Windows Client Guidance against speculative execution vulnerabilities

Page 55 of 75 FirstFirst ... 545535455565765 ... LastLast
  1.    30 Mar 2018 #540

    Hi,

    Microsoft can only update the microcode.
    Not quite. What it does is make the OS think this is what the MCU actually is. Which in firmware terms it is not.

    IOW, it emulates the correct MC to the OS but as far as the cpu is concerned it's still at the previous version as provided by the OEM bios/efi etc.

    Cheers,
      My ComputersSystem Spec

  2.    30 Mar 2018 #541

    Interesting ... I have a HP Envy 17 m7-k010dc laptop ... different CPU (i7-4710hq) , but same CPUID (306C3) and Inspectre says I'm good. The only patch I applied was the latest cpumcupdate microcode.
    Attachment 182853

    Note: HP told me that my HP Envy 17 m7-k010dc wasn't vulnerable and there would be no BIOS update.

    Update: So just out of curiosity, I just went and checked hp support/drivers for my laptop and it shows a BIOS Update ... F.55 3-9-2018 and I'm currently at F.54 10-23-2017

    Note: My laptop still isn't listed on their Security Bulletin Page.
      My ComputersSystem Spec

  3.    30 Mar 2018 #542

    Hi,

    Note: HP told me that my HP Envy 17 m7-k010dc wasn't vulnerable and there would be no BIOS update
    I believe the latter part, not the former one.

    The only patch I applied was the latest cpumcupdate microcode
    Cpumcupdate works in a similar way to MS, it loads the MCU by way of a driver as the OS gets loaded.

    Cheers,
      My ComputersSystem Spec

  4.    30 Mar 2018 #543

    Hmmmm, I guess HP was mistaken ... LOL
    I applied the BIOS update and after reboot I checked Event Viewer for the cpumcupdate info and it said no cpus needed updating (I may not need the patch) ... InSpectre said I was good, so I uninstalled the cpumcupdate and rebooted. InSpectre says I'm good, but now it actually shows the Disable Spectre Protection, where before it showed Enable Spectre Protection.
    Click image for larger version. 

Name:	laptop-inspectre1.png 
Views:	60 
Size:	18.4 KB 
ID:	182868

    Note: I also ran the Powershell Speculation Control Check and it shows everything in Green (before it didn't)... So now I'm 99% confident that my laptop is not vulnerable, where I wasn't before :)
      My ComputersSystem Spec

  5.    30 Mar 2018 #544

    Eagle51 said: View Post
    InSpectre said I was good, so I uninstalled the cpumcupdate and rebooted. InSpectre says I'm good, but now it actually shows the Disable Spectre Protection, where before it showed Enable Spectre Protection.
    It says "Disable", because it gives you the option to disable it, if you feel that you have a performance issue!
      My ComputerSystem Spec

  6.    30 Mar 2018 #545

    It says "Disable", because it gives you the option to disable it, if you feel that you have a performance issue!
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
      My ComputersSystem Spec

  7.    30 Mar 2018 #546

    Eagle51 said: View Post
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
    "Good" is not PERFECT, it's just good, i.e. acceptable based on some (unknown, to me at least) metrics. If you are not satisfied with acceptable, you can disable it!
      My ComputerSystem Spec

  8. axe0's Avatar
    Posts : 13,780
    Windows 10 Pro
       30 Mar 2018 #547

    fdegrove said: View Post
    Hi,



    Not quite. What it does is make the OS think this is what the MCU actually is. Which in firmware terms it is not.

    IOW, it emulates the correct MC to the OS but as far as the cpu is concerned it's still at the previous version as provided by the OEM bios/efi etc.

    Cheers,
    Do you have a source on this?
      My ComputersSystem Spec


  9. Posts : 606
    Windows 10 Home - Version 1803 - Build 17134.407
       30 Mar 2018 #548

    Eagle51 said: View Post
    Right, but it seemed strange that InSpectre would tell me I'm good, but still show the Enable Spectre Protection.
    The "good" only has to do with the rating of the performance of your machine with the given patches applied - whatever they are. It doesn't mean your machine is good in terms of protection against meltdown and spectre.

    I have an hp stream 11 and I have meltdown and spectre disabled and I get a "good" rating. If I enable meltdown protection, I lose the good and get "slower".
      My ComputerSystem Spec

  10.    30 Mar 2018 #549

    Sorry, when I said InSpectre told I'm good ... I actually meant that it said I was protected and that it showed System is Spectre Protected YES, yet showed the Enable Spectre Protection button, which If I clicked on it never actually did anything and made me question if I was actually protected. After the BIOS update it shows System is Spectre Protected YES and the Disable Spectre Protection Button.

    Before BIOS Update
    Click image for larger version. 

Name:	laptop-inspectre.png 
Views:	67 
Size:	18.4 KB 
ID:	182872
    After BIOS Update
    Click image for larger version. 

Name:	laptop-inspectre1.png 
Views:	67 
Size:	18.4 KB 
ID:	182873
      My ComputersSystem Spec


 
Page 55 of 75 FirstFirst ... 545535455565765 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:23.
Find Us