Problems? See this thread at archive.org.
Nope, Intel Chipset Device Software
-
-
Try some IO related benchmarks / before / after (or is it too late?), and VM tests - both with guest VM's unpatched and guest VM's patched on unpatched and patched VM Host's.
Those and other mixed IO/compute tasks will be most affected.
Pure play CPU benchmarks on otherwise IO / VM idle systems that don't do a lot of OS calls causing PTI to activate won't show any / much of a performance hit. At least that's how it looks so far.
Last edited: Jan 3, 2018Talon likes this. -
More likely...windows default.
![[IMG]](images/storyImages/INF.png)
Intel CPU firmware vulnerability – Kernel (memory) Page Table Isolation – 180103
Microsoft Security Advisory:
ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Microsoft Azure’s announcement:
Securing Azure customers from CPU vulnerability
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
The Windows and Windows Server related hotfixes are available here:
http://www.catalog.update.microsoft.com/Search.aspx?q=2018-01
Windows 10 1709 and Windows Server 1709:
4056892 January 3, 2018—KB4056892 (OS Build 16299.192)
2018-01 Update for Windows 10 Version 1709 (KB4058702)
https://support.microsoft.com/?id=4056892
Windows 10 1703 and Windows Server 1703
4056891 January 3, 2018—KB4056891 (OS Build 15063.850)
https://support.microsoft.com/?id=4056891
Windows 10 version 1607 and Windows Server 2016:
4056890 January 3, 2018—KB4056890 (OS Build 14393.2007)
https://support.microsoft.com/?id=4056890
Windows 10 version 1511:
4056888 January 3, 2018—KB4056888 (OS Build 10586.1356)
2018-01 Cumulative Update for Windows 10 Version 1511 (KB4056888)
https://support.microsoft.com/?id=4056888
Windows 10 version 1507:
4056893 January 3, 2018—KB4056893 (OS Build 10240.17738)
2018-01 Cumulative Update for Windows 10 Version 1507 (KB4056893)
https://support.microsoft.com/?id=4056893
Windows 8.1 and Windows Server 2012 R2:
January 3, 2018—KB4056898 (Security-only update)
2018-01 Security Only Quality Update for Windows Server 2012 R2 (KB4056898)
https://support.microsoft.com/?id=4056898
Windows Server 2012:
https://support.microsoft.com/?id= 4056899
Windows 7 SP1 and Windows Server 2008 R2:
4056897 January 3, 2018—KB4056897 (Security-only update)
2018-01 Security Only Quality Update for Windows Server 2008 R2 (KB4056897)
https://support.microsoft.com/?id=4056897Ashtrix, Papusan, ajc9988 and 1 other person like this. -
An Update on AMD Processor Security
https://www.amd.com/en/corporate/speculative-execution
"There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats.
It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
- The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
- The described threat has not been seen in the public domain.
The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details.
As the security landscape continues to evolve, a collaborative effort of information sharing in the industry represents the strongest defense.
Total protection from all possible attacks remains an elusive goal and this latest example shows how effective industry collaboration can be.
As always, AMD strongly encourages its customers to consistently undertake safe computing practices, examples of which include: not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates."Last edited: Jan 4, 2018ajc9988 likes this. -
CERT recommends tossing the vulnerable CPU and replacing it with a secure one as the solution
https://twitter.com/attritionorg/status/948759303153856512
https://twitter.com/TheRegister/status/948762044404150272
Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
Original Release date: 03 Jan 2018 | Last revised: 03 Jan 2018
https://www.kb.cert.org/vuls/id/584653
" Overview
CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdownand Spectre.
Meltdown and Spectre (also KAISER and KPTI). These attacks are described in detail by Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz).
Impact
An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory and bypassing KASLR.
Solution
Replace CPU hardware
The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.
Apply updates
Operating system updates mitigate the underlying hardware vulnerability."Last edited: Jan 4, 2018 -
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs
AMD, Arm also affected by data-leak design blunders, Chipzilla hit hardest
By Chris Williams, US editor 4 Jan 2018 at 07:29
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://twitter.com/TheRegister/status/948819110577745920
" Summary The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.
On Tuesday, we warned that a blueprint blunder in Intel's CPUs could allow applications, malware, and JavaScript running in web browsers, to obtain information they should not be allowed to access: the contents of the operating system kernel's private memory areas. These zones often contain files cached from disk, a view onto the machine's entire physical memory, and other secrets. This should be invisible to normal programs.
Thanks to Intel's cockup – now codenamed Meltdown – that data is potentially accessible, meaning bad websites and malware can attempt to rifle through the computer's memory looking for credentials, RNG seeds, personal information, and more.
Here's a video demonstrating a Meltdown attack:
https://twitter.com/misc0110/status/948706387491786752
On a shared system, such as a public cloud server, it is possible, depending on the configuration, for software in a guest virtual machine to drill down into the host machine's physical memory and steal data from other customers' virtual machines.
Intel is not just affected. Arm and AMD processors are as well – to varying degrees. AMD insisted there is a "near-zero" risk its chips can be attacked in some cases, but its CPUs are vulnerable in others. The chip designer has put up a simple page that attempts to play down the impact of the bugs on its hardware.
Arm has produced a list of its affected cores, which are typically found in smartphones, tablets and similar handheld gadgets. That list also links to workaround patches for Linux-based systems. Nothing useful from Intel so far.
This is, essentially, a mega-gaffe by the semiconductor industry. As they souped up their CPUs to race them against each other, they left behind one thing in the dust. Security.
We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare
READ MORE
One way rival processors differentiate themselves, and perform faster than their competitors, is to rely on speculative execution. In order to keep their internal pipelines primed with computer code to obey, they do their best to guess which instructions will be executed next, fetch those from memory, and carry them out. If the CPU guesses wrong, it has to undo the speculatively executed code, and run the actual stuff required.
Unfortunately, the chips in our desktop PCs, laptops, phones, fondleslabs, and backend servers do not completely walk back every step taken when they realize they've gone down the wrong path of code. That means remnants of data they shouldn't have been allowed to fetch remain in their temporary caches, and can be accessed later.
The trick is to line up instructions in a normal user process that cause the processor to speculatively fetch data from protected kernel memory without performing any security checks. The information is stored in the cache, from where it is exfiltrated, even if the slurp later triggers an access fault or is quietly avoided by branching off to other code.
Trying to fetch a byte from the kernel address triggers an exception – but the subsequent instructions have already been speculatively executed out of order, and touch a cache line based on the content of that byte. The exception is raised, and handled non-fatally elsewhere, and the out-of-order instructions have acted on the content of the byte. Doing some Flush+Reload magic on the cache reveals which cache line was touched and thus the content of the kernel memory byte. Repeat this over and over, and eventually you dump the contents of kernel memory.
On Wednesday, following research by a sizable collection of boffins, details of three closely related vulnerabilities involving the abuse of speculative execution were made public:
- CVE-2017-5753: Known as Variant 1, a bounds check bypass
- CVE-2017-5715: Known as Variant 2, branch target injection
- CVE-2017-5754: Known as Variant 3, rogue data cache load
There is also a Google Project Zero blog post going over the details. Finally, here's some proof-of-concept exploit code that runs on Windows to demonstrate the flaws.
Here's a summary of the two branded bugs:
- Meltdown
- This is the big bug reported on Tuesday.
- It can be exploited by normal programs to read the contents of kernel memory.
- It affects potentially all out-of-order execution Intel processorssince 1995, except Itanium and pre-2013 Atoms. It definitely affects out-of-order x86-64 Intel CPUs since 2011. There are workaround patches to kill off this vulnerability available now forWindows, and for Linux. Apple's macOS has been patched since version 10.13.2. Installing the latest updates for your OS should bring in the fixes. You should go for it. If you're a Windows Insider user, you're likely already patched. Windows Server admins must enable the kernel-user space splitting feature; it's not on by default.
- Amazon has updated its AWS Linux guest kernels to protect its customers against Meltdown. Google recommends its cloud users apply necessary patches and reboot their virtual machines.Microsoft is deploying fixes to Azure. If you're using a public cloud provider, check them out for security updates.
- The workarounds move the operating system kernel into a separate virtual memory space. On Linux, this is known as Kernel Page Table Isolation, or KPTI, and it can be enabled or disabled during boot up. You may experience a performance hit, depending on your processor model and the type of software you are running. If you are a casual desktop user or gamer, you shouldn't notice. If you are hitting storage, slamming the network, or just making a lot of rapid-fire kernel system calls, you will notice a slowdown. Your mileage may vary.
- It also affects Arm Cortex-A75 cores. Qualcomm's upcomingSnapdragon 845 is an example part that uses the A75. There are Linux kernel KPTI patches available to mitigate this. The performance hit isn't known, but expected to be minimal.
- Additionally, Cortex-A15, Cortex-A57 and Cortex-A72 cores suffer from a variant of Meltdown: protected system registers can be accessed, rather than kernel memory, by user processes. Arm has a detailed white paper and product table, here, describing all its vulnerable cores, the risks, and mitigations.
- Meltdown does not affect any AMD processors.
- Googlers confirmed an Intel Haswell Xeon CPU would allow a normal user program to read kernel memory.
- It was discovered and reported by three independent teams: Jann Horn (Google Project Zero); Werner Haas, Thomas Prescher (Cyberus Technology); and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology).
- Spectre
- Spectre allows, among other things, user-mode applications toextract information from other processes running on the same system. It is a very messy bug that is hard to patch, but is also tricky to exploit. It's hard to patch because just installing the aforementioned KPTI features is not enough, or even pointless – you must but recompile your software to avoid it being attacked by other programs via this chip design blunder.
- In terms of Intel, Googlers have found that Haswell Xeon CPUs allow user processes to access arbitrary memory; the proof-of-concept worked just within one process, though. That Haswell Xeon also allowed a user-mode program to read kernel memory within a 4GB range on a standard Linux install.
- This is where it gets really icky. It is possible for an administrative user within a guest virtual machine on KVM to read the host server's kernel memory in certain conditions. According to Google:
When running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific (now outdated) version of Debian's distro kernel running on the host, can read host kernel memory at a rate of around 1500 bytes/second, with room for optimization. Before the attack can be performed, some initialization has to be performed that takes roughly between 10 and 30 minutes for a machine with 64GiB of RAM; the needed time should scale roughly linearly with the amount of host RAM.
- AMD insists its processors are practically immune to Variant 2 attacks. As for Variant 1, you'll have to wait for microcode updates or recompile your software with forthcoming countermeasures described in the technical paper on the Spectre website.
- The researchers say AMD's Ryzen family is affected. Googlers have confirmed AMD FX and AMD Pro cores can allow arbitrary data to be obtained by a user process; the proof-of-concept worked just within one process, though. An AMD Pro running Linux in a non-default configuration – the BPF JIT is enabled – also lets a normal user process read from 4GB of kernel virtual memory.
- For Arm, Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 cores are affected by Spectre. Bear in mind Cortex-R series cores are for very specific and tightly controlled embedded environments, and are super unlikely to run untrusted code. To patch for Arm, apply the aforementioned KPTI fixes to your kernel, and/or recompile your code with new defenses described in the above-linked white paper.
- Googlers were able to test that an ARM Cortex-A57 was able to be exploited to read arbitrary data from memory via cache sniffing; the proof-of-concept worked just within one process, though. Google is confident ARM-powered Android devices running the latest security updates are protected due to measures to thwart exploitation attempts – specifically, access to high-precision timers needed in attacks is restricted. Further security patches and updates for Google's products are listed here.
- Discovered and reported by these separate teams: Jann Horn (Google Project Zero); and Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).
Finally, if you are of the opinion that us media types are being hysterical about this design blunder, check this out: CERT recommends throwing away your CPU and buying an non-vulnerable one to truly fix the issue. " -
Benchmarking The Intel CPU Bug Fix, What Can Desktop Users Expect?
Intel Fights with Serious Vulnerability in Processor Design (Update: Windows Benchmarks)
Published on: Wednesday, 03. January 2018 at 21:55 by Andreas Schilling
https://www.hardwareluxx.de/index.p...er-sicherheitsluecke-im-prozessor-design.html
" 2. Update: First proof of concept of a possible exploit
Again and again the question arises whether the error can be exploited and how this is done, here is an example: Almost all cloud instances and server providers, where computing or server capacities are offered for rent, use hardware, which share several users. Also, users of a system that do not have root access should be unable to control the system itself or access the kernel. Kernel and user space should stay separate from each other in memory and mutual accesses should not be possible.
However, if programs can break out of their virtual memory area, they can also access memory areas that they should not actually be able to access. For example, access to any existing crypto keys would be possible. The scenarios are diverse here."
Fixes rushed out for Intel CPU bug as embargo collapses
04 January 2018 Written by Sam Varghese
https://www.itwire.com/security/81321-fixes-rushed-out-for-intel-cpu-bug-as-embargo-collapses.html
"Serious security flaws caused by "speculative execution" have been found in Intel CPUs from the Pentium Pro onwards, with multiple research teams being credited with the discoveries"Last edited: Jan 4, 2018 -
And you jump on new updates almost before they are ready to be downloaded
Test with 3DM11, Firestrike, Cinbench and Wprime 32/1024M. ThanksAshtrix, KY_BULLET, Raiderman and 1 other person like this. -
Benchmarks looks okay to me. Firestrike https://www.3dmark.com/fs/14605481
CB and Wprime 32MPapusan likes this. -
-
-
-
-
CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more
Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.
)
