Windows 10: Windows Client Guidance against speculative execution vulnerabilities

Page 31 of 48 FirstFirst ... 21293031323341 ... LastLast

  1. Posts : 18,881
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       4 Weeks Ago #301

    Here is Shawn's tutorial on verifying TPM, you could also click some of the links in the tutorial to learn more: Verify Trusted Platform Module (TPM) Chip on Windows PC Hardware Drivers Tutorials
      My ComputersSystem Spec

  2.    4 Weeks Ago #302

    Fabler2 said: View Post
    IronZorg89, just had confirmation that HP is working on the update and requests to wait until further notice.
    Thanks for the info. At least it's good to know they are working on it.
      My ComputerSystem Spec


  3. Posts : 5,432
    10 Home x64 (1709) (10 Pro on 2nd pc)
       4 Weeks Ago #303

    Neil Macready said: View Post
    Thanks very much Bree. For some strange reason though, it says my 6 digit Product Part Number is 'Invalid' ?
    Odd - must be a regional thing. It works for my UK model (but says there won't be an update )

    However, mine doesn't appear on this list, but yours does - with a 'target available date' of '2018/1E'
    https://support.toshiba.com/support/...tentId=4015952

    From some other dates listed (like 2018/2~4) looks like the '1' is the month (E for 'estimate' perhaps, or 'end'?)
      My ComputersSystem Spec


  4. Posts : 297
    Windows 10 Pro 1709 16299.192
       4 Weeks Ago #304

    Now here is some strange software ROT ! On Tues last week I applied a new BIOS that was supplied by my mother boards manufacture (Gigabyte). I ran all of the scripts to verify and in Post # 235 in this thread, I posted the results. It showed everything was fixed. So on last Friday, I was building USB stick with the scripts for these tests so that I could take it with me to help out a friend that had a BIOS update performed on his Dell machine. Decided to run the scripts and they all came back stating the there is no OS fixes for Spectre and or Meltdown. I took another screen print and overlay-ed them onto the Screen print from last Tuesday. The frames with Red Zeros are the new results.

    Is there any chance after the BIOS update changed some address or something that negates the Windows Updates from earlier this month ???
    Attached Thumbnails Attached Thumbnails DeskTop_NOT_Fixed.jpg  
      My ComputersSystem Spec

  5.    4 Weeks Ago #305

    Is your motherboard the Gigabyte Dual BIOS type...see here for what I mean?

    --GIGABYTE--DUAL BIOS WEB
      My ComputerSystem Spec


  6. Posts : 297
    Windows 10 Pro 1709 16299.192
       4 Weeks Ago #306

    DawsonvilleBill said: View Post
    Is your motherboard the Gigabyte Dual BIOS type...see here for what I mean?

    --GIGABYTE--DUAL BIOS WEB
    Yes it is.
      My ComputersSystem Spec


  7. Posts : 1,265
    WinX Pro x64 IP current
       3 Weeks Ago #307

    BTW, Steve Gibson, of GRC.com, who loves making nifty little apps in Assembly, has released a really easy to use Spectre and Meltdown detection utility for Windows.

    GRC

    Q: On some of the computers, one or the other or both of the Enable/Disable Protection buttons are grayed out and disabled so that they cannot be used. What's going on?

    A: Either of the Protection Enable/Disable buttons will be disabled when the button's respective vulnerability cannot be enabled or disabled by its user. For example, Since AMD processors have never been subject to the Meltdown vulnerability, the Meltdown button will be disabled because there's no way for its protection to be disabled. This would also be true (in the other direction) when a system has an Intel processor and any version of Windows that has not been updated for the Meltdown vulnerability. In that case the system is vulnerable and there's no way for the button to make it invulnerable.

    Similarly, any computer whose firmware has not been updated will be vulnerable to Spectre attacks and, again, the button cannot make it invulnerable.

    So, InSpectre will enable those buttons when the system's conditions allow the operating system to protect against the respective vulnerability, but the user may wish to disable that protection, where possible.
      My ComputersSystem Spec


  8. Posts : 1,265
    WinX Pro x64 IP current
       3 Weeks Ago #308

    Here are my results from FCU (no patches installed yet):

    Click image for larger version. 

Name:	InSpectre 16299 FCU.PNG 
Views:	69 
Size:	18.5 KB 
ID:	173977

    Spectre & Meltdown Vulnerability
    and Performance Status

    Vulnerable to Meltdown: YES!
    Vulnerable to Spectre: YES!
    Performance: GOOD
    (full details below)

    In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

    Protection from these two significant vulnerabilities requires updates to every system's hardware-its BIOS which reloads updated processor firmware-and its operating system-to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

    This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

    This system's present situation:

    This 64-bit version of Windows is not aware of either the Spectre or Meltdown problems. Since Intel processors are vulnerable to both of these attacks, this system will be vulnerable to these attacks until its operating system has been updated to handle and prevent these attacks.

    This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

    This system's Intel processor does not provide high-performance protection from the Meltdown vulnerability. The use of Meltdown protection on this system will incur some corresponding performance penalty.

    This system is not currently providing any protection against the Meltdown vulnerability. Either the operating system is unaware of this problem (which can be resolved by any operating system) or the operating system's protection has been deliberately disabled.

    Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

    The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

    Guidance & Observations

    Since this version of Windows is not fully aware of both of these security threats, if possible you should consider updating to a newer version which is fully aware. There are versions of Windows 7, 8.1 and 10 which are fully aware... even at a possible cost in system performance.

    When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.

    When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.

    For more information see GRC's InSpectre web page

    Copyright 2018 by Gibson Research Corporation
    Click image for larger version. 

Name:	InSpectre 16299 FCU #2.PNG 
Views:	70 
Size:	17.9 KB 
ID:	173976

    This 64-bit OS on Intel Processor:

    OS is Meltdown aware: No
    OS is Spectre aware: No
    OS Meltdown data: n/a
    OS Spectre data: n/a
    PCID/INVPCID instructions: No / No
    CPU microcode updated: No
    CPU is meltdown vulnerable: Yes

    This system's processor identification:
    Intel Core i7 CPU / 965 @ 3.20GHz

    Documentation of Meltdown (KVA) and Spectre (branch control speculation) bit flags returned by the NtQuerySystemInformation call which, when supported by updated versions of Windows as shown above, provides detailed information about Windows' management of these vulnerabilities:

    KVA (Meltdown Vulnerability) flags:
    ==================================
    0x01 KVA_SHADOW_ENABLED
    0x02 KVA_SHADOW_USER_GLOBAL
    0x04 KVA_SHADOW_PCID
    0x08 KVA_SHADOW_INVPCID

    Branch Prediction Speculation (Spectre) flags:
    ==================================
    0x01 BPB_ENABLED
    0x02 BPB_DISABLED_SYSTEM_POLICY
    0x04 BPB_DISABLED_NO_HW_SUPPORT
    0x08 SPEC_CTRL_ENUMERATED
    0x10 PRED_CMD_ENUMERATED
    0x20 IBRS_PRESENT
    0x40 STIBP_PRESENT
    0x80 SMEP_PRESENT

    The presence of both the relatively recent PCID and INVPCID instructions allows Windows (when it chooses to take advantage of these instructions) to protect against the Meltdown vulnerability without significant system performance impact.

    AMD processors do not require and do not offer and do not need the PCID and INVPCID instructions since they are inherently not vulnerable to Meltdown attack.

    "CPU microcode updated" indicates that this system is using recently updated Intel or AMD microcode which provides the control over branch prediction speculation required to allow an aware operating system to protect the system from the Spectre vulnerabilities.

    This application will run under WINE and can therefore be used on non-Windows systems. Although its operating system data may not be meaningful under WINE, its display of the underlying processor capabilities will be accurate.

    For more information see GRC's InSpectre web page

    Copyright 2018 by Gibson Research Corporation
      My ComputersSystem Spec


  9. Posts : 367
    Windows 10 Home Version 1709 Build 16299.19
       3 Weeks Ago #309

    HP and Dell now recommending users uninstall the new bios and replace it with older bios until new update available due to serious reboot/stability issues.

    HP Reissuing BIOS Updates After Intel Meltdown and Spectre Updates
      My ComputerSystem Spec


  10. Posts : 1,265
    WinX Pro x64 IP current
       3 Weeks Ago #310

    Lol!

    Nice.
      My ComputersSystem Spec


 
Page 31 of 48 FirstFirst ... 21293031323341 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:48.
Find Us