Windows Client Guidance against speculative execution vulnerabilities

Page 67 of 75 FirstFirst ... 17576566676869 ... LastLast

  1. Posts : 2,557
    Windows 10 pro x64-bit
       #660

    fdegrove said:
    Hi,



    You're most welcome.
    Well, what they're saying is that those systems were meant to be stand alones. Sure enough, when you're not connected to a network you're not going to be vulnerable to these kinds of attacks....
    Guess they have to draw the line somewhere.


    Cheers,
    Well, I don't think those "closed systems" are not connected to a network, the reasons evoked have to do more with the micro-architectural characteristics of those old machines precluding the implementation of features capable of mitigating the variant 2 of Spectre (CVE-2017-5715). For reference, you can check the article:
    https://www.helpnetsecurity.com/2018...ocode-updates/
      My Computers


  2. Posts : 336
    Win 10 Pro x64 21H1 19043.964
       #661

    microcode upgrade


    Question, where do you download the MC updates from? Windows Client Guidance against speculative execution vulnerabilities-capture.png shows that the update is available for the Sandy Bridge and Ivy Bridge but now links as to find them. I'm going to assume it's what is in 1803 but according to Steve's InSpectre utility it sounds like an update is out there. Can someone point me in the right direction where you can download these fixes if there is such a place other than upgrade the OS? Thank you.
      My Computers


  3. Posts : 2,557
    Windows 10 pro x64-bit
       #662

    sneekez said:
    Question, where do you download the MC updates from? Windows Client Guidance against speculative execution vulnerabilities-capture.png shows that the update is available for the Sandy Bridge and Ivy Bridge but now links as to find them. I'm going to assume it's what is in 1803 but according to Steve's InSpectre utility it sounds like an update is out there. Can someone point me in the right direction where you can download these fixes if there is such a place other than upgrade the OS? Thank you.
    There was a Microsoft's microcode update patch for Fall Creators's version or build that one could get from the Microsoft Update catalog. It doesn't work for April 2018 Feature version. Maybe they will issue a new one with the next patch Tuesday cumulative update. The only other way to get it is to check your manufacturer's support page in order to have a BIOS/UEFI firmware update.
      My Computers


  4. Posts : 2,826
    Windows 10 Pro X64
       #663

    Hi,

    IronZorg89 said:
    Well, I don't think those "closed systems" are not connected to a network, the reasons evoked have to do more with the micro-architectural characteristics of those old machines precluding the implementation of features capable of mitigating the variant 2 of Spectre (CVE-2017-5715). For reference, you can check the article:
    https://www.helpnetsecurity.com/2018...ocode-updates/
    I did not word that well, my bad. By "Closed System" they mean what exactly ?
    The article isn't really clear about that. The way I read it is that most of those machines are either stand alones or on an intranet ??
    Or is the CPU's architecture just not capable of speculative code execution ?

    Cheers,
      My Computers


  5. Posts : 2,557
    Windows 10 pro x64-bit
       #664

    fdegrove said:
    Or is the CPU's architecture just not capable of speculative code execution ?

    Cheers,
    That last question of yours is probably what they meant. That's my understanding.
      My Computers


  6. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266
       #665

    fdegrove said:
    Hi,



    I doubt any OEM will go back as far as Haswell CPUs but soon enough MS will issue a KB for the April version of W10.
    Should you stick to 1709 then you should be fine if you installed KB4090007.

    Cheers,

    An older laptop I had from 2014 with 4th generation i3 processor which is apparently based on haswell received the "spectre" bios update from HP pretty quickly.
    Last edited by tomseys; 03 May 2018 at 01:39.
      My Computers


  7. Posts : 170
    Win 10 Pro 2004
       #666

    I contacted Gigabyte regarding a MB for a system that showed no update available nor anything in the pipe. They privately linked me to the BIOS/UEFI update. Win 7 system and it is not slow...yet.

    Windows Client Guidance against speculative execution vulnerabilities-2018-05-02_192407.jpg

    Lenovo made updates available for Sandy Bridge laptops ready a couple of months ago. Haven't patched them yet.
      My Computers


  8. Posts : 305
    Windows 10 Pro for Workstations
       #667

    Which utility do you guys recommend to verify a system is patched? I'm always skeptical of freeware.
      My Computer


  9. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266
       #668

    ericnixmd said:
    Which utility do you guys recommend to verify a system is patched? I'm always skeptical of freeware.

    I think most people use this: GRC


    And you can double/manually check via:

    1) Open elevated PowerShell.

    2) Temporarily set PowerShell script execution policy

    PS> Set-ExecutionPolicy Unrestricted -Scope Process -Force

    3) Install the PowerShell module
    PS > Install-Module SpeculationControl -Force

    Type Y and press Enter if prompted to install and import NuGet.

    4) Run the PowerShell module to validate protections are enabled
    PS > Get-SpeculationControlSettings
      My Computers


  10. Posts : 305
    Windows 10 Pro for Workstations
       #669

    Thanks @tomseys.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:47.
Find Us




Windows 10 Forums