Windows Client Guidance against speculative execution vulnerabilities

Superfly said:

Hmmm.. that one does need some updating...seems all it has is the Win update fix.... firmware is non-compliant..

That was on my FCU partition. Below is my IP 17063 partition, which, of course, is the same BIOS, but they say we Insiders are running the latest security fixes? What a crock!

Absolutely nothing on the Asus site about this issue. Not in support or news. Zilch. I have this sinking feeling I won't be able to update this tower, nor my laptop BIOS. Probably at least half of us here will own boat anchors soon unless we get updates. If not, then these bass turd corporations will turn around and sell us more junk. Money sucking educated idiots, every one of them.

Gates had better step in on this issue to do something about it.


Attachment 171104

@Brink, can you please add the PowerShell command to restore things the way they were, before all this?

Is this the appropriate command?

Set-ExecutionPolicy Restricted -Scope Process -Force


Thank you.

Eh... Okay, thank you... but... no time + not quite in the mood right now to try this new thing I meet, first time in my life, so... which command exactly returns the system the way it was before all this? And does the "-Scope Process -Force" part of the initial commands play any role?

Like, IF I will give "Set-ExecutionPolicy RemoteSigned" will it get applied OR will PowerShell complain due to the Scope Process Force?

@Brink, hello, please?

Okay, thank you, now I understand it is temporarily. It is OK now.

My understanding so far in all this is that the Windows Updates are only a tiny part of the puzzle and its solution, and that it will be future firmware updates that complete the fix... and I also assume that is the point we will see any performance impacts.

Is that a correct assumption ?

I looked at Dell and see they now have a dedicated page to this:

Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell US


I also see that as yet my Vostro 3750 doesn't make the list (maybe considered to old at 6 yrs).

Also, if a firmware update is the last piece of the puzzle then is it also correct to say that such an update can only be applied manually via a user searching the details out, or a user running a PC that is linked to and automatically supported by a manufacturer ?

I see that as a major issue where things can and will go wrong for some.

Mooly said:

My understanding so far in all this is that the Windows Updates are only a tiny part of the puzzle and its solution, and that it will be future firmware updates that complete the fix... and I also assume that is the point we will see any performance impacts.

Is that a correct assumption ?

I looked at Dell and see they now have a dedicated page to this:

Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell US


I also see that as yet my Vostro 3750 doesn't make the list (maybe considered to old at 6 yrs).

Also, if a firmware update is the last piece of the puzzle then is it also correct to say that such an update can only be applied manually via a user searching the details out, or a user running a PC that is linked to and automatically supported by a manufacturer ?

I see that as a major issue where things can and will go wrong for some.

Seemingly, there will be lot of system that will not receive BIOS/EUFI updates. Most hardware, including the CPU, have a three years warranty. And of course, it is a limited warranty...

The chances are that hardware, where the warranty period expired, the updates will be scarce. OEMs, manufacturers, etc., would love to see you purchase a new system in this stagnating computer market. Even if purchasing a new system will not result in much of a performance increase over the existing one. Especially, if the new system does not have SSD drive and the old one with Sandy or Ivy Bridge CPU does....



That's on my W10 system that's EOL-ed; yes there is a better acronym for that...

Hi,

Seemingly, there will be lot of system that will not receive BIOS/EUFI updates.

A bios/uefi update won't be fixing this vulnerability anyhow. Intel, Google, MS and so on are working on solutions for it.
There are pretty recent (November 2017) micro code updates available for pretty much any cpu that needs it starting with the now prehistoric Pentiums and upwards.
It does not resolve this vulnerability yet, just saying that there's hope for people with oldish hard ware.


Cheers,