Windows Client Guidance against speculative execution vulnerabilities

Page 35 of 75 FirstFirst ... 25333435363745 ... LastLast

  1. Posts : 26,416
    Windows 11 Pro 22631.3374
       #340

    f14tomcat said:
    On my Surface Pro 3 (MS lappy), it always has come thru WU.
    I will wait for it to come on WU..
      My Computer


  2. VBF
    Posts : 602
    Win 10 Pro
       #341

    Ground Sloth said:
    Microsoft might eventually offer the CPU microcode update through Windows Update. They've used Windows Update in the past to push out microcode updates for Intel processors.

    https://support.microsoft.com/en-us/...te-for-windows
    That would be useful, BUT I for one wouldn't care to be an early adopter!

    If one considers the sheer number of Windows updates that have caused problems over the years, especially since Windows 10, the potential for "bricking" a PC when over-writing the microcode is enormous.

    Let's be honest, if you get a dodgy update, you can usually either uninstall it, revert the machine to its previous state, re-image the PC (if you have imaged it in the first place of course) or if all else fails, rebuild Windows on to it.

    As an example, the recent CU that caused AMD machines to hang when booting: I have one AMD PC so when i got the issue, I used my Macrium image to revert to a previous Winver - then downloaded the updated CU and installed it manually.

    If the BIOS had been corrupted, I might have been able to fix it by downloading a fix using another PC - i have several but most regular users don't.

    I realise i'm being negative here but the history of MS updates has brought out the cynic in me - again!
      My Computers


  3. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro
       #342

    VBF said:
    That would be useful, BUTI realise i'm being negative here but the history of MS updates has brought out the cynic in me - again!
    Well, you certainly bring up a very valid point nonetheless. Thanks for that. We need both positive and negative viewpoints so that we all can make our decision.
      My Computers


  4. Posts : 19,516
    W11+W11 Developer Insider + Linux
       #343

    johngalt said:
    Completely inaccurate analogy. If you read through the thread, and particularly my posts early on, you'll see the timeline for how the vulnerability was discovered - from speculation to research to the reveal to Intel to the public reveal.

    Most vulnerabilities have a 90 day time period in which the researchers are asked (and usually comply with) to give the OEM software developers and / or hardware developers time to issue a fix. In this case, I don't actually know if more time was requested, but the reveal came 6 months after initial disclosure to Intel.

    And the Linux kernel had to be patched - this is not just a Windows and Intel issue. Similarly, Apple had to patch MacOS (or whatever it is called now) for Intel machines as well.

    I urge you to read this thread in its entirety again - a lot of your recent comments are either incorrect speculation or pure outright FUD, and if you ignore the media hype and focus on the pure information in this thread (and the non-media links that I and others have provided) you'll get a much better understanding of what the vulnerability is, how it was discovered, and the complete timeline from beginning to disclosure last month.

    In addition, fdegrove's comment below are spot on.



    Exactly. In my case, my eVGA motherboard is waiting on a BIOS that may never make it out - because, although Intel has given a timeline (and already, I believe) provided updated microcode for those CPUs, they haven't done [B]squat/B] to provide OEM board manufacturers with BIOS source code for legacy board - my board, for example, is based upon the combination of the 58 chipset and the ICH10R chipset - both Intel chipsets. But eVGA has stated very clearly that unless they can get the source code for this (and other 'legacy') series of boards, they cannot issue a new BIOS for these boards.

    So, the ball is still in Intel's court on these legacy machines.



    LMFAO. My mom called me up a few days ago to inform me that she saw a video where a car pulled into a neighborhood and then put up some device and it was able to download all the information from that household - in a matter of (seconds / minutes). I had to explain to her very patiently that that is why I maintain her network - because nothing is left as default. I use my own IP schema, my own LAN IPs and set up MAC address enforced static IPs, both wired and wireless. In addition, I MAC address force remote access, and have a whole slew of other things that I do to monitor her network.

    And don't get me started on my own network!

    But a bigger part of the problem here is that a lot of people purchase / lease equipment directly from their provider - which, at least in the past that I have seen, was the router password was the owner's phone number, particularly on DSL lines....that just ... confounded me. But even worse are the ones that allow 0 user intervention, completely controlling everything from their end....



    You're right on track.

    There was a user who somehow managed to hack the BIOS for my motherboard series (from eVGA, specifically, but I believe he also did other manufacturers) in order to replace the Intel RAID ROM that was a part of the BIOS because the last release BIOS was so old that the RAID ROM was woefully inadequate for use on modern setups, particularly with SSDs, IIRC. I thought that, based upon that, it should be a relatively easy fix to simply replace the microcode in the BIOS and push it out - but according to an eVGA engineer, no, they need the full source code to be able to push out new BIOSs. And I have my suspicions as to why that actually is....
    BIOS-es, specially UEFI are readily modified, I already have half a dozen of modified ones for my Ryzen system, enabling or disabling some features.
      My Computers


  5. Posts : 3,453
       #344

    The problem with MS releasing Intel microcode is that Intel have put together a slap-dash patch thus far... Linus Torvalds voiced his concern about this as well (i.r.o. patching Linux kernel)... until Intel get their act together, I doubt MS will release a microcode patch.
      My Computer


  6. Posts : 182
    Win 10 rs1 - build 14393.1944
       #345

    New update: KB4078130 (Important)

    Update to Disable Mitigation against Spectre, Variant 2

    Applies to: Windows 7 Service Pack 1Windows 8.1Windows 10 More

    Summary



    Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22nd Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.
    While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”
    We are also offering a new option – available for advanced users on impacted devices – to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes. The instructions for the registry key settings can be found in the following two Knowledge Base articles:


    As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.






    How to get this update



    Microsoft Update Catalog

    Title Products Classification Last Updated Version Size
    Update for Windows (KB4078130) Windows 10,Windows 10 LTSB,Windows 7,Windows 8.1,Windows Embedded Standard 7,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012 R2,Windows Server 2016 Critical Updates 1/27/2018 n/a 24 KB


    http://www.catalog.update.microsoft....q=%20KB4078130






    More Information







    Known issues in this update



    Microsoft is not aware of any issues that affect this update currently.






    Prerequisites



    There are no prerequisites to apply this update.





    Registry information



    To apply this update, you don't have to make any changes to the registry.






    Restart requirement



    You will have to restart the computer after you apply this update.





    Update replacement information



    This update does not replace a previously released update.








    Last Updated: Jan 27, 2018
      My Computer


  7. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #346

    VBF said:
    That would be useful, BUT I for one wouldn't care to be an early adopter!

    If one considers the sheer number of Windows updates that have caused problems over the years, especially since Windows 10, the potential for "bricking" a PC when over-writing the microcode is enormous.

    Let's be honest, if you get a dodgy update, you can usually either uninstall it, revert the machine to its previous state, re-image the PC (if you have imaged it in the first place of course) or if all else fails, rebuild Windows on to it.

    As an example, the recent CU that caused AMD machines to hang when booting: I have one AMD PC so when i got the issue, I used my Macrium image to revert to a previous Winver - then downloaded the updated CU and installed it manually.

    If the BIOS had been corrupted, I might have been able to fix it by downloading a fix using another PC - i have several but most regular users don't.

    I realise i'm being negative here but the history of MS updates has brought out the cynic in me - again!
    Let's also be brutally honest - the number of updates supplied to WU that actually caused problems is a lot lower than one would think - compared to the ones that installed and you never noticed. Yes, it happens - as with any software - no software that I can remember off the top of my head has had a 0 fault track record - ever.

    The fault lies with Microsoft (and other software developers, but more on that later), not because of bad (or potentially bad) updates - but with not providing the necessary education to Windows end users on how to make backups of their system and to ensure the backups are usable before attempting any updates on their systems.

    The same can be said for a multitude of AV vendors, even the one I repeatedly stand behind, Malwarebytes. Too many companies are offering software on the basis of making things easier for the end user, without the relevant education of what the user needs to proactively do in order to maintain the health of their system(s). The attitude of the developer seems to be more "Oh, don't you worry about a thing! We'll handle it all for you!" - and this is especially poignant when you cleanly install FCU on a machine - just listen carefully to what Cortana tells you during the install (or, alternately, read what is thrown up on the screen as you navigate your way through the oobe for the first time....).

    As an example: one of the features of web browsers that I refused to use for years has been exploited time and time again in recent years - the ability to store passwords. Yeah, it's unbelievable convenient - I don't have to spend time typing in my username and password every time I want to visit site XYZ. Which is great and all, until your machine gets infected by something that, along with a billion other things, also dumps your saved logins and PWs. Oops!

    But instead of ever warning the user that allowing this feature to remain enabled is a potential risk, every single browser developer has not only continued to include it as a feature of the browser, but actively leave it enabled on default installations. Why? because it's a feature. One that was designed to make your (and every other user's) life easier. But, one that, invariably, will experience problems at some point in time.

    And windows 10 is much the same.

    CountMike said:
    BIOS-es, specially UEFI are readily modified, I already have half a dozen of modified ones for my Ryzen system, enabling or disabling some features.
    Modified with CPU microcode, though?

    Superfly said:
    The problem with MS releasing Intel microcode is that Intel have put together a slap-dash patch thus far... Linus Torvalds voiced his concern about this as well (i.r.o. patching Linux kernel)... until Intel get their act together, I doubt MS will release a microcode patch.
    This is true. And though they have promised, I'll believe it upon delivery of said promise.

    Here is another great article from a couple of weeks ago regarding the true impact of the vulnerabilities from Ars Technica: Here’s how, and why, the Spectre and Meltdown patches will hurt performance | Ars Technica
      My Computers


  8. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #347

    Gordon7 said:
    New update: KB4078130 (Important)

    Update to Disable Mitigation against Spectre, Variant 2

    Applies to: Windows 7 Service Pack 1Windows 8.1Windows 10 More

    Summary



    Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22nd Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.
    While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”
    We are also offering a new option – available for advanced users on impacted devices – to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes. The instructions for the registry key settings can be found in the following two Knowledge Base articles:


    As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.






    How to get this update



    Microsoft Update Catalog

    Title Products Classification Last Updated Version Size
    Update for Windows (KB4078130) Windows 10,Windows 10 LTSB,Windows 7,Windows 8.1,Windows Embedded Standard 7,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012 R2,Windows Server 2016 Critical Updates 1/27/2018 n/a 24 KB


    http://www.catalog.update.microsoft....q=%20KB4078130






    More Information







    Known issues in this update



    Microsoft is not aware of any issues that affect this update currently.






    Prerequisites



    There are no prerequisites to apply this update.





    Registry information



    To apply this update, you don't have to make any changes to the registry.






    Restart requirement



    You will have to restart the computer after you apply this update.





    Update replacement information



    This update does not replace a previously released update.








    Last Updated: Jan 27, 2018
    Info above from https://support.microsoft.com/en-ph/...ctre-variant-2
      My Computers


  9. Posts : 26,416
    Windows 11 Pro 22631.3374
       #348

    The Fault lies with Intel and Only Intel. That Company is responsible for the flawed CPU's that were being developed since the 90's not to mention the $24 Million that it''s Kind CEO made by selling his stock....
      My Computer


  10. VBF
    Posts : 602
    Win 10 Pro
       #349

    johngalt said:
    Let's also be brutally honest - the number of updates supplied to WU that actually caused problems is a lot lower than one would think - compared to the ones that installed and you never noticed. Yes, it happens - as with any software - no software that I can remember off the top of my head has had a 0 fault track record - ever.
    The fault lies with Microsoft (and other software developers, but more on that later), not because of bad (or potentially bad) updates - but with not providing the necessary education to Windows end users on how to make backups of their system and to ensure the backups are usable before attempting any updates on their systems.
    I agree with pretty much all of that but as I implied above, with most updates, you can back out fairly easily or recover in some other way. When it's the microcode that's being changed, "bricking" is a distinct possibility.
    Also, many people buy (or are sold) computers the same way that they buy TVs DVD players, microwaves et al. Then they expect to just be able to use them with little or no effort.

    As we know, that ain't the case!
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:16.
Find Us




Windows 10 Forums