Page 1 of 1
Meltdown & Spectre: major chip vulnerabilities alert
Posted: Thu Jan 04, 2018 4:54 am
by Midas
This has been all over the tech news in the past couple of days... (first mentioned
here by Napiophelios).
Meltdown and Spectre: 'worst CPU bugs ever' affect virtually all computers
https://gu.com/p/7p72e
Intel, ARM and AMD chip scare: What you need to know
http://www.bbc.com/news/technology-42562303
http://www.bbc.com/news/technology-42562303 author wrote:- Meltdown affects laptops, desktop computers and internet servers with Intel chips.
- Spectre potentially has a wider reach. It affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
In view of the field's sorry track record (e.g., check
https://www.portablefreeware.com/forums ... hp?t=23601), isn't it high time for a zero assumption, zero trust architecture to emerge?
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Fri Jan 05, 2018 4:30 am
by Midas
Ghacks.net has a detailed overview of updates issued by Microsoft to deal with this two vulnerabilities...
Microsoft releases out-of-band security updates to address Intel bug
Mac and iOS devices are not exempt from the flaws.
Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices
In contrast, this rather benign approach by an editor of Gizmo's Freeware:
A Word About Spectre And Meltdown
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Tue Mar 27, 2018 10:35 pm
by SYSTEM
It has been discovered that Microsoft's Meltdown patch for
Windows 7 caused a much worse vulnerability than Meltdown itself, called
Total Meltdown. It has been fixed in a subsequent security update in March.
Updating is extremely important!
http://blog.frizk.net/2018/03/total-meltdown.html
Meltdown vulnerabilities alert
Posted: Wed Mar 28, 2018 4:36 am
by __philippe
@SYSTEM
Thanks for the timely warning.
Note :
Avoiding superfluous Win7 patches over patches... (aka: procrastinator's reward...
)
(excerpt from http://blog.frizk.net/2018/03/total-meltdown.html)
Is my system vulnerable?
Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable.
If your system isn't patched since December 2017 or if it's patched with the 2018-03 patches or later it will be secure
.
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Wed Mar 28, 2018 11:21 am
by freakazoid
Thanks for the note, SYSTEM.
Just tested one of my systems that still runs Windows 7 and it appears Microsoft hasn't released the security update for March yet. It should hopefully be released in the next day or so.
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Thu Mar 29, 2018 3:38 am
by Midas
You might also be a victim of this (I know I was!):
https://betanews.com/2018/03/16/windows ... tes-no-av/ ...
Luckily, there's an easy solution:
Code: Select all
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
"cadca5fe-87d3-4b96-b7fb-a231484277cc"=dword:00000000
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Thu Mar 29, 2018 4:06 am
by SYSTEM
Reiterating what __philippe mentioned above: if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Thu Mar 29, 2018 5:28 am
by Midas
SYSTEM wrote: ↑... if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
Which it did in my case. Now talk about two wrongs not making a right...
Re: Meltdown & Spectre: major chip vulnerabilities alert
Posted: Thu Mar 29, 2018 11:28 am
by freakazoid
I already have the QualityCompat regkey set.
I know I can manually download the update, but I've also read that the update is buggy. I already have the updates from February.
Did some further research and it looks like I'm not the only one that is having problems obtaining the March update through Windows Update:
https://www.askwoody.com/forums/topic/m ... ost-178695
In order for me to see the March update, I had to hide the March 2018 and February 2018 preview rollup updates. Weird af.