Windows Client Guidance against speculative execution vulnerabilities

Page 44 of 75 FirstFirst ... 34424344454654 ... LastLast
  1.    30 Jan 2018 #430

    khanmein said: View Post
    @CountMike Why your "Disable Meltdown Protection" is grayed out?
    It's AMD system, no meltdown for them.
      My ComputersSystem Spec

  2.    02 Feb 2018 #431

    Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild

    by Lucian Armasu February 1, 2018 at 8:30 AM - Source: Fortinet Blo

    Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild
      My ComputersSystem Spec

  3. AndreTen's Avatar
    Posts : 15,191
    Windows 10 (Pro and Insider Pro)
       02 Feb 2018 #432

    CountMike said: View Post
    Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild

    by Lucian Armasu February 1, 2018 at 8:30 AM - Source: Fortinet Blo

    Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild
    Thanks for the heads up @CountMike. This is not looking good
    Can someone with more insight comment on this, regarding the systems that will never get new microcode for BIOS/EFI.
    Few simple questions:
    - malware still have to be executed, either as file or memory process, or are we at risk simply by watching video (i.e.)?
    - can systems be protected with system level fixes (Windows, linux,...), if hardware is kept safe (no physical contact possible)?
      My ComputersSystem Spec

  4.    02 Feb 2018 #433

    Pretty sure that any software fix can probably be unfixed. Probably looking at a long time for any microcode fix for older processors if ever, if they can even get one that works properly.
    All we can do is be more careful than usual what and where we are browsing and downloading from. The ones at risk are the ones who believe that just because they have whatever AV and anti malware, they are safe.
      My ComputersSystem Spec

  5. Cliff S's Avatar
    Posts : 21,961
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       02 Feb 2018 #434

    By the way, if anyone is curious and want to know their microcode revision, just run the validation in CPU-Z and it will show it here, when the validation is finished and your default browser opens:
    Click image for larger version. 

Name:	Image 001.png 
Views:	2 
Size:	125.9 KB 
ID:	175230

    Or Aida64
    Click image for larger version. 

Name:	Image 002.png 
Views:	3 
Size:	77.3 KB 
ID:	175233

    And lastly, without third party software:
    Open Regedit, and go to:
    (Left click three times fast to select all, then copy, and paste it in Regedit's address bar)
    Code:
    Computer\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
    Click image for larger version. 

Name:	Image 003.png 
Views:	4 
Size:	104.4 KB 
ID:	175236
      My ComputersSystem Spec

  6.    02 Feb 2018 #435

    Aida64 is trial software.. easier to just use the best system info/monitor software out there that is also freeware HWiNFO - Download

    http://www.overclock.net/photopost/d...dmicrocode.png
      My ComputerSystem Spec

  7. Cliff S's Avatar
    Posts : 21,961
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       02 Feb 2018 #436

    qao said: View Post
    Aida64 is trial software.. easier to just use the best system info/monitor software out there that is also freeware HWiNFO - Download

    http://www.overclock.net/photopost/d...dmicrocode.png
    I have a licence

    But as I showed, Regedit does the job well enough, the other two(Aida64 and CPU-Z were just to prove the point that you don't need extra software to do it with).
      My ComputersSystem Spec

  8. johngalt's Avatar
    Posts : 1,534
    WinX Pro x64 IP current
       02 Feb 2018 #437

    AndreTen said: View Post
    Thanks for the heads up @CountMike. This is not looking good
    Can someone with more insight comment on this, regarding the systems that will never get new microcode for BIOS/EFI.
    Few simple questions:
    - malware still have to be executed, either as file or memory process, or are we at risk simply by watching video (i.e.)?
    - can systems be protected with system level fixes (Windows, linux,...), if hardware is kept safe (no physical contact possible)?
    Thus far, it is in an executable format, and thus will need to be run on your system. Also, again, I cannot stress this enough - it is able to access privileged sections of the CPU that normally are not accessible - by dumping area.

    So, it's not just a simple execute and BOOM! all your info is accessed - it has to continuously do so, because you're not always logging in to your financial accounts and such all the time.

    Right now, as far as I know, it is not easily put on a local machine, and you can bet that any anti-malware worth its salt already know of the variants in the wild and are adding definitions to keep them from executing on your machine.

    Finally, we have no easy way to update microcode in Windows - but it is a snap to do so in Linux, as the link I've posted to the updated microcode from Intel (which they have released many times over the years) shows the exact location to insert the code in *nix systems to make use of it.

    SO, if you want to be safer, run *nix with updated microcode.

    If you want to be safest disconnect from the Internet and all local networks and never introduce a new external device to your machine ever again.

    And this is the only true bay to ever be safe with any machine, even those completely patched for both Meltdown and Spectre. Just by going online, even with a fully patched machine, you're taking a chance, because 0-day malware that no one has had time to research, let alone develop a signature for so your anti-malware program can block it. If you connect to a network, or connect a device from the outside that has had any sort of network (even closed ones, technically), you're automatically at risk. Period.

    Cliff S said: View Post
    By the way, if anyone is curious and want to know their microcode revision, just run the validation in CPU-Z and it will show it here, when the validation is finished and your default browser opens:
    Click image for larger version. 

Name:	Image 001.png 
Views:	2 
Size:	125.9 KB 
ID:	175230

    Or Aida64
    Click image for larger version. 

Name:	Image 002.png 
Views:	3 
Size:	77.3 KB 
ID:	175233

    And lastly, without third party software:
    Open Regedit, and go to:
    (Left click three times fast to select all, then copy, and paste it in Regedit's address bar)
    Code:
    Computer\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
    Click image for larger version. 

Name:	Image 003.png 
Views:	4 
Size:	104.4 KB 
ID:	175236
    Powershell command to see the same:
    Code:
    reg query HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
    See Supafly's post: Windows Client Guidance against speculative execution vulnerabilities - Page 42 - Windows 10 Forums
      My ComputersSystem Spec

  9. Cliff S's Avatar
    Posts : 21,961
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       02 Feb 2018 #438

    johngalt said: View Post

    Powershell command to see the same:
    Code:
    reg query HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
    See Supafly's post: Windows Client Guidance against speculative execution vulnerabilities - Page 42 - Windows 10 Forums
    Good one John!, Damn these non-rep-able threads
    But know now, a rep for you is in my heart
      My ComputersSystem Spec

  10. AndreTen's Avatar
    Posts : 15,191
    Windows 10 (Pro and Insider Pro)
       02 Feb 2018 #439

    johngalt said: View Post
    Thus far, it is in an executable format, and thus will need to be run on your system. Also, again, I cannot stress this enough - it is able to access privileged sections of the CPU that normally are not accessible - by dumping area.

    So, it's not just a simple execute and BOOM! all your info is accessed - it has to continuously do so, because you're not always logging in to your financial accounts and such all the time.

    Right now, as far as I know, it is not easily put on a local machine, and you can bet that any anti-malware worth its salt already know of the variants in the wild and are adding definitions to keep them from executing on your machine.

    Finally, we have no easy way to update microcode in Windows - but it is a snap to do so in Linux, as the link I've posted to the updated microcode from Intel (which they have released many times over the years) shows the exact location to insert the code in *nix systems to make use of it.

    SO, if you want to be safer, run *nix with updated microcode.

    If you want to be safest disconnect from the Internet and all local networks and never introduce a new external device to your machine ever again.

    And this is the only true bay to ever be safe with any machine, even those completely patched for both Meltdown and Spectre. Just by going online, even with a fully patched machine, you're taking a chance, because 0-day malware that no one has had time to research, let alone develop a signature for so your anti-malware program can block it. If you connect to a network, or connect a device from the outside that has had any sort of network (even closed ones, technically), you're automatically at risk. Period.



    Powershell command to see the same:
    Code:
    reg query HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
    See Supafly's post: Windows Client Guidance against speculative execution vulnerabilities - Page 42 - Windows 10 Forums
    Thanks, this is what I needed. Was thinking of it this way...

    on rep!
      My ComputersSystem Spec


 
Page 44 of 75 FirstFirst ... 34424344454654 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 04:44.
Find Us