Windows Client Guidance against speculative execution vulnerabilities

Page 31 of 75 FirstFirst ... 21293031323341 ... LastLast

  1. Posts : 26,343
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #300

    Here is Shawn's tutorial on verifying TPM, you could also click some of the links in the tutorial to learn more: Verify Trusted Platform Module (TPM) Chip on Windows PC Hardware Drivers Tutorials
      My Computers


  2. Posts : 2,557
    Windows 10 pro x64-bit
       #301

    Fabler2 said:
    IronZorg89, just had confirmation that HP is working on the update and requests to wait until further notice.
    Thanks for the info. At least it's good to know they are working on it.
      My Computers


  3. Posts : 24,563
    10 Home x64 (21H2) (10 Pro on 2nd pc)
       #302

    Neil Macready said:
    Thanks very much Bree. For some strange reason though, it says my 6 digit Product Part Number is 'Invalid' ?
    Odd - must be a regional thing. It works for my UK model (but says there won't be an update )

    However, mine doesn't appear on this list, but yours does - with a 'target available date' of '2018/1E'
    https://support.toshiba.com/support/...tentId=4015952

    From some other dates listed (like 2018/2~4) looks like the '1' is the month (E for 'estimate' perhaps, or 'end'?)
      My Computers


  4. Posts : 1,020
    Windows 10 Pro 20H2 19042.572
       #303

    Now here is some strange software ROT ! On Tues last week I applied a new BIOS that was supplied by my mother boards manufacture (Gigabyte). I ran all of the scripts to verify and in Post # 235 in this thread, I posted the results. It showed everything was fixed. So on last Friday, I was building USB stick with the scripts for these tests so that I could take it with me to help out a friend that had a BIOS update performed on his Dell machine. Decided to run the scripts and they all came back stating the there is no OS fixes for Spectre and or Meltdown. I took another screen print and overlay-ed them onto the Screen print from last Tuesday. The frames with Red Zeros are the new results.

    Is there any chance after the BIOS update changed some address or something that negates the Windows Updates from earlier this month ???
    Attached Thumbnails Attached Thumbnails Windows Client Guidance against speculative execution vulnerabilities-desktop_not_fixed.jpg  
      My Computers


  5. Posts : 25
    Windows 10 Pro
       #304

    Is your motherboard the Gigabyte Dual BIOS type...see here for what I mean?

    --GIGABYTE--DUAL BIOS WEB
      My Computer


  6. Posts : 1,020
    Windows 10 Pro 20H2 19042.572
       #305

    DawsonvilleBill said:
    Is your motherboard the Gigabyte Dual BIOS type...see here for what I mean?

    --GIGABYTE--DUAL BIOS WEB
    Yes it is.
      My Computers


  7. Posts : 2,663
    Windows 11 21H2 (22000.593)
       #306

    BTW, Steve Gibson, of GRC.com, who loves making nifty little apps in Assembly, has released a really easy to use Spectre and Meltdown detection utility for Windows.

    GRC

    Q: On some of the computers, one or the other or both of the Enable/Disable Protection buttons are grayed out and disabled so that they cannot be used. What's going on?

    A: Either of the Protection Enable/Disable buttons will be disabled when the button's respective vulnerability cannot be enabled or disabled by its user. For example, Since AMD processors have never been subject to the Meltdown vulnerability, the Meltdown button will be disabled because there's no way for its protection to be disabled. This would also be true (in the other direction) when a system has an Intel processor and any version of Windows that has not been updated for the Meltdown vulnerability. In that case the system is vulnerable and there's no way for the button to make it invulnerable.

    Similarly, any computer whose firmware has not been updated will be vulnerable to Spectre attacks and, again, the button cannot make it invulnerable.

    So, InSpectre will enable those buttons when the system's conditions allow the operating system to protect against the respective vulnerability, but the user may wish to disable that protection, where possible.
      My Computers


  8. Posts : 2,663
    Windows 11 21H2 (22000.593)
       #307

    Here are my results from FCU (no patches installed yet):

    Windows Client Guidance against speculative execution vulnerabilities-inspectre-16299-fcu.png

    Spectre & Meltdown Vulnerability
    and Performance Status

    Vulnerable to Meltdown: YES!
    Vulnerable to Spectre: YES!
    Performance: GOOD
    (full details below)

    In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

    Protection from these two significant vulnerabilities requires updates to every system's hardware-its BIOS which reloads updated processor firmware-and its operating system-to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

    This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

    This system's present situation:

    This 64-bit version of Windows is not aware of either the Spectre or Meltdown problems. Since Intel processors are vulnerable to both of these attacks, this system will be vulnerable to these attacks until its operating system has been updated to handle and prevent these attacks.

    This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

    This system's Intel processor does not provide high-performance protection from the Meltdown vulnerability. The use of Meltdown protection on this system will incur some corresponding performance penalty.

    This system is not currently providing any protection against the Meltdown vulnerability. Either the operating system is unaware of this problem (which can be resolved by any operating system) or the operating system's protection has been deliberately disabled.

    Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

    The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

    Guidance & Observations

    Since this version of Windows is not fully aware of both of these security threats, if possible you should consider updating to a newer version which is fully aware. There are versions of Windows 7, 8.1 and 10 which are fully aware... even at a possible cost in system performance.

    When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.

    When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.

    For more information see GRC's InSpectre web page

    Copyright © 2018 by Gibson Research Corporation
    Windows Client Guidance against speculative execution vulnerabilities-inspectre-16299-fcu-2.png

    This 64-bit OS on Intel Processor:

    OS is Meltdown aware: No
    OS is Spectre aware: No
    OS Meltdown data: n/a
    OS Spectre data: n/a
    PCID/INVPCID instructions: No / No
    CPU microcode updated: No
    CPU is meltdown vulnerable: Yes

    This system's processor identification:
    Intel Core i7 CPU / 965 @ 3.20GHz

    Documentation of Meltdown (KVA) and Spectre (branch control speculation) bit flags returned by the NtQuerySystemInformation call which, when supported by updated versions of Windows as shown above, provides detailed information about Windows' management of these vulnerabilities:

    KVA (Meltdown Vulnerability) flags:
    ==================================
    0x01 KVA_SHADOW_ENABLED
    0x02 KVA_SHADOW_USER_GLOBAL
    0x04 KVA_SHADOW_PCID
    0x08 KVA_SHADOW_INVPCID

    Branch Prediction Speculation (Spectre) flags:
    ==================================
    0x01 BPB_ENABLED
    0x02 BPB_DISABLED_SYSTEM_POLICY
    0x04 BPB_DISABLED_NO_HW_SUPPORT
    0x08 SPEC_CTRL_ENUMERATED
    0x10 PRED_CMD_ENUMERATED
    0x20 IBRS_PRESENT
    0x40 STIBP_PRESENT
    0x80 SMEP_PRESENT

    The presence of both the relatively recent PCID and INVPCID instructions allows Windows (when it chooses to take advantage of these instructions) to protect against the Meltdown vulnerability without significant system performance impact.

    AMD processors do not require and do not offer and do not need the PCID and INVPCID instructions since they are inherently not vulnerable to Meltdown attack.

    "CPU microcode updated" indicates that this system is using recently updated Intel or AMD microcode which provides the control over branch prediction speculation required to allow an aware operating system to protect the system from the Spectre vulnerabilities.

    This application will run under WINE and can therefore be used on non-Windows systems. Although its operating system data may not be meaningful under WINE, its display of the underlying processor capabilities will be accurate.

    For more information see GRC's InSpectre web page

    Copyright © 2018 by Gibson Research Corporation
      My Computers


  9. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266
       #308

    HP and Dell now recommending users uninstall the new bios and replace it with older bios until new update available due to serious reboot/stability issues.

    HP Reissuing BIOS Updates After Intel Meltdown and Spectre Updates
      My Computers


  10. Posts : 2,663
    Windows 11 21H2 (22000.593)
       #309

    Lol!

    Nice.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:18.
Find Us




Windows 10 Forums