Windows 10: Q3 2018 Intel Speculative Execution Side Channel Update

  1. Brink's Avatar
    Posts : 32,279
    64-bit Windows 10 Pro build 18242
       14 Aug 2018 #1

    Q3 2018 Intel Speculative Execution Side Channel Update


    Intel ID: INTEL-SA-00161
    Product family: Multiple
    Impact of vulnerability: Information Disclosure
    Severity rating: See Security Advisory text
    Original release: 08/14/2018
    Last revised: 08/14/2018

    Summary:

    Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.

    Intel is committed to product and customer security and to coordinated disclosure. We worked closely with other technology companies, operating system, and hypervisor software vendors, developing an industry-wide approach to mitigate these issues promptly and constructively.

    For facts about these new exploits, technical resources, and steps you can take to help protect systems and information please visit: Side Channel Methods – Analysis, News and Updates.

    Description:

    CVE-2018-3615 - L1 Terminal Fault: SGX

    • Systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
    • 7.9 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

    CVE-2018-3620 - L1 Terminal Fault: OS/SMM

    • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
    • 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

    CVE-2018-3646 - L1 Terminal Fault: VMM

    • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
    • 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

    Affected products:

    The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time.

    Intel® Core™ i3 processor (45nm and 32nm)
    Intel® Core™ i5 processor (45nm and 32nm)
    Intel® Core™ i7 processor (45nm and 32nm)
    Intel® Core™ M processor family (45nm and 32nm)
    2nd generation Intel® Core™ processors
    3rd generation Intel® Core™ processors
    4th generation Intel® Core™ processors
    5th generation Intel® Core™ processors
    6th generation Intel® Core™ processors **
    7th generation Intel® Core™ processors **
    8th generation Intel® Core™ processors **
    Intel® Core™ X-series Processor Family for Intel® X99 platforms
    Intel® Core™ X-series Processor Family for Intel® X299 platforms
    Intel® Xeon® processor 3400 series
    Intel® Xeon® processor 3600 series
    Intel® Xeon® processor 5500 series
    Intel® Xeon® processor 5600 series
    Intel® Xeon® processor 6500 series
    Intel® Xeon® processor 7500 series
    Intel® Xeon® Processor E3 Family
    Intel® Xeon® Processor E3 v2 Family
    Intel® Xeon® Processor E3 v3 Family
    Intel® Xeon® Processor E3 v4 Family
    Intel® Xeon® Processor E3 v5 Family **
    Intel® Xeon® Processor E3 v6 Family **
    Intel® Xeon® Processor E5 Family
    Intel® Xeon® Processor E5 v2 Family
    Intel® Xeon® Processor E5 v3 Family
    Intel® Xeon® Processor E5 v4 Family
    Intel® Xeon® Processor E7 Family
    Intel® Xeon® Processor E7 v2 Family
    Intel® Xeon® Processor E7 v3 Family
    Intel® Xeon® Processor E7 v4 Family
    Intel® Xeon® Processor Scalable Family
    Intel® Xeon® Processor D (1500, 2100)
    ** indicates Intel microprocessors affected by CVE-2018-3615 - L1 Terminal Fault: SGX

    Please check with your system manufacturer for more information regarding updates for your system.

    Recommendations:

    Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.

    This includes the release of updated Intel microprocessor microcode to our customers and partners. This microcode was previously released as part of INTEL-SA-00115.

    Status of available microcode can be found here.

    End users and systems administrators should check with their system manufacturers and system software vendors and apply any available updates as soon as practical.

    Acknowledgements:

    Intel would like to thank Raoul Strackx1,Jo Van Bulck1, Marina Minkin2, Ofir Weisse3, Daniel Genkin3, Baris Kasikci3, Frank Piessens1, Mark Silberstein2, Thomas F. Wenisch3, and Yuval Yarom4 for reporting this issue and working with us on coordinated disclosure of CVE-2018-3615 (www.foreshadowattack.com)

    1 imec-DistriNet, KU Leuven, 2Technion, 3University of Michigan, 4University of Adelaide and Data61

    Revision History

    Revision Date Description
    1.0 08/14/2018 Initial Release

    CVE Name: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646


    Source: INTEL-SA-00161

    See also: Intel Side Channel Vulnerability L1TF
      My ComputersSystem Spec

  2. martyfelker's Avatar
    Posts : 1,538
    Triple Boot Windows 10 IP Build 17711/Windows Server 2019 IP Build 17692/Debian Unsttable
       14 Aug 2018 #1

    More Intel Processor Vulnerabilities


    Intel discloses another set of processor vulnerabilities

    Good thing I just bought an AMD Ryzen 2700X
      My ComputersSystem Spec

  3. Bree's Avatar
    Posts : 8,569
    10 Home x64 (1803) (10 Pro on 2nd pc)
       14 Aug 2018 #2

    A patch has already been issued in the latest cumulative update.

    Key changes include:


    • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)


      My ComputersSystem Spec

  4. Faith's Avatar
    Posts : 427
    Windows 10 Home April 2018 Update 64-bit
       15 Aug 2018 #3

    Another day another Intel vulnerability…

    I swear, I see a new side-channel bug coming out every month or so for my Intel processors… It's getting out of hand. Good thing it's been patched, but at what performance cost? Soon my Intel processors will be perfoming worse than a carrot… A new silicon is desperately needed now.
      My ComputerSystem Spec

  5.    15 Aug 2018 #4

    I think the majority are getting fed up with it all. Most of the public won’t know about all this stuff anyway. I think there is a lot of scare mongering too and actual vulnerabilities are very unlikely to manifest themselves. I decided I’m just going to do nothing and let windows update take care of things. Am tired of updating the BIOS to keep pace, it’s risky and has already screwed up aspects of my iTunes / Apple iCloud music library setup as Apple recognised the BIOS update as a change of machine.
      My ComputerSystem Spec

  6.    15 Aug 2018 #5

    Faith said: View Post
    Another day another Intel vulnerability…

    I swear, I see a new side-channel bug coming out every month or so for my Intel processors… It's getting out of hand. Good thing it's been patched, but at what performance cost? Soon my Intel processors will be perfoming worse than a carrot… A new silicon is desperately needed now.

    Relatively speaking, the performance costs haven't been that bad. The dire prediction from earlier this year that limiting the ability of microprocessors to perform speculative execution would cause severe performance issues has mostly not come true (at least with respect to the last few generations of Core processors). It almost makes me wonder if speculative execution is even something that's needed in modern processors.
      My ComputerSystem Spec

  7. Bree's Avatar
    Posts : 8,569
    10 Home x64 (1803) (10 Pro on 2nd pc)
       15 Aug 2018 #6

    Ground Sloth said: View Post
    The dire prediction from earlier this year that limiting the ability of microprocessors to perform speculative execution would cause severe performance issues has mostly not come true (at least with respect to the last few generations of Core processors)...
    ...and on my older generation processor for which InSpectre says "Performance: SLOWER" there's no noticeable effect for me. It very much depends on what you use the PC for.

    While most casual desktop users and gamers won't notice any prolonged slowdown, or any performance hit at all, people running IO or system-call intensive software, such as databases on backend servers, may notice the difference
    https://www.theregister.co.uk/2018/0...ctre_slowdown/
      My ComputersSystem Spec

  8.    16 Aug 2018 #7

    Bree said: View Post
    ...and on my older generation processor for which InSpectre says "Performance: SLOWER" there's no noticeable effect for me. It very much depends on what you use the PC for.

    https://www.theregister.co.uk/2018/0...ctre_slowdown/

    It would be nice if InSpectre were updated.

    To verify that protections are enabled on a Linux machine, all you need to do is open a terminal window and type the command "grep . /sys/devices/system/cpu/vulnerabilities/*". The output is easy to understand.

    On a Windows machine, as I'm sure you know, you have to run a PowerShell script, and the output is a bit confusing.
      My ComputerSystem Spec


 

Related Threads
Read More: https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ See also: https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ INTEL-SA-00115
Source: https://support.microsoft.com/en-us/help/4073065/surface-guidance-to-protect-against-speculative-execution-side-channel See also: Surface devices and the new speculative execution side-channel vulnerabilities (May 2018) Surface
Source: Mitigating speculative execution side channel hardware vulnerabilities Defense See also: Microsoft Announcing Speculative Execution Bounty Program Launch - Windows 10 Forums
Source: https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:36.
Find Us