Meltdown & Spectre: major chip vulnerabilities alert

Any topic that does not fit into the other categories.
Post Reply
Message
Author
User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Meltdown & Spectre: major chip vulnerabilities alert

#1 Post by Midas » Thu Jan 04, 2018 4:54 am

This has been all over the tech news in the past couple of days... (first mentioned here by Napiophelios).

Meltdown and Spectre: 'worst CPU bugs ever' affect virtually all computers
https://gu.com/p/7p72e

Intel, ARM and AMD chip scare: What you need to know
http://www.bbc.com/news/technology-42562303

http://www.bbc.com/news/technology-42562303 author wrote:
  • Meltdown affects laptops, desktop computers and internet servers with Intel chips.
  • Spectre potentially has a wider reach. It affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
In view of the field's sorry track record (e.g., check https://www.portablefreeware.com/forums ... hp?t=23601), isn't it high time for a zero assumption, zero trust architecture to emerge?

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#2 Post by Midas » Fri Jan 05, 2018 4:30 am

Ghacks.net has a detailed overview of updates issued by Microsoft to deal with this two vulnerabilities...

Microsoft releases out-of-band security updates to address Intel bug



Mac and iOS devices are not exempt from the flaws.

Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices



In contrast, this rather benign approach by an editor of Gizmo's Freeware:

A Word About Spectre And Meltdown


User avatar
SYSTEM
Posts: 1775
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Meltdown & Spectre: major chip vulnerabilities alert

#3 Post by SYSTEM » Tue Mar 27, 2018 10:35 pm

It has been discovered that Microsoft's Meltdown patch for Windows 7 caused a much worse vulnerability than Meltdown itself, called Total Meltdown. It has been fixed in a subsequent security update in March. Updating is extremely important!

http://blog.frizk.net/2018/03/total-meltdown.html
My YouTube channel | Release date of my 11th playlist: January 26, 2018

User avatar
__philippe
Posts: 484
Joined: Wed Jun 26, 2013 2:09 am

Meltdown vulnerabilities alert

#4 Post by __philippe » Wed Mar 28, 2018 4:36 am

@SYSTEM
Thanks for the timely warning.

Note :
Avoiding superfluous Win7 patches over patches... (aka: procrastinator's reward... ;-))
(excerpt from http://blog.frizk.net/2018/03/total-meltdown.html)

Is my system vulnerable?

Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable.

If your system isn't patched since December 2017 or if it's patched with the 2018-03 patches or later it will be secure
.

freakazoid
Posts: 928
Joined: Wed Jul 18, 2007 5:45 pm

Re: Meltdown & Spectre: major chip vulnerabilities alert

#5 Post by freakazoid » Wed Mar 28, 2018 11:21 am

Thanks for the note, SYSTEM.

Just tested one of my systems that still runs Windows 7 and it appears Microsoft hasn't released the security update for March yet. It should hopefully be released in the next day or so.
is it stealth? ;)

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#6 Post by Midas » Thu Mar 29, 2018 3:38 am

You might also be a victim of this (I know I was!): https://betanews.com/2018/03/16/windows ... tes-no-av/ ...

Luckily, there's an easy solution:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
"cadca5fe-87d3-4b96-b7fb-a231484277cc"=dword:00000000

User avatar
SYSTEM
Posts: 1775
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Meltdown & Spectre: major chip vulnerabilities alert

#7 Post by SYSTEM » Thu Mar 29, 2018 4:06 am

Midas wrote:
Thu Mar 29, 2018 3:38 am
You might also be a victim of this (I know I was!): https://betanews.com/2018/03/16/windows ... tes-no-av/ ...
Reiterating what __philippe mentioned above: if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
My YouTube channel | Release date of my 11th playlist: January 26, 2018

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Meltdown & Spectre: major chip vulnerabilities alert

#8 Post by Midas » Thu Mar 29, 2018 5:28 am

SYSTEM wrote: ... if the AV has blocked the Meltdown patch from installing, the system isn't vulnerable to Total Meltdown.
Which it did in my case. Now talk about two wrongs not making a right... ;)

freakazoid
Posts: 928
Joined: Wed Jul 18, 2007 5:45 pm

Re: Meltdown & Spectre: major chip vulnerabilities alert

#9 Post by freakazoid » Thu Mar 29, 2018 11:28 am

I already have the QualityCompat regkey set.

I know I can manually download the update, but I've also read that the update is buggy. I already have the updates from February.

Did some further research and it looks like I'm not the only one that is having problems obtaining the March update through Windows Update:
https://www.askwoody.com/forums/topic/m ... ost-178695

In order for me to see the March update, I had to hide the March 2018 and February 2018 preview rollup updates. Weird af.
is it stealth? ;)

Post Reply