Windows Client Guidance against speculative execution vulnerabilities

[QUOTE=Polo6RGTI;1377200]I'm running a Beta BIOS from MSI

A month has gone by since last releases and INTEL are cooking away no doubt.

Steve C said:

Hope we have a fix soon. I wonder how long the intelligence agencies have been exploiting this vulnerability?

Mitigation against Spectre Variant 1 is supposed to protect against that particular exploit.

I would love to ask an engineer who worked on the Itanium processor if they knew about some of these vulnerabilities almost 20 years ago.

In what seems like a drastic move, OpenBSD will be disabling hyper-threading on Intel machines. Apparently, hyper-threading makes it easier to exploit speculative executive side-channel vulnerabilities.

https://www.theregister.co.uk/2018/0...yperthreading/

Yes - Its been pretty quiet. The one I'm Interested in is for ASUS. I talked to their tech support just after Intel released the last batch of code and when it would be available for my ASUS system. They stated some time in June. I checked on Monday, but nothing on the support site for my system. Maybe their (ASUS) June will be like the April Release of Win 10 ????

Probably August ??

You don't need manufacturer bios to mitigate, only OS microcode update and the internal OS support for mitigation, look at the Microsoft KB article for the patch for your system version and the mitigation will be enabled on next reboot, check with inspectre.
What I am interested in is the not yet released microcodes for latest side channel vulnerability that lately has been patched but not activated automatically.

er557 said:

You don't need manufacturer bios to mitigate, only OS microcode update and the internal OS support for mitigation, look at the Microsoft KB article for the patch for your system version and the mitigation will be enabled on next reboot, check with inspectre.
What I am interested in is the not yet released microcodes for latest side channel vulnerability that lately has been patched but not activated automatically.

Given that Variant 3a and Variant 4 are not considered to be critical vulnerabilities, Microsoft might not provide the microcode updates from Intel. But it's likely that there are additional yet-to-be-disclosed speculative execution side-channel vulnerabilities that are more severe. And since CPU microcode updates are cumulative, when Microsoft provides the microcode updates that mitigate those more severe vulnerabilities, the microcode updates should also provide protection against Variant 3a and Variant 4.

Intel processors (and probably AMD processors) have a new side-channel vulnerability called TLBleed. This is the vulnerability that apparently prompted OpenBSD to disable hyper-threading on all Intel processors. But contrary to what I stated about a week ago, the vulnerability (which can be used to leak encryption keys) does not appear to have anything to do with speculative execution.


https://www.zdnet.com/article/tlblee...t-to-be-fixed/

Polo6RGTI said:

Intel's Dirty Dozen:
Security Center

With earlier vulnerabilities they provided a ME / AMT tool you could run to check for defective firmware.

There doesn't appear to be anything you can use to check for any of these vulnerabilities and verify you have updated the images correctly.

Manually reading the security notes and deciding which are applicable and tracking them to resolution is not appealing. Relying on manufacturers for support is largely spotty.

Don't want to sound overly tin-hat but firmware vulnerabilities can't be corrected by securing the software.

There are two more speculative execution side-channel vulnerabilities: Variant 1.1 and Variant 1.2.

It's unclear if current protection against Variant 1 provides sufficient protection against these two new variants.


https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/