Windows Client Guidance against speculative execution vulnerabilities

fdegrove said:

Hi,



That's it. It may take them a while as a machine with a Haswell cpu is already out of their zone of direct interest commercially spoken. I happen to have a Fujitsu machine (amongst others) with the exact same cpu as you do and no more love from its maker either.

That said, I don't worry too much about it. If someone decides to hack it then so be it, nothing of interest there just the OS. Anything else is on external drives.
Just for info, I had it running on a 4790K at one point and it's still a very fast machine compared to machines running I7 6700 and even I7 7700K. It's a keeper.

Cheers,

The best we can do right now is just "wait" while checking from time to time to see if some update has come up. I don't really know how MS is going to deliver its next cumulative update if this thing is not fixed before the due date. :)

OldMike65 said:

Runs fine on my Intel system here....:)
Attachment 172574

Interesting - I wish it would tell me what Powershell executable is missing ?

dencal said:

Which one am I to believe???????????

I ran both tools and my results are quite the opposite of yours:





The way I understand it, the Intel SA-00086 Tool doesn't check whether or not one is vulnerable to Spectre And Meltdown. In your case, if you check OK (green light) for both according to the Spectre & Meltdown CPU checker, that means you have already updated (flashed) your BIOS/UEFI, which is not the case for me. I am still waiting for an update to that regard from HP support site.

Hi,

In your case, if you check OK (green light) for both according to the Spectre & Meltdown CPU checker, that means you have already updated (flashed) your BIOS/UEFI, which is not the case for me. I am still waiting for an update to that regard from HP support site.

Agreed but isn't it odd that @dencal is still vulnerable for IME which dates from last November whereas the new BIOS\UEFI is up to date for Spectre and Meltdown ?

I mean the flash update should also contain the MEI update, no ?

Cheers,

fdegrove said:

Hi,

I mean the flash update should also contain the MEI update, no ?

Cheers,

Not necessarily. My laptop had separate FW updates.

fdegrove said:

Hi,



Agreed but isn't it odd that @dencal is still vulnerable for IME which dates from last November whereas the new BIOS\UEFI is up to date for Spectre and Meltdown ?

I mean the flash update should also contain the MEI update, no ?

Cheers,

Also agreed and I think your reasoning stands. I definitely think that any BIOS/UEFI firmware update should also fix the Intel Management Engine. I am as confused as you are and I cannot wait to see what is going to come out from MS's next Security Update. Maybe (and I hope) they will find a patch (firmware) to fix the issue for some PCs. The problem is whatever the fix they come up with, it will have a performance hit on some PCs, more so specially on the ones with old CPUs. :)

Hi,

Yes but it then should also be available from the OEM website either as a bios/efi flash or as an Intel ME flash IMHO.

I just checked with my OEM and flashes for cpu microcode will be available for three of my machines starting from cw 05. Good to know.

I am as confused as you are and I cannot wait to see what is going to come out from MS's next Security Update.

MS has already done what it is supposed to do. That part is safe now. But it's the hardware that still requires patching for the majority of us endusers.
Cheers,