'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    Its official:
    https://www.bleepingcomputer.com/ne...curity-updates-unless-avs-set-a-registry-key/

    The question is what does "updating their product" mean? Might be what has been previously inferred to by registering in Win Security Center. Or far more reaching, they no longer bypass KPP? Oh, my ................
     
    Last edited: Jan 9, 2018
  2. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    This. :thumb:
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    I think I know what this means. Eset for example, not only updated the noted registry key but also select AV modules. So it appears to me that there is indeed a Microsoft certification requirement involved and an AV vendor registry key update alone is not sufficient.

    Bye-bye to the non-major AV vendors. I also suspect that Microsoft will next be going after non-AV security vendors if already not underway. Bye-bye to all those security products Wilders folks seem to enjoy so much?
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,557
    All I know is I am glad I migrated my users at my job to ESET last fall. That is all.
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,902
    Location:
    Slovenia, EU
    Yes, I agree. If they start to mess with kernel each patch Tuesday, small vendors could have problems making their software compatible.
     
  6. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    The update worked fine for me with zemana antilogger. If you have no AV you might consider enabling windows defender just to get the update offered. Or you can just add the registry key manually,

    Because zemana is a complimentary anti malware program, they cannot set the registry key because they don’t know what AV you are running it with (if any).
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    @noway - I've always done this using a persistent Live Linux (mainly Puppy) from a regular USB stick. ONLY used for that purpose, and never for any general browsing.

    One little trick you can use with the persistence is to take the stick out once the system is loaded into RAM. You can transact with the bank, then when it comes down to leave, you just shutdown and forget the write errors. This way, there is no way your passwords etc can be saved to disk.

    On the other hand, if you want to update the system, you can do so without browsing or entering any sensitive data, and persist as normal.

    It's kind-of similar to revert-to-snapshot and take-a-snapshot with a virtual machine.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,902
    Location:
    Slovenia, EU
    https://labsblog.f-secure.com/2018/01/09/some-notes-on-meltdown-and-spectre/
     
  9. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    8,282
  10. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  11. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,616
    Location:
    Triassic
    In this MS link below, there is a list of all the OEMs with a link to each of their websites you need to visit for a BIOS/MC fix.
    I checked out the Lenovo site and there is an extensive list of all their products with a date for the fix and a link to get it if it is already available...

    https://support.microsoft.com/en-us...your-windows-devices-against-spectre-meltdown
     
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @emmjay Excellent, thank you. That is a fantastic resource site for sure and I was not yet aware if it. :thumb:
    It has been such a fast paced past week in the security world.
     
  13. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    A new microcode.dat file to address these issues for intel CPUs is now available on the intel download site.

    https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t

    This can be used with the VMware CPU Microcode Driver to patch your CPU microcode.

    You need the file called microcode-20180108.tgz"

    You can unpack this using 7-Zip for example. Then follow the instructions on the VMware site.

    https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver

    After applying this I get these results:

    There's more stuff in green now but still some red.

    speculation.JPG

    specuckeck.JPG
     
    Last edited: Jan 9, 2018
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,656
    Location:
    Italy
    Hi
    This warning scares:

    Have you updated only one pc with Windows 10 x64?
    TH.
     
  15. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I have only done one, Windows 10 Home x64 with a Haswell chip. I have another laptop with a later chip and will do that tomorrow.

    I have to read the other posts and find out how to enable some of the OS protections. The Microsoft site was less than helpful. This will have to wait though as I am getting tired tonight.
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    Appears to me that OS mitigation for branch target injection is not enabled for some reason. With OS and hardware support for same showing "true," it should also be showing "true." Appears to me all the microcode update did was mitigate the Meltdown vulnerability.
     
  17. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    The Microsoft link referted to above in "Suggested actions" in the PS tool output gives reg keys to enable it. But the wording isn't very clear and I haven't tried that yet.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    Supposedly those are only required for Win Server OSes, but I have not 100% bought into that.
     
  19. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    It is not clear. There is a lot of confusion about this for sure.
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    I will state in regards to AMD processors, the MS related updates are indeed a mystery. I was just reading on the AMD forum that someone with a Phonem 4 core processor got a blue screen on boot after installing the updates. I am running a Phonem 6 core processor with zip issues after the update. In fact my performance in regards to apps starting and running is better than that prior to the update. All this leads me to believe that other factors are involved than the MS updates in themselves.

    -EDIT- User with 4 core processor was high-end performance one. Mine is the exact opposite; low-end performance one. Wonder if the OS update timing changes made have a larger impact on high-end CPUs both in performance and stability in a given class vs. low-end CPUs?
     
    Last edited: Jan 9, 2018
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,371
    Location:
    Among the gum trees
    Please excuse my ignorance, but will any of these help my HP machine with this Meltdown and / or Spectre issue?
     

    Attached Files:

  22. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,930
    These are regular hardware drivers, and the likelihood for Intel to implement a cure for Meltdown/Spectre into these drivers is close to zero.
     
  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    SpecuCheck 1.0.5
    Link: https://github.com/ionescu007/SpecuCheck/releases/tag/1.0.5
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,371
    Location:
    Among the gum trees
    Oh. Thanks.

    I'm surprised HP have been pushing so many updates in the last week or two considering the machine ran out of warranty on the 27th of December.
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,660
    Location:
    Under a bushel ...
    See my post #322 edit.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.