Slashdot Mirror
Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations (bleepingcomputer.com)
An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."
HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.
"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "
HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.
"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "
I don't see any good way past this.
See subject: What I have seen that causes reboots, oddly enough, is when MS Security Essentials updates & FF 57 ran @ the same time (crashed my system consistently & yes, crashdump data verified it).
* HOWEVER - that ALL occurred PRE-patch for Intel CPU Meltdown/Spectre issues anyway... so, how'd I stop it? I shutoff MS Security Essentials autoupdate & WinUpdate (until it's time to run it MYSELF as I see fit AFTER I see patches are indeed, troublefree & legit/solid ONLY).
Cause of these fiascos? Firing QA testers & SUPERIOR EXPERIENCED CODERS vs. low-cost rookies (for the Love of the "Holy Dollar" & a bogus corrupt system powered by a legalized craptable called 'stockmarkets' - greed in other words).
APK
P.S.=> I'll stick by the patch for the interim personally - better having mitigations that @ least SOMEWHAT WORK vs. none @ all whatsoever imo & experience... apk
Windows patched my systems (Win10 1709) on a Gen1 i5, Core2 Extreme, and Atom. Also an out-of-support Windows phone. None seem to be affected by it, and none will ever get microcode updates from Intel. So ... ??
Basically they are telling us that Linus was not overreacting...
This is what happens when the market is a monopoly, Intel sitting at its laurels, without a care in the world it seems...
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
This is a fundamental flaw with the microcode and the only fix is a new processor.
Intel needs to give everyone a new processor or motherboard... (and a pony).
I don't read your sig. Why are you reading mine?
The solution is Linux and *BSD over RISC-V.
It's probably your massive hosts file causing buffer overflows.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Being on Windows 7 I am still given the choice when to apply any updates. And so I made a decision to not install ANY Meltdown or Spectre related updates until the dust settles. So far it seem to have been the right choice.
I never said hosts cure all. Only that hosts do FAR more for FAR less vs. other "so-called 'solutions'" (full of bugs & security issues (antivirus TAVIS ORMANDY ANYONE?/dns/routers/addons) due to poor coding practices & overly complex design illogically "Bolting on 'MoAr'" vs. natively operating w/ what you have as I do in a LONG PROVEN IP stack which hosts IS part of natively)
APK
P.S.=> Unbelievable... apk
What every device with an Intel inside (see decal) needs is a mitigation for the Intel Inside (see inside).
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
... seen a pooch screwed this hard. Repeatedly.
I officially declare the 2010s "The Decade When Nothing Worked Right".
There's no point in trying to patch Spectre. Patching Meltdown I get, but Spectre such a pain, it will take hardware fulfilling its side of the process isolation agreement\understanding.
...now.
WTF? No updates for Windows XP? Come on, Microsoft. If you're going to go overboard by releasing updates for old archaic operating systems, don't make it a half-assed effort!
We solved this for ARM 2 weeks ago. What the fuck is Intel doing?
On 8.1 here, and I'm going to do the same thing.
In fact I'm not sure I will ever run Windows 10. I'm on the tail end of my system (Core i7 920)'s life, so I could build my next system and just install Linux Mint. Or maybe I'll get a Mac desktop to go with my (mid 2010) MacBook I have for a laptop.
I disabled all my auto-update crap on the Windows 10 Pro unit I do have. ( Wacom Cintiq, no choice on the OS )
Also disabled all the updates for my Win 7 machines.
Not about to play guinea pig for a rushed patch to fix a problem they've known about for some time.
I'll give it six months, then consider it once all the problems are ironed out.
IF all the problems get ironed out.
has risen over 10% so far this month. That's what lying PR can do for a company.
funny, the windows update on my win 7 box has only an upgrade to win 10 showing now.
Proof makes you EAT YER WORDS imposter (via a +5 upmodded post of mine from 2010) http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450/ w/hosts & bgp (nothing clientside stops that as an example PROOF thereof I have outright STATED hosts do not cure all (but that they DO more for far less vs. inferior compeititors FULL OF SECURITY ISSUES & BUGS in antivirus/routers/addons/dns)).
* REPOST PROOF YOU HAD TO TRY "DOWNMOD HIDE IT" BEFORE chump liar imposter https://tech.slashdot.org/comments.pl?sid=11669269&cid=56023173/ last time I posted what makes YOUR KIND (scum) EAT YOUR WORDS bitch!
APK
P.S.=> Bottom-line: Thanks for letting me LOOK GOOD @ your LYING EXPENSE, scumbag... apk
Being on Windows 7 I am still given the choice when to apply any updates. And so I made a decision to not install ANY Meltdown or Spectre related updates until the dust settles. So far it seem to have been the right choice.
Yep, had to figure out how to undo it on the missus's laptop as Windows 10 had auto-updated and the damn machine wouldn't run for more than couple minutes at a time. Meanwhile my good ol' Windows 7 desktop chugs along as usual.
It's worth noting that the Spectre variant 2 update was only enabled if you installed the patch and also installed the microcode update from your hardware vendor.
This out-of-band update doesn't effect anyone who hasn't installed the updated hardware microcode yet.
See subject & https://tech.slashdot.org/comments.pl?sid=11669269&cid=56023963/ How did eatin yer words taste?? Like your FOOT in your MOUTH ramming them back down your "ne'er-do-well" throat choking on them while washed down w/ the BITTER taste of SELF-defeat?
* Yes, lol...
APK
P.S.=> Go away you HUMAN FAIL, lol... apk
Apart from update for the browser to reduce timer resolution - are there any Windows/Linux mitigations against Meltdown and Spectre that are safe to apply?
Why would you patch Windows XP? It's not like it's still in heavy use, there's no point. Only ATMs, POS, medical and industrical equipment, really who cares.
CLI paste? paste.pr0.tips!
Being on Windows 10 and knowing from the very start that this was controllable from a registry setting (which I used to disable this junk) I fail to see your poorly made point.
I recently opted for purchasing an 8.1 license after my bad experiences with W10 in the work environment. It's just a shame that the official MS site no longer supports this... Switching to another OS is not really an option being a Windows developer... I mean it's not impossible but it's quite a hassle.
Somewhere, someone is training some "Deep-Trump"-like deep neural net on APK's corpus of bullshit, and is ready to generate entire discussion trees of APK-"deep"-impostors all shouting at each-other...
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
I know things are getting confused, but there are 2 variants of Spectre.
The first one, the one you're describing, the "Bounds Checks Bypass", is the one where Speculative Execution is working exactly as defined, affects all speculative executing processor (so basically a couple of in-order cores like Intel Atom and nearly all RISC except a few latest AArch64 are exempt).
CPU speculatively execute past a check, and might end up speculatively reading from another part of the memory to which the application has access already anyway.
There are only a few real-world exploit (the few corner case where an application has access to its own data, but should not actually read it for security purpose), mostly involving JITing and executing foreign-supplied executable arbitrary code. (e.g.: eBPF bytecode used by modern packet filters running in the same context as the Linux kernel ; e.g.: JITed Javascript code supplied by some shady webserver running in the same context as the rest of your browser, including that plug-in that handles password management).
But then there's Spectre variant 2, the "Branch Target Injection". This one is per-CPU architecture specific (Intel are known to be affected, and there's Demo code by google) (AMD thinks after a lot of analysis that some of their CPU are affected, but have no idea if it is technically possible to make an actual real-world exploit out of it - for sure the Xeon-specific code won't work, obviously).
The base idea is to confuse how the indrect branch predictor work (i.e.: for jumps whose destination isn't even known yet at the time of speculation). Most CPUs try to keep track about where did this jump usually lead in the past. Depending on how this "track keeping" is handled (that's why it's very CPU-specific), an attacker might confuse the predictor and have it execute speculatively at an attacker's arbitrary chosen position, which would never ever be attained during normal execution.
(in the case of the Google demo code for Xeon, these Xeons in particuliar is use something like a hash to store their table, google has managed to find "hash-collision"-like problem, where the Xeon will take the "wrong table" for the prediction : not the table of were the attacked programm usually jumps at, but a different table where the attacker's exploit usually jumps at).
To take the jewerly store comparison :
- The attacker meets the store manager in a completely unrelated setting, like at a street festival, and shows some funny dance moves. The store manager even learns the dance steps.
(= filling a table of prediction for indirect branch for a code chosen by the attacker)
- Later that day, while the manager is back at the store, he absent-mindly repeats the dance-steps of that dance he saw and liked...
(= "hash collision" in Xeon's tables : the "wrong table" is used by a completely different and normally unrelated program)
and ends up accidentally bumping into the button that turns the alarm off, letting the thief steal everything he wants from the shop.
A button that he would normally have never pressed.
(= normally, the jump taken during the speculative execution would never ever be taken : it's not even in the list of possible indirect branching for that program)
The horrible scary part is that what happens in the jewerly shop is affected by some completely unrelated event in the street.
(The attacked/exploited program were the branch prediction is abused, might be a completely different program that the one where the attacker was doing the jumps to fill the predictor table.
The attacker's code could be a small program that the attacker is allowed to run as part of the normal operations, like a user-land software on a VM on a cloud cluster. And the attacked/exploited program could be something deeply critical like the hyper visor running all the VM instances
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Truth is you cannot mitigate this threat without causing issues. The software and firmware fixes are more trouble then their worth. You only have really two options buy a AMD system now which has less exposure to the threats, or wait for Intel to produce new CPU's that are designed to mitigate this exposure.
The other option I wish Intel would provide is a bios off switch in which a user can decide if they want more security and less performance. Or take their chances with maintaining performance but accepting more risk. This is way better then cobbled together fixes that don't work as expected and cause more issues.
Short - when will it be safe to let Windows 10 updates happen, again?
My laptop is dual-boot, and 90+ percent of the time it boots Linux, which I have kept fully updated through this whole mess. I still have the Windows installation live and runnable, because there are those things that just won't work without Windoes. Occasionally I unplug my USB flash with /boot, let it boot Windows, and keep that up-to-date. Most of what I do with Windows is update Windows, and occasionally update my GPS, and a rare few other things.
But not that long ago I started hearing about the Meltdown/Spectre mitigations bricking machines, so was especially careful to quit booting Windows. At some point I presume the dust will have settled and it will be safe and prudent to update again.
Anyone know when that will be?
The living have better things to do than to continue hating the dead.
A couple of centuries after hell freezes over.
Sent from my ASR33 using ASCII
There's no "right choice". It's "APTs might be able to sniff keys and passwords via browser javascript" vs. "performance and stability issues", and those are just different flavors of shit sandwich.
Hey retard Alexander Peter Kowalski how about you actually provide proof to backup your statements.
You offer up wild speculations, piss poor circular logic, out of context testimonials, and all sorts of grandiose claims.
Yet despite all that you fail to off any actual logic, real evidence, or mathematical proof.
Just because you are too retarded to understand what those are doesn't mean they don't exist.
Also thank you for continuing to show the world that Alexander Peter Kowalski is a retard.
However you are right about one thing, APK is not to be believed.
Actually Alexander Peter Kowalski, you always look like a retard.
You can't write
You can't make a coherent statement
You can't defend your work
You post nonsensical links to your previous nonsense statements.
You prattle on about various conspiracy theories
You make grandiose claims that can't be backed up about your security advice
All in all you provide a continuous stream of evidence that you are in fact a retard.
That you are basically a parody of your self it should come as no surprise that people mock you for fun
I've never seen anything like it. Windows would simply not load. Not even safemode could get windows to boot.
Completely reinstalling windows fixed it (for now) but there goes 2 hours of my life (plus the slow process of reinstalling all my apps).
I really regret purchasing an Intel CPU. If anyone out there is building a computer and on the fence about what CPU to get, AMD deserves your money. Ryzen is fantastic and should have been my first choice.
Equipment that, if an adversary can install the exploit code, is already owned. And installing the patches may cause timing issue that breaks things. In other words, the type of use for Windows XP is such that patching it would be nonsense.
Equipment that, if an adversary can install the exploit code, is already owned.
And guess why it was already owned. Yeah, nice and circular.
CLI paste? paste.pr0.tips!
Spectre and Meltdown are only exploitable if you can already execute arbitrary code on the machine. They aren't ever an initial attack vector, so I don't understand your post at all. These require that you already have local privileges and, on the devices you initially mentioned, an adversary wouldn't already have this. They need some alternative mechanism to deliver an initial payload.
Best non-car analogy ever.
I didn't start the Jewelry store analogy, the parent poster did.
And now let's try a car analogy ! (But let's not repeat what xkcd).
It's all about you car trying to be more clever than you. So it's fitting to take self driving car as a metaphore.
Speculative execution :
When you arrive at an intersection, the car doesn't wait for you to take a decision where you want to go.
It makes its best guess and start driving in that direction.
When it was invented, it wasn't even considered problematic, because if you actually make a different decision and the car's best guess turned out to be wrong, the car will go back at the intersection (= CPU thows away all the work and doesn't commit into the memory/register) and start driving the other way around.
But it's deemed useful, because if the car guessed right, by the time you make your decision, the car has already progressed in the correct decision.
(= if the CPU guess right, it will have advanced a bit of work instead of the whole pipeline stalling and waiting for the outcome of the dependence).
Spectre variant 1 - "bound check bypass" :
It turns out that even if the car leaves in case of wrong guess, there might some effect remaining even after the car left, like trace of tires on the ground, the ground still being warm from the car's presence, pigeons frightened by the car would have taken off, ...
(= they are still side effect that can be measured of CPU execution, like pages of memory being fetched in the cache).
And actually, modern cars are so fast, that by the time you made up your mind, the car is already 3-4 intersections further down the road.
(= there quite a lot of instruction that are kept in-flight in the CPU pipeline)
By carefully watching when pigeons took off, and where you see tire traces, you can correctly infere that the car steered to avoid a pedestrian, even if the car nor the pedestrian aren't there any more
(= it's possible to organise the speculated instructions in such way, the the side effect will depends on something that was access past the a check, like a boundary check)
But still the car is only travelling in the same city as usual.
(= This Spectre only access data that the application has already full access to, to begin with. So very few exploit where you actually manage to get something new. Mostly situations involving JIT)
By now nearly all car have this auto-driving "feature" built in them.
Meltdown
All cars of the brand "Intel" have something really weird : they show up on the other side of walls.
It's as if the wall didn't matter any more.
The cars shows up in restricted area of the city where it shouldn't be.
(= speculative execution on Intel CPU happens to go past security limits like memory protection, because the actual security check is done way to late)
Walls won't protect the reserved parts of the city.
(= the kernel isn't protected anymore).
You have to move the prison complex into another city.
(=KPTI)
Spectre variant 2 - "Branch Target Injection"
It gets even weirder :
The car shows up in the New York Underground network.
And inside the vaults of Fort Knox.
You're definitely toast on this one.
(= Influence the execution of completely unrelated program. Execution happens were it couldn't possible happens. Your Hypervisor is toast).
But the thing is that this extremely dependent on the exact type of bolts and nuts which are used in the car.
It's proven to work with a few specific bolts and nuts used in Intel cars.
AMD cars are now proven to also use bolts and nuts, but nobody knows if you can actually manage to make a magically teleporting car out of them.
Meltdown and Spectre v2 are actually as weird as their car metaphor sound.
That's why lots of specialist are specifically mad at I
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
See subject & prove your bs (u can't). I provide verifiable proof in security pros https://developers.slashdot.org/comments.pl?sid=11549257&cid=55839269/ &/.ers https://tech.slashdot.org/comments.pl?sid=11595279&cid=55903895/ quoted on the efficacy of MY PROGRAM & hosts too!
LMAO!
Lastly - your "mathematical proof" (fantasy) was EASILY DESTROYED by REALITY here https://yro.slashdot.org/comments.pl?sid=11532533&cid=55833641/ as reality showed my methods worked to STOP that threat!
APK
P.S.=> It must be hilarious seeing you "FoAmInG @ TeH MouTh" in "RaGe" as I easily cut you to pieces every time you do your unidentifiable anonymous stalking since you let others know you have SERIOUS issues (stalking, libeling, lying, severe jealousy & incompetence on your end)... apk
See subject DrYak (fake name do-nothing "ne'er-do-well" online you are) & proof of where I nuke you https://yro.slashdot.org/comments.pl?sid=11452421&cid=55703679/ on hosts blocking 3rd party script faster than NoScript can, stupid!
* No 'small wonder' morons like you use your "phantasyland names" - your entire LIVES are nothing but fantasies & doing nothing of value.
APK
P.S.=>... & you KNOW it (you constantly prove it too, lol BUT you make ME look GOOD albeit @ YOUR EXPENSE (not that a fake name fuck like YOU cares, you are a zero))... apk
Proving you're a retarded liar = ez https://tech.slashdot.org/comments.pl?sid=11669269&cid=56023963/ & you tried downmod "hiding" it too, lol!
APK
P.S.=> I don't have to defend my work - /.ers do FOR ME https://tech.slashdot.org/comments.pl?sid=11595279&cid=55903895/ ... apk
See subject: Your MASSIVE FAIL in this life is you're nothing more than a chattering little do-nothing "ne'er-do-well" online & you know it...
* Is that the best your "phantasyland FAKE NAME" (for your fake lie of a so-called 'life') can manage?
APK
P.S.=> When a FAKE NAME do nothing like YOU does better than I have? Then talk (you're all talk & no action)... apk
Not sure how much "bare metal" exposure you need for the developing you're doing, but you could set up your machine in Linux and then run Windows full screen in a VM. Only use it for work stuff and keep you personal stuff outside it. If there was a bad update that comes down the pipe and the VM gets hosed you could roll back to an earlier snapshot of the VM in a snap, too.