Windows Client Guidance against speculative execution vulnerabilities

Variant 1.1 (Bounds Check Bypass Store) is now mentioned in the Windows Client Guidance, but strangely I can't find any information about either of the new vulnerabilities on the Intel web site.

Q16. I heard that CVE-2018-3693 (Bounds Check Bypass Store) is related to Spectre. Will Microsoft release mitigations for it?

A16. Bounds Check Bypass Store (BCBS) was disclosed on July 10, 2018 and assigned CVE-2018-3693. We consider BCBS to belong to the same class of vulnerabilities as Bounds Check Bypass (Variant 1). We are not currently aware of any instances of BCBS in our software, but we are continuing to research this vulnerability class and will work with industry partners to release mitigations as required. We continue to encourage researchers to submit any relevant findings to Microsoft’s Speculative Execution Side Channel bounty program, including any exploitable instances of BCBS. Software developers should review the developer guidance that has been updated for BCBS at https://aka.ms/sescdevguide.

https://support.microsoft.com/en-us/...erabilities-in

Ground Sloth said:

Variant 1.1 (Bounds Check Bypass Store) is now mentioned in the Windows Client Guidance, but strangely I can't find any information about either of the new vulnerabilities on the Intel web site.

https://support.microsoft.com/en-us/...erabilities-in

I think it's in there that they think that Variant 1 mitigations are sufficient.

I see the latest MCU are for Spectre Variant 3a and 4 (Rogue System Register Read & Specualtive Store Bypass).

CVE's are in this article here

Ground Sloth said:

There are two more speculative execution side-channel vulnerabilities: Variant 1.1 and Variant 1.2.

It's unclear if current protection against Variant 1 provides sufficient protection against these two new variants.


https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/

OR:
https://www.ghacks.net/2018/07/11/he...ao0cqqj%2e29te

Due to the limitations of the InSpectre tool as is, I am attempting to validate Variant 4 patching against SSB via the PowerShell script.

I can't seem to get it activated despite following the notes. It validates that Variant 1 (not 1.1 or 1.2) & 2 patching is active.

I have applied the registry keys, rebooted and ran the script as Adminstrator.

Anyone else tried it?

winactive said:

Due to the limitations of the InSpectre tool as is, I am attempting to validate Variant 4 patching against SSB via the PowerShell script.

I can't seem to get it activated despite following the notes. It validates that Variant 1 (not 1.1 or 1.2) & 2 patching is active.

I have applied the registry keys, rebooted and ran the script as Adminstrator.

Anyone else tried it?

I tried, and SSBD isnt enabled on this build. But a few build back, 17692 or something like that, its enabled. And PowerShell script tells me my CPU Microcode isnt patched for Spectre v4, but actually my microcode is the latest with both Spectre v3a/4 and I verified patching status of microcode under Linux....

I had an advisory from Dell today about a UEFI update for a machine I no longer own (I returned it due to poor battery performance). It was an update to mitigate Intel-SA-00115 (Spectre 3a & 4) and Intel-SA-00118 (Intel ME CSME vulnerability) so it contained MCU and ME images.

So, you would hope that patching could be enabled in a production OS if the MCUs are being pushed by OEMs.

Im already running latest Intel ME FW and MCU, not patched and it looks so bad on latest Insider build, I sent some feedback to MS already