CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

If not dealing with meltdown, at least make sure you do the ME firmware update if possible and update the browsers and make the adjustments to turn on the protections in those browsers.

 

Browser up to date, DNS re routed, still behind firewall. Do not need ME update, as I am not on Intel on this machine.
I will update my laptop, also with a simplix pack once it is available.

 

People are just confusing which patches address which issues. So, wanted to point out the ones for spectre if people are not addressing Meltdown. Also, you do have the Dec. chipset driver installed from AMD, right?
http://support.amd.com/en-us/download/chipset?os=Windows+10+-+64

Edit: Here is the 32-bit in case you need it:
http://support.amd.com/en-us/download/chipset?os=Windows+10+-+32

 

I am on 17.10, I will update some drivers today.

 

@Raiderman 1gb chipset driver, thats a huge driver! Gonna take some time downloading that one on live update lol!

I have to admit, live update does make life easier than having to go to the MSI and download them manually. Although I've been told never try to update the bios with it...INSTANT BRICK.

 

I dont usually use it, but it will install everything. I was wondering when did chipset drivers get so freaken huge? Anyway, its all done and updated.

 

Not to hijack but since all the smart guys are in one area lol, has anyone heard of Intel SGX causing problems with BSOD? I had to re-install Windows yesterday because I couldn't get it to stop doing this on "restarts only", worked perfectly fine on cold starts. Event viewer always threw up a critical error saying: SGX had problems initializing at start up. Not those exact words but pretty close.

So I just left it out after I reinstalled Windows. All good now. I hear it's for software devs and not needed, but just wanted to run it by you guys.

 

Can I PM you regarding "How to root a android phone?"

Might as well grab stock AMD Chipset driver,RAID driver from amd.com

 

The only consumer use is if you have Kaby, a 4k blu ray player, and software to playback AACS 2.0 encoded 4k blu rays.

 

Thats good news thanks for the reply!

 

I did with my ryzen 1800x cpu after windows 10 updates I had display problems. Black screen and had to reinsert hdmi cable and reselect the hdmi connection on my TV. Now if I have to keep doing this after each damn update I'm going to get very angry as it's not affecting Intel cpu which makes it suspicious are Intel and Microsoft working together to me up AMD? It was Intel who told MS to get all cpus this patch which AMD wasn't affected on meltdown but MS still sends auto install to all users. Intel know the patch will affect AMD cpus up to 50% performance decrease so if Intel are going down they want to take AMD and others with them.

Sent from my SM-G920F using Tapatalk

 

Actually 1709 itself only is not the patch, you also need http://sihmar.com/windows-10-update-kb4054022-download/ as well it seems. I know I do not have the latter as of yet. For what they are saying with AMD no matter what the hacker has to be present for them to work. If this is true I do not even want the patches. I do not let others use the system and can watch what java gets run here.

 

What chipset driver are you running? 17.40?

 

Version 9.0.000.8 chipset for crosshair vi hero motherboard.

Sent from my SM-G920F using Tapatalk

 

I think thats Asus's chipset version, there will be an AMD version tied with the asus version

 

I just saw and yes 17.40 AMD.com chipset driver for the x370

Sent from my SM-G920F using Tapatalk

 

Poor Intel.....Intel must play this music after what they have done...I think Intel are entering there worst time in there history.... Intel R.I.P



it's good music by the way.. enjoy

 

And are you on their most recent BIOS? What graphics card are you using?

 

Bios 1403
Evga gtx 1080 ti sc2 hybrid
Latest Nvidia driver

Sent from my SM-G920F using Tapatalk

 

I've heard that 3008 bios isn't stable and 1403 keeps my overclocks and I've not noticed any problems yet. My temps are looking great with my aio cpu cooler corsair h100i v2

Sent from my SM-G920F using Tapatalk

 

Are there any tests of MMOs like WoW or FFXIV before and after the windows meltdown patch and spectre BIOS updates? So far all the tests being thrown around are AAA games that are usually GPU bound and don't deal with networking.

And what about RAID0 performance?

 

You could go to those youtube channels that have already put out test results and request these tests. They are usually open to input, and as I recall they mentioned more tests coming and asked for input.

 

Some graphs of before / after servers applying the Meltdown patch:

Meltdown Patch in Action
https://www.reddit.com/r/intel/comments/7oskkg/meltdown_patch_in_action/
https://imgur.com/a/zYRap#HGvuXnc

Server running Elasticache:
https://twitter.com/ApsOps/status/949251143363899392

Hypervisor patched on AWS EC2:
https://twitter.com/chanian/status/949457156071288833

EVE Online Server Cluster:
https://twitter.com/CCP_SnowedIn/status/948980181577875456

One of Epic's Fortnite Servers:
https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

 

i ain't gonna apply the update unless its a proper fix.

 

How can you possibly ignore when MS pushes you any update so hard, preying to do the update whenever you leave the PC even for 5 minutes

 

As it stands now, things will change moving forward and everyone applying the patches now will provide data and feedback on how to proceed with mediation of the security fixes.

There may not be any danger known, but these flaws / holes / opportunities have been around for 10+ years, so if anyone discovered these methods earlier and kept quiet about it - and took advantage of them - it wouldn't be known or discovered easily. Except through disclosure of information gained through these methods, with no other possible path to discovery.

So, even if you don't know how to take advantage of these flaws, someone might - not different from any other security patch you've seen pass through the Windows Update process.

Just because you don't know doesn't mean someone else doesn't.

And, it won't be long before these patches will be required "pre-requisites" - included and installed before other updates Microsoft and other vendors offer moving forward, you won't be able to get new feature updates or other fixes without seeing these patches installed first.

So far the feedback from installing these patches on gaming and general use computers isn't too off-putting, except for the NVME performance loss on writes. This might be fixed down the road with driver updates that given the new performance hits of going between user space and protected space might generate some innovation in driver writing.

There may be no rush to install now, or there may be a rush to install later, right now it's up to you, soon there may be no choice - it's going to get installed if you want other new updates.

 

From: Haswell Microcode 23 released. Spectre vulnerability patched, 9% slowdown :-(
http://forum.notebookreview.com/thr...ctre-vulnerability-patched-9-slowdown.812642/

Thanks for the heads up, sorry to hear that. I have been seeing similar performance results posted from others for other brands, so it's not unusual. The firmware activates additional protections in the OS patches which adds to the performance loss in some use cases.

 

I went ahead and let the update come through on the desktop in my signature.

Since then I've had problems with MSI Command Center, and HWinfo64 not being able to initialize. After reinstalling twice, I found that if I just log out and sign back in, they will work again, so I have no idea what's going on there.

If I find more, I will let everyone know. Has anyone else seen this with their MSI utilities?

 

Maybe report it to MSI Support so they know? It's possible MSI will release updates to their software due to these patches.

Another regression testing opportunity for all software developers... sigh.

 

Using the new microcodes alone doesn't kill the performance. Using the OS updates alongside them does. Just boot to an OS without patch for benching and to one with the patch for work.

Data centers have been f'ed by the ODMs. First this and then NVIDIA no longer allowing them to use Geforce GPUs in their new EULA.

 

So then the OS updates use the firmware changes, otherwise the new firmware is inert? And, without the firmware changes available, some portion of the OS updates is unused as well?

Interesting.

So that means that there is an API(?) for the firmware additions that could be called by applications? Are there any features of interest?

Are the docs available as public links for these firmware API / changes, and how they are used by the OS?

Do Linux OS changes use these firmware changes too, like the Windows patches?

So rather than say that the firmware and OS patches performance losses are cumulative, I should say that the firmware update enables additional protections otherwise inactive in the OS patches potentially increasing the performance loss?

 

Branch target injection mitigation (fixing CVE-2017-5715, the bug that requires microcode support) can not be enabled by microcode alone and requires additional OS support via update.

 

Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
Answer ID 4611 Updated 01/04/2018 06:33 PM
NVIDIA RESPONSE TO SPECULATIVE EXECUTION WITH KNOWN SIDE CHANNELS - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
https://nvidia.custhelp.com/app/answers/detail/a_id/4611/related/1

"NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels.

The vulnerability has three known variants:

• Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
• Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
• Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.

For updates and additional information, actively monitor the NVIDIA Product Security page.

Spoiler: Text version of image...

Affected Products
Product OS
GeForce, Quadro, NVS Windows, Linux, FreeBSD, Solaris
Tesla Windows, Linux
Security Updates
When available, download the updates from the NVIDIA Driver Downloads page.

WINDOWS
Product Product Series OS Driver Branch Updated Version
GeForce All Windows R390 Expected week of January 8, 2018
Quadro, NVS All Windows R390 Expected week of January 8, 2018
R384 386.07
Tesla

All Windows R390 Expected week of January 22, 2018
R384 Expected week of January 8, 2018
LINUX
Product Product Series OS Driver Branch Updated Version
GeForce All Linux, FreeBSD, Solaris R390 390.12
R384 384.111
Quadro, NVS All Linux, FreeBSD, Solaris R390 390.12
R384 384.111
Tesla All Linux R390 Expected week of January 22, 2018
R384 Expected week of January 8, 2018
NOTES

• The Linux driver contains updates to maintain compatibly with recent Linux updates for this security issue.
  
  
• If you are using earlier driver branches of the affected products, upgrade to a supported driver branch that contains the fix as listed in the tables for Windows and Linux.

 

Right, but if the microcode isn't there, then the patch code can't run. I'm assume the single patch from Windows Update is all that is needed - there isn't a 2nd patch that comes if you have the microcode only...?

 

If the microcode isn't updated but the OS is, then both components of the patch are deployed, but only rogue data cache load (CVE-2017-5754) is enabled, but you would see performance reduction either way. So have your BIOS updated and use an OS with or without patch according to your usage scenario (performance or security).

 

I wonder how these security mitigation's in the new Nvidia driver 390.65 will affect performance?

Are AMD GPU's affected??

 

Fix Windows 7 BSOD 0x000000c4 after installing KB4056894
by Martin Brinkmann on January 08, 2018 in Windows
https://www.ghacks.net/2018/01/08/fix-windows-7-bsod-0x000000c4-after-installing-kb4056894/

" Microsoft published security updates for all supported versions of Windows recently that protect systems running Windows from Meltdown and Spectre attacks.

The company released updates for Windows 10 via Windows Update. Cumulative update patches for all supported operating systems are available on the Microsoft Update Catalog website as well.

Tip: you can find out if your Windows PC is affected by Meltdown or Spectre.

Windows 7 users and administrators who install KB4056894 on machines running the operating system may run into Blue Screen of Death issues after doing so.

The update does not appear to be distributed via Windows Update right now, but system administrators can download it from Microsoft’s Update Catalog website and install it manually. Microsoft announced plans to release it tomorrow on the January 2018 Patch Day.

KB4056894 causing Bluescreen on Windows 7 PCs


It appears that the patch does not play well with specific AMD configurations. Reports suggest that the bug affects a wide range of AMD processors including AMD Athlon X2, Opteron, and Turion models.

Systems affected by the issue throw the BSOD error Stop: 0x000000c4 followed by additional information. Admins and users who did not install the patch already on AMD systems should hide the update for the time being to block it from installation.

The situation is different if the update is installed already on the system. Windows won’t boot anymore thanks to the Blue Screen of Death error. This means that the main method of removing updates from a Windows machine does not work.

A user on Reddit came up with a solution that should work on the majority of devices affected by the Blue Screen of Death:

1. Use the F8-key during the boot sequence and select Repair Your Computer in the menu that pops up. If you have difficulties opening the menu hammer on the F8-key repeatedly until the menu appears.
2. Open a command prompt window.
3. Run dir d: to check that the Windows drive is mapped.
4. Run dism /image:d:\ /remove-package /packagename:{P}ackage_for_RollupFix~31bf3856ad364e35~amd64~~7601.24002.1.4 /norestart

In step 4 this forum software interprets colon P into a smilie - so remove the {}'s and that leaves the colon P as required on the command line, it looks like this:


You should get a processing message and a progress bar. The command removes the package from the Windows system. Doing so should resolve the BSOD issue, and Windows should boot normally.

Note that you cannot get into SafeMode, as SafeMode throws a BlueScreen as well. The only option that you have to resolve the issue is to open the startup repair prompt and run the command mentioned above.

You do need to hide the update as it will be picked up by Windows Update and installed if automatic updating is configured. (via Deskmodder)"

 

GPUs? good question.
But drivers almost certainly are.
CPU provides a breach into unpatched OS but using this breach hackers can dig into vulnerable processes in that OS and those processes will open the door for leaking sensitive OS information. Am I right, Prema?

Processes (browsers, gpu software) can.t become bullet-proof unless stop using internet/java but can make it harder for hakers to exloit them on unpatched OS/Machine. Only microcode+os update can save from Meltdown. As for Spectre the time will say.

 

Hopefully someone(s) will post results here:

nVidia Geforce Drivers 390.65 WHQL
http://forum.notebookreview.com/threads/nvidia-geforce-drivers-390-65-whql.812644/#post-10660856

 

Nice with automatic updates YEES!!

 

I disabled/blocked/cut communication with MS and went airplane mode.

 

This website recommend the windows security update patch???!!!

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
Thursday, January 04, 2018 Swati Khandelwal

 

For your convenience, a heavily armed special operations unit has been dispatched to your residence with the updates on USB. Please do not resist while we assist you.

 

Its better to remove the SSDs or HDDs so they can't Install W10 Updates.

 

Lol.

 

Dont worry about that with Windows 7

 

http://forum.notebookreview.com/thr...patches-and-more.812424/page-39#post-10660853

 

Intel addresses Meltdown and Spectre security flaws at CES 2018


More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns
This is going to take a while
By John Leyden 8 Jan 2018 at 16:32
https://www.theregister.co.uk/2018/01/08/meltdown_fix_security_problems/

"More examples have emerged of security fixes for the Meltdown vulnerability breaking things.

Spoiler: Details...

Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.

PulseSecure has come up with a workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.

Sandboxie has released an updated client to solve compatibility issues with an emergency fix from Microsoft, as explained here. We've asked Sophos for comment.

Compatibility with the same set of Microsoft fixes released last Wednesday (January 3), freezes some PCs with AMD chips, as previously reported.

These sorts of issues leave sysadmins (and to a lesser extent consumers) between a rock and a hard place. The critical Meltdown and Spectre vulnerabilities recently found in Intel and other CPUs represent a significant security risk. Because the flaws are in the underlying system architecture, they will be exceptionally long-lived.

Remediation work is necessary but complicated because anti-malware packages need to be tweaked before Microsoft's patches can be applied, as previously reported.

Unless the antivirus compatibility registry key is set, Windows Update will not delivery January's or any future security updates.

Anti-malware software requires low-level access to the machine it runs on so tweaks need to be made to accommodate changes in memory handling that come with the Meltdown and Spectre fixes or else crashes can occur, Microsoft warned.

A Redmond support article clarifies that "customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets [a particular] registry key".

Buckle up: it's going to be a bumpy ride even though some help is available.

Cybersecurity vulnerability manager Kevin Beaumont has put together a Windows antivirus patch compatibility spreadsheet here."

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years
Countermeasures to protect apps from attack
By Thomas Claburn in San Francisco 5 Jan 2018 at 07:08
https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/

"Analysis Intel has borne the brunt of the damage from the revelation of two novel attack techniques, dubbed Meltdown and Spectre, that affect the majority of modern CPUs in various ways.

The chipmaker's stock price is down, and it's being eyed for possible securities litigation, following reports CEO Brian Krzanich sold the bulk of his Intel shares after the biz had been made aware of the flaws.

Spoiler

In its defense, Intel has said other chip designers are also affected. While the Meltdown vulnerability, a side-channel attack that allows user applications to read kernel memory, is known to affect Intel processors (and the Arm Cortex-A75 that is yet to ship). The other vulnerability, Spectre, meanwhile, has been demonstrated on Intel Ivy Bridge, Haswell and Skylake processors, AMD Ryzen CPUs, and several ARM-based Samsung and Qualcomm system-on-chips used for mobile phones.

But Spectre will be harder to mitigate than Meltdown because the most effective fix is redesigned computing hardware.

"We are currently not aware of effective countermeasures that will eliminate the root cause of Spectre, short of hardware redesign," said Daniel Genkin, one of the authors of the Spectre research paper and postdoctoral fellow in computer science in the University of Pennsylvania and the University of Maryland, in the US, in an email to The Register.

CERT in its January 3 vulnerability note for one of the two Spectre CVEs said the solution is replace CPU hardware, noting, "Underlying vulnerability is caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware." That passage was deleted from a subsequent revision of the vulnerability notification.

Coincidentally, Intel on Thursday declared it has developed and is in the process of issuing patches to its manufacturing partners that render its hardware "immune from both exploits" – meaning both Meltdown and Spectre.

********. While it has Meltdown covered, Chipzilla only has half of Spectre in its sights. The patches and firmware available now for Intel processors are:

• Operating system updates for Linux, Windows and macOS, that separate kernel and user spaces, and kill the Meltdown vulnerability. On Linux, this fix is known as Kernel Page Table Isolation, aka KPTI.
• On pre-Skylake CPUs, kernel countermeasures – and on Skylake and later, a combination of a microcode updates and kernel countermeasures known as Indirect Branch Restricted Speculation, aka IBRS – to kill Spectre Variant 2 attacks that steal data from kernels and hypervisors.
• That leaves Spectre Variant 1 attacks, in which rogue software can spy on applications, unpatched. It's a good thing this variant is difficult to exploit in practice.

Intel is in denial. It insisted the vulnerabilities identified do not reflect flaws in its chips. "These new exploits leverage data about the proper operation of processing techniques common to modern computing platforms, potentially compromising security even though a system is operating exactly as it is designed to," the company said.

Thus, we're asked to believe that Intel and its peers are racing to fix products that are in perfect working order and functioning as designed, even as the security researchers who developed these attacks contend hardware will need to be redesigned to cover all bases.

For what it's worth, Intel and AMD CPUs, and selected Arm cores, are vulnerable to Spectre Variant 1 attacks. Intel and Arm said Arm cores are vulnerable to Spectre Variant 2. Only Intel CPUs and one Arm core – the yet-to-ship Cortex-A75 – are vulnerable to Meltdown.

Oh, and Apple's Arm-compatible CPUs are affected by Meltdown and Spectre, too, but we'll get to that later.

Patches to address Meltdown have already started to appear for the aforementioned operating systems, and they come with a performance hit, one that varies with the computational workload and hardware in question.

Linux kernel supremo Linus Torvalds has suggested a five per cent slowdown should be typical; Willy Tarreau, CTO of HAProxy and a Linux kernel contributor, has reported a 17 per cent slowdown; worst-case scenarios have been as high as 30 per cent.

Amazon Web Services confirmed to The Register that its deployment of the Meltdown mitigation has been noticed by AWS customers, though it stressed the impact on virtual machine performance isn't particularly significant.

Your mileage may vary
On Thursday, Matt Linton, senior security engineer at Google, and technical program manager Pat Parseghian, expanded on previously published vulnerability info with another blog post.

Responding to concerns about slowdowns arising from KPTI, they said, "Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance."

The Register asked Google whether it could quantify the performance hit it has seen on its systems, but has not yet received a reply.

In any event, dealing with Spectre is likely to slow computing operations further, beyond the Meltdown tax. And Spectre is everywhere: laptop and desktop computers, servers in data centers, and smartphones. It can affect web applications and virtual machines.

To reduce idle time, most modern chips speculate about future instructions while processing present ones, a process known as speculative execution. If they guess, right, they save time; and if they guess wrong, they just toss errant predictions and are not worse off than if they'd just sat idle awaiting the next instruction.

Taken together, the right and wrong guesses still process data faster than just waiting around for every instruction to be executed in a serial fashion, one after another.

Spectre attacks dupe the processor into making guesses about future instructions that wouldn't otherwise be allowed, and thereby can gain access to privileged information within the kernel address space, or data in other running processes.

Basically, those designing affected processors didn't anticipate this scenario. They built a fence around their execution engines, and were satisfied with their security and privacy protection – until Google Project Zero researchers, and other experts, brought a ladder to the party and broke their security model.

Two Spectre attacks have been demonstrated, a bounds bypass check, aka Spectre Variant 1, and branch target injection, Spectre Variant 2, both of which the Project Zero researchers have explained in more detail than most would care to consider.

Fixing the bounds bypass check attack requires analysis and recompilation of vulnerable code; addressing the branch target injection attack can be dealt with via a CPU microcode update, such as Intel's IBRS microcode, or through a software patch like "retpoline" to the operating system kernel, the hypervisor, and applications.

In other words: to protect yourself from Spectre Variant 1 attacks, you need to rebuild your applications with countermeasures. These defense mechanisms are not generally available yet. To protect yourself from Spectre Variant 2 attacks, you have to use a kernel with countermeasures, and if you're on a Skylake or newer core, a microcode update, too. That microcode is yet to ship. It's not particularly clear, through all the noise and spin this week, which kernels have been built and released with countermeasures, if any. A disassembly of latest Windows releases suggests Microsoft is, for one, on the case.

It's not a straightforward process. It's messy, and Chipzilla is trying to simplify the situation to impress investors and right its share price. Yes, Meltdown is under control. Spectre not so much, and it's going to take a little while longer to straighten out. That's time Intel can't afford.

Coming to a compiler near you, soon
Several software-based mitigation strategies for Spectre attacks have been proposed. These are countermeasures that need to be woven into applications and operating systems to resist snooping, and the rebuilt software then distributed to users. These involve limiting speculative execution through additional code. Intel recommends using the LFENCEinstruction to serialize operations and prevent instruction speculation that can be abused.

But that could slow things down. "Note that the insertion of LFENCE must be done judiciously; if it is used too liberally, performance may be significantly compromised," Intel advised in a technical note about the issue. This would be on top of the Meltdown performance tax.

Project Zero researchers have also suggested use of the MFENCEinstruction, and the application of static analysis techniques to minimize unnecessary security checks. They said that code in legacy application may need to be recompiled.

As well as this, Project Zero team has proposed a mitigation technique called "retpoline," a combination of "return" and "trampoline," that prevents exploitative speculative execution from occurring. They offer this metaphor to describe the operation: "Imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around."

Retpoline works by pushing the current program counter onto the stack, then pushing the address you want to jump to onto the stack, and then using the return instruction – which pulls that address off the stack and jumps to it. Returning from that subroutine jumps the processor back to where it was. This chicanery when calling code is supposed to thwart attempts to exploit Spectre design flaws in processors.

Google's support document on retpoline suggested the performance hit is minimal: "Microbenchmarking on Intel x86 architectures shows that our converted sequences are within cycles of an native indirect branch (with branch prediction hardware explicitly disabled)."

But this is akin to saying a broken leg won't slow you down much compared to walking around on crutches. Branch prediction isn't typically disabled.

A performance hit
In a mailing list for the LLVM compiler project, Chandler Carruth, who heads Google's LLVM team, explained: "Well tuned servers using all of these techniques saw 5 per cent to 10 per cent overhead from the use of retpoline."

Recompiling applications to mitigate the risk posed by fundamentally insecure hardware thus has a cost.

Another mitigation technique involves reducing timer accuracy.

"Both Meltdown and Spectre currently use the cache side channel in order to exfiltrate the data obtained during the erroneous speculative execution," said Genkin. "As cache attacks often need an accurate timing source, decreasing timer accuracy is a generic way to make cache attacks harder to mount."

This doesn't work in all cases, as some side channel attacks don't require timers. Genkin said such attacks could be combined with erroneous speculative execution to create more Spectre and Meltdown variants. "Whether such attacks can be implemented from JavaScript is yet to be determined," he said.

On Wednesday, Luke Wagner, senior staff software engineer at Mozilla, said Firefox 57 will reduce the resolution of time sources likeperformance.now() and disable SharedArrayBuffer, which can be used to create high-resolution timers, in an effort to limit the impact of Spectre attacks. In other words, prevent malicious JavaScript running in a tab from potentially sniffing data – like login tokens – held elsewhere in the browser or system.

"The final step of the attack involves measuring the time it takes to perform a sequence of operations that depend on secret data," Wagner explained in an email to The Register. "This time difference is very small, so by keeping the resolution of the timers that are exposed to JavaScript high enough, we mitigate the ability of the attacker to perform this step."

Microsoft has taken similar measures. Through a just released software update, the tech giant said it has removed support forSharedArrayBuffer from Microsoft Edge and reduced the resolution of performance.now() from 5 microseconds to 20 microseconds, with a variable jitter of up to an extra 20 microseconds.

Google Chrome, meanwhile, plans to implement a defense called Site Isolation when Chrome 64 arrives on January 23, again to stop evil JS from snooping beyond its boundaries.

Apple on Thursday evening said it has already addressed Meltdown in December iOS, macOS, and tvOS updates, and plans to provide Spectre mitigation for Safari for iOS and macOS in the next few days. Essentially, the Arm-compatible and Intel CPUs it used in its gear suffer all the badness described above.

Wagner observed that software fixes aren't enough. "Ultimately, this is a problem with the processor and addressing it in the browser requires removing useful functionality and degrading performance," he said. "We hope the future microprocessor improvements would allow less drastic measures in the browser while still maintaining safety."

Asked how Meltdown and Spectre compare to other major cybersecurity incidents, Genkin said in the short term, he expects there will be exploits against unpatched systems. For the long term, he said, "This is something that will affect the way that we design CPUs and build operating systems. Once proper countermeasures and correct hardware designs are in place, this will be remembered as a major security incident."

 

Intel promises fix for chip flaw that left billions of devices vulnerable to hackers 'within a week'

http://www.telegraph.co.uk/technolo...x-chip-flaw-left-billions-devices-vulnerable/

John.

 

Intel did patch all vulnerabilities but OEMs made it so late to release the fix.
I'm still unpatched for SA0086 and SA0088.
Thanks Intel.