Meltdown & Spectre: major chip vulnerabilities alert

Any topic that does not fit into the other categories.
Post Reply
Message
Author
User avatar
Midas
Posts: 4113
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Meltdown & Spectre: major chip vulnerabilities alert

#1 Post by Midas » Thu Jan 04, 2018 4:54 am

This has been all over the tech news in the past couple of days... (first mentioned here by Napiophelios).

Meltdown and Spectre: 'worst CPU bugs ever' affect virtually all computers
https://gu.com/p/7p72e

Intel, ARM and AMD chip scare: What you need to know
http://www.bbc.com/news/technology-42562303

http://www.bbc.com/news/technology-42562303 author wrote:
  • Meltdown affects laptops, desktop computers and internet servers with Intel chips.
  • Spectre potentially has a wider reach. It affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
In view of the field's sorry track record (e.g., check https://www.portablefreeware.com/forums ... hp?t=23601), isn't it high time for a zero assumption, zero trust architecture to emerge?

User avatar
Midas
Posts: 4113
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#2 Post by Midas » Fri Jan 05, 2018 4:30 am

Ghacks.net has a detailed overview of updates issued by Microsoft to deal with this two vulnerabilities...

    Microsoft releases out-of-band security updates to address Intel bug
    https://www.ghacks.net/2018/01/04/micro ... y-updates/

Mac and iOS devices are not exempt from the flaws.

    Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices
    http://wapo.st/2CGi3GM

In contrast, this rather benign approach by an editor of Gizmo's Freeware:

    A Word About Spectre And Meltdown
    https://www.techsupportalert.com/conten ... ltdown.htm

User avatar
SYSTEM
Posts: 1757
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Meltdown & Spectre: major chip vulnerabilities alert

#3 Post by SYSTEM » Tue Mar 27, 2018 10:35 pm

It has been discovered that Microsoft's Meltdown patch for Windows 7 caused a much worse vulnerability than Meltdown itself, called Total Meltdown. It has been fixed in a subsequent security update in March. Updating is extremely important!

http://blog.frizk.net/2018/03/total-meltdown.html
My YouTube channel | Release date of my 11th playlist: January 26, 2018

__philippe
Posts: 470
Joined: Wed Jun 26, 2013 2:09 am

Meltdown vulnerabilities alert

#4 Post by __philippe » Wed Mar 28, 2018 4:36 am

@SYSTEM
Thanks for the timely warning.

Note :
Avoiding superfluous Win7 patches over patches... (aka: procrastinator's reward... ;-))
(excerpt from http://blog.frizk.net/2018/03/total-meltdown.html)

    Is my system vulnerable?
    Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable.
    If your system isn't patched since December 2017 or if it's patched with the 2018-03 patches or later it will be secure.

freakazoid
Posts: 922
Joined: Wed Jul 18, 2007 5:45 pm

Re: Meltdown & Spectre: major chip vulnerabilities alert

#5 Post by freakazoid » Wed Mar 28, 2018 11:21 am

Thanks for the note, SYSTEM.

Just tested one of my systems that still runs Windows 7 and it appears Microsoft hasn't released the security update for March yet. It should hopefully be released in the next day or so.
is it stealth? ;)

User avatar
Midas
Posts: 4113
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#6 Post by Midas » Thu Mar 29, 2018 3:38 am

You might also be a victim of this (I know I was!): https://betanews.com/2018/03/16/windows ... tes-no-av/ ...

Luckily, there's an easy solution:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
"cadca5fe-87d3-4b96-b7fb-a231484277cc"=dword:00000000

User avatar
SYSTEM
Posts: 1757
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Meltdown & Spectre: major chip vulnerabilities alert

#7 Post by SYSTEM » Thu Mar 29, 2018 4:06 am

Midas wrote:
Thu Mar 29, 2018 3:38 am
You might also be a victim of this (I know I was!): https://betanews.com/2018/03/16/windows ... tes-no-av/ ...
Reiterating what __philippe mentioned above: if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
My YouTube channel | Release date of my 11th playlist: January 26, 2018

User avatar
Midas
Posts: 4113
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#8 Post by Midas » Thu Mar 29, 2018 5:28 am

SYSTEM wrote: ... if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
Which it did in my case. Now talk about two wrongs not making a right... ;)

freakazoid
Posts: 922
Joined: Wed Jul 18, 2007 5:45 pm

Re: Meltdown & Spectre: major chip vulnerabilities alert

#9 Post by freakazoid » Thu Mar 29, 2018 11:28 am

I already have the QualityCompat regkey set.

I know I can manually download the update, but I've also read that the update is buggy. I already have the updates from February.

Did some further research and it looks like I'm not the only one that is having problems obtaining the March update through Windows Update:
https://www.askwoody.com/forums/topic/m ... ost-178695

In order for me to see the March update, I had to hide the March 2018 and February 2018 preview rollup updates. Weird af.
is it stealth? ;)

Post Reply