Windows Client Guidance against speculative execution vulnerabilities

Page 55 of 75 FirstFirst ... 545535455565765 ... LastLast

  1. Posts : 2,826
    Windows 10 Pro X64
       #540

    Hi,

    Microsoft can only update the microcode.
    Not quite. What it does is make the OS think this is what the MCU actually is. Which in firmware terms it is not.

    IOW, it emulates the correct MC to the OS but as far as the cpu is concerned it's still at the previous version as provided by the OEM bios/efi etc.

    Cheers,
      My Computers


  2. Posts : 1,471
    Win10 Home x64 - 1809
       #541

    Interesting ... I have a HP Envy 17 m7-k010dc laptop ... different CPU (i7-4710hq) , but same CPUID (306C3) and Inspectre says I'm good. The only patch I applied was the latest cpumcupdate microcode.
    Attachment 182853

    Note: HP told me that my HP Envy 17 m7-k010dc wasn't vulnerable and there would be no BIOS update.

    Update: So just out of curiosity, I just went and checked hp support/drivers for my laptop and it shows a BIOS Update ... F.55 3-9-2018 and I'm currently at F.54 10-23-2017

    Note: My laptop still isn't listed on their Security Bulletin Page.
      My Computers


  3. Posts : 2,826
    Windows 10 Pro X64
       #542

    Hi,

    Note: HP told me that my HP Envy 17 m7-k010dc wasn't vulnerable and there would be no BIOS update
    I believe the latter part, not the former one.

    The only patch I applied was the latest cpumcupdate microcode
    Cpumcupdate works in a similar way to MS, it loads the MCU by way of a driver as the OS gets loaded.

    Cheers,
      My Computers


  4. Posts : 1,471
    Win10 Home x64 - 1809
       #543

    Hmmmm, I guess HP was mistaken ... LOL
    I applied the BIOS update and after reboot I checked Event Viewer for the cpumcupdate info and it said no cpus needed updating (I may not need the patch) ... InSpectre said I was good, so I uninstalled the cpumcupdate and rebooted. InSpectre says I'm good, but now it actually shows the Disable Spectre Protection, where before it showed Enable Spectre Protection.
    Windows Client Guidance against speculative execution vulnerabilities-laptop-inspectre1.png

    Note: I also ran the Powershell Speculation Control Check and it shows everything in Green (before it didn't)... So now I'm 99% confident that my laptop is not vulnerable, where I wasn't before :)
      My Computers


  5. Posts : 2,422
    Windows 10 Pro x64
       #544

    Eagle51 said:
    InSpectre said I was good, so I uninstalled the cpumcupdate and rebooted. InSpectre says I'm good, but now it actually shows the Disable Spectre Protection, where before it showed Enable Spectre Protection.
    It says "Disable", because it gives you the option to disable it, if you feel that you have a performance issue!
      My Computer


  6. Posts : 1,471
    Win10 Home x64 - 1809
       #545

    It says "Disable", because it gives you the option to disable it, if you feel that you have a performance issue!
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
      My Computers


  7. Posts : 2,422
    Windows 10 Pro x64
       #546

    Eagle51 said:
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
    "Good" is not PERFECT, it's just good, i.e. acceptable based on some (unknown, to me at least) metrics. If you are not satisfied with acceptable, you can disable it!
      My Computer


  8. Posts : 14,893
    Windows 10 Pro
       #547

    fdegrove said:
    Hi,



    Not quite. What it does is make the OS think this is what the MCU actually is. Which in firmware terms it is not.

    IOW, it emulates the correct MC to the OS but as far as the cpu is concerned it's still at the previous version as provided by the OEM bios/efi etc.

    Cheers,
    Do you have a source on this?
      My Computers


  9. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266
       #548

    Eagle51 said:
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
    The "good" only has to do with the rating of the performance of your machine with the given patches applied - whatever they are. It doesn't mean your machine is good in terms of protection against meltdown and spectre.

    I have an hp stream 11 and I have meltdown and spectre disabled and I get a "good" rating. If I enable meltdown protection, I lose the good and get "slower".
      My Computers


  10. Posts : 1,471
    Win10 Home x64 - 1809
       #549

    Sorry, when I said InSpectre told I'm good ... I actually meant that it said I was protected and that it showed System is Spectre Protected YES, yet showed the Enable Spectre Protection button, which If I clicked on it never actually did anything and made me question if I was actually protected. After the BIOS update it shows System is Spectre Protected YES and the Disable Spectre Protection Button.

    Before BIOS Update
    Windows Client Guidance against speculative execution vulnerabilities-laptop-inspectre.png
    After BIOS Update
    Windows Client Guidance against speculative execution vulnerabilities-laptop-inspectre1.png
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:12.
Find Us




Windows 10 Forums