Windows Client Guidance against speculative execution vulnerabilities

Page 74 of 75 FirstFirst ... 246472737475 LastLast

  1. Posts : 384
    Windows 10 Home x64
       #730

    Caledon Ken said:
    To cover CVE-2018-3659 is it necessary to install latest UEFI or is there a Windows update that covers. I fail in the Speculative Store Bypass tests.

    Attachment 196637

    Thanks
    I can confirm the July MCU is required and the MS MCU patch does not hold anything newer than April MCUs
      My Computers


  2. Posts : 27,455
    Windows 10 Pro x64 Version 21H1
       #731

    I'm at 17134.165 and was before the check. I assume this means UEFI required.
      My Computer


  3. Posts : 384
    Windows 10 Home x64
       #732

    Caledon Ken said:
    I'm at 17134.165 and was before the check. I assume this means UEFI required.
    Yes. All Spectre variant 3a and 4 mitigation requires the July MCU. The July MCUs are not in any of the Cumulatives, nor are they in the standalone for supported versions of W10.

    The current standalone Microsoft MCU are sufficient for Spectre variant 2 mitigation. They do not cover ALL the vulnerable hardware that has a MCU available from Intel. Seek support from your OEM.
      My Computers


  4. Posts : 27,455
    Windows 10 Pro x64 Version 21H1
       #733

    There are new BIOS available for my board. Basically they have been issuing one a month for last four months. Always makes me leery when I see this type of activity. Asus BIOS's have CPU Microcode updates in March and June.

    Thanks
      My Computer


  5. Posts : 7,086
    Windows 10 Pro 64 bit
       #734

    winactive said:
    Yes. All Spectre variant 3a and 4 mitigation requires the July MCU. The July MCUs are not in any of the Cumulatives, nor are they in the standalone for supported versions of W10.

    The current standalone Microsoft MCU are sufficient for Spectre variant 2 mitigation. They do not cover ALL the vulnerable hardware that has a MCU available from Intel. Seek support from your OEM.
    What is the July MCU and where do I find it?
      My Computers


  6. Posts : 384
    Windows 10 Home x64
       #735

    Steve C said:
    What is the July MCU and where do I find it?
    It is the July MicroCode Update, if you have to ask what it is, you do not need to find it!

    Basically, it contains the raw code updates per CPU to your system BIOS/UEFI best integrated by your OEM, although it is possible in some circumstances using command line tools to edit some images and flash them yourself.
      My Computers


  7. Posts : 384
    Windows 10 Home x64
       #736

    Can anyone confirm that if they did not have KB4100347 before today's update that it has been installed alongside today's cumulative build 17134.191?

    KB4100347 Intel microcode updates for Windows 10 v1803 - July 24 - Windows 10 Forums
      My Computers


  8. Posts : 345
    Windows 10
       #737

    There is a new speculative execution side-channel vulnerability that comes in 3 varieties. Fortunately, a new CPU microcode update is not needed. But for people using virtual machines in a could environment, additional steps might need to be taken.

    On August 14, 2018, Intel and industry partners shared more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF).

    L1TF is a speculative execution side channel cache timing vulnerability. In this regard, it is similar to previously reported variants. There are three varieties of L1TF that have been identified. Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.

    The microcode updates released earlier this year when coupled with operating system and hypervisor software available from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need. Intel recommends people keep their systems up to date to protect against the evolving threat landscape.

    Intel Side Channel Vulnerability L1TF

    Q3 2018 Intel Speculative Execution Side Channel Update
      My Computer


  9. Posts : 24,565
    10 Home x64 (21H2) (10 Pro on 2nd pc)
       #738

    Ground Sloth said:
    Fortunately, a new CPU microcode update is not needed...
    ...but an OS patch is, and has already been included in the latest cumulative update.

    Key changes include:


    • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
    Cumulative Update KB4343909 Windows 10 v1803 Build 17134.228 - Aug. 14
      My Computers


  10. Posts : 384
    Windows 10 Home x64
       #739

    The rather worrying gap that is developing is the ability to check that these patches are applied.

    InSpectre was a ready reckoner but hasn't been updated to check for variant 3a & 4 plus the NG threats (of which I believe we've seen 5 of 8 initially hinted at but not disclosed)

    Lazy FP, BCBS and these three variants of L1TF (ForeShadow)

    Also, RSB and NetSpectre have been disclosed in addition to the NG threats.

    I'm afraid I'm not as up to date with the AMD situation but I don't have AMD CPUs.

    The Powershell script has been updated to 1.0.9, advice on install is here but it's not for the novice and certainly not one-click

    https://support.microsoft.com/en-us/...erabilities-in
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:43.
Find Us




Windows 10 Forums