good news is that attacks against user systems using Spectre or Meltdown exploits are not widespread and that this is probably not going to change anytime soon.

Closing Words
Be prepared for another round of updates that patch Spectre issues and side-effects such as performance drops. It seems likely that the eight new vulnerabilities are not the last that we will see in the coming years.

Now You: How do you deal with Spectre and Meltdown? (via Born)

Related articles

• Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
• Linus Torvalds calls Intel’s Spectre/Meltdown patches utter garbage
• New InSpectre release reveals if microcode updates are available "

@Maleko48 thank you for your post as well! - Love the "Swiss Cheese Inside" logo

The source article has a nice graphic as well

Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
Jürgen Schmidt , 03.05.2018
https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html

Spoiler: English version of Source Article

"New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.

The vulnerabilities known as Spectre and Meltdown shook the IT world to its foundations: researchers proved that there is a fundamental design flaw in all modern processors with serious repercussions for system security ( see c't issue 3/2018). After several patches were released, it seemed everything would be fine after all, although some experts warned that more revelations could follow. But the hope remained that the manufacturers could solve the problem with a few security updates.

As it turns out, we can bury that hope. A total of eight new security flaws in Intel CPUs have already been reported to the manufacturer by several teams of researchers. For now, details on the flaws are being kept secret. All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

c't has exclusive information on Spectre-NG, which we have been able to verify in several ways – we double and triple checked all the facts. Nonetheless, we will not publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public. However, we will use our information to report about future releases of patches and provide background information.

Eight new security flaws
Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.

So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.

Intel is already working on its own patches for Spectre-NG and developing others in cooperation with the operating system manufacturers. According to our information, Intel is planning two waves of patches. The first is scheduled to start in May; a second is currently planned for August.

Knowing that Google Project Zero discovered one of the Spectre-NG flaws gives us an idea of when to expect the first patch. Googles elite hackers are scrupulous about observing the 90 day deadline that is meant to give companies time to address flaws after they have been notified – but they have no qualms about going public when the deadline ends, even if a patch has yet to be released. Time will run out on May 7 – the day before the next Windows patch day. Intel itself expects that information about a second flaw could be published any day now. Therefore, we can expect to see patches for these two vulnerabilities sooner rather than later.

There are signs that Microsoft is also preparing for CPU patches. Originally the Redmond based company expected the problems would be solved through microcode updates. Now it seems the fixes (or mitigations) will be distributed as (optional) Windows updates. PC manufacturers are simply taking too long to provide BIOS updates. Microsoft is also offering up to $250,000 in a bug bounty program for Spectre flaws. Linux kernel developers are continuously working on hardening measures against Spectre attacks as well.

More dangerous than Spectre
Intel itself classifies four of the Spectre-NG vulnerabilities as "high risk"; the remaining four are rated as "medium". According to our own research, risks and attack scenarios at Spectre-NG are similar to those at Spectre – with one exception.

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.

Although attacks on other VMs or the host system were already possible in principle with Spectre, the real-world implementation required so much prior knowledge that it was extremely difficult. However, the aforementioned Spectre-NG vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level. Cloud service providers such as Amazon or Cloudflare and, of course, their customers are particularly affected.

Still, the concrete danger for private individuals and corporate PCs is rather small, because there are usually other weak points which are easier to exploit. Nevertheless, they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

However, if the past is any indication, things won't go so smoothly in practcice. Even when the Spectre updates were made available, there were several glitches, despite a lead time of more than six months. In addition, some patches reduce performance and some companies refuse BIOS updates for computers that are only a few years old. All this will get worse rather than better with Spectre NG.

A fundamental security problem
Overall, the Spectre-NG gaps show that Spectre and Meltdown were not a one-off slip-up. It is not just a simple gap that could be plugged with a few patches. Rather, it seems that for each fixed issue, two others crop up. This is the result of the fact that during the past twenty years, safety considerations have only played second fiddle to performance in processor development.

An end to patches for hardware problems of the Spectre category is not in sight. But a never-ending flood of patches is not an acceptable solution. You can't shrug off the fact that the core component of our entire IT infrastructure has a fundamental security problem that will keep leading to more problems.

Of course, Intel needs to fix the current weaknesses as quickly as possible – and that's what is happening. At the same time, however, the CPU design needs to be fundamentally rethought. Werner Haas of the German company Cyberus Technology and one of the co-discoverers of Spectre/Meltdown, considers it quite possible to equip high-performance processors with a solid security design. However, this would require security aspects to be taken into account in the architecture right from the start. Paul Kocher, who was also involved in unveiling Spectre, suggested implementing additional, specially secured CPU cores. And with methods such as threat modeling, risky techniques can be implemented in such a way that security remains controllable.

Intel made the promise of "security first" at the beginning of January. Now the company must provide more transparency and, for example, publish risk analyses of potential weak points. So far, Intel has been acting more along the lines of "We are the experts, we're doing it right", relying on technologies such as the Intel Management Engine and the Software Guard Extensions. We should no longer be fobbed off with vague promises when it comes to central components of our IT infrastructure."

 

@Robbo99999

"I checked with InSpectre tool - it's Meltdown protected but not Spectre protected. My motherboard doesn't have a Spectre protected microcode built in so I was relying on the Microsoft issued Spectre-protected microcodes from their manual KB downloads. I'm just saying that at the moment there are no microcode KB's compatible with version 1803 - we have to wait for Microsoft to release a microcode KB that is compatible with 1803."

Thank you for the update and additional details!

 

Mine is an older CPU, So there is a microcode for it, I just did the update "KB4090007" and now i am fully protected.