Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations (bleepingcomputer.com)

Posted by EditorDavid on from the complete-and-utter-garbage dept.

An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."

HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.

"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "

15 of 90 comments (clear)

  1. So Linus was right? by Anonymous Coward · · Score: 2, Interesting

    Basically they are telling us that Linus was not overreacting...
    This is what happens when the market is a monopoly, Intel sitting at its laurels, without a care in the world it seems...

  2. New processor for everyone! by mspohr · · Score: 3, Insightful

    If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
    This is a fundamental flaw with the microcode and the only fix is a new processor.
    Intel needs to give everyone a new processor or motherboard... (and a pony).

    --
    I don't read your sig. Why are you reading mine?
    1. Re:New processor for everyone! by wonkey_monkey · · Score: 2

      If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.

      Your use of the phrase "I'm sure" leads me to suspect that you're not in any way sure about this.

      --
      systemd is Roko's Basilisk.
    2. Re:New processor for everyone! by user32.ExitWindowsEx · · Score: 4, Insightful

      WTF?
      If you can climb all the way to registry-editing admin, why would you waste that trying to disable an update that prevents you from merely reading memory?
      You *ALREADY* owned the box to the point where you could load a custom kernel driver and simply sniff everyone's memory through that at full speed.

      --
      "Evil will always triumph because good is dumb." -- Dark Helmet
    3. Re:New processor for everyone! by Anne+Thwacks · · Score: 3, Funny
      If Microsoft can disable the patch. I am sure that even below average hackers can disable the patch.

      FTFY

      --
      Sent from my ASR33 using ASCII
  3. Re:Odd, I run Win7 64-bit & see no such bs... by AmiMoJo · · Score: 3, Funny

    It's probably your massive hosts file causing buffer overflows.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. So, how is this forced update thing working out? by CptLoRes · · Score: 4, Insightful

    Being on Windows 7 I am still given the choice when to apply any updates. And so I made a decision to not install ANY Meltdown or Spectre related updates until the dust settles. So far it seem to have been the right choice.

  5. Can someone *please* by Chris+Mattern · · Score: 2

    teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."

    1. Re:Can someone *please* by Carewolf · · Score: 2

      teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."

      Actually a "band" in this context is a specific radio frequency, and "out-of-band" is things not on that specific frequency. So if MS has a frequency of updates, something outside that frequency is out-of-band.

  6. Software should just give up on Spectre by jader3rd · · Score: 3, Interesting

    There's no point in trying to patch Spectre. Patching Meltdown I get, but Spectre such a pain, it will take hardware fulfilling its side of the process isolation agreement\understanding.

    1. Re:Software should just give up on Spectre by Ramze · · Score: 4, Informative

      I tend to agree. Meltdown had an obvious path to exploit -- run an unauthorized branch of code to access something one shouldn't, then make sure another bit of code read that unauthorized data before it was flagged and wiped. Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.

      In a jewelry store theft comparison:

      Meltdown -- walk in as a celebrity, ask the jeweler if you can view a specific priceless ring that only celebrities could afford, and then you bolt for the door as soon as the ring is on your finger. You got exactly what you wanted.

      Spectre -- walk in, try to grab any ring an average customer is presently inspecting... assuming there are any customers and any of them are viewing any rings during your visit. You have no idea what you're going to get, if anything.... but whatever you DO get, it won't be the specific ring in Meltdown you could have gotten.

  7. Re:So, how is this forced update thing working out by SeaFox · · Score: 2

    On 8.1 here, and I'm going to do the same thing.

    In fact I'm not sure I will ever run Windows 10. I'm on the tail end of my system (Core i7 920)'s life, so I could build my next system and just install Linux Mint. Or maybe I'll get a Mac desktop to go with my (mid 2010) MacBook I have for a laptop.

  8. Re:Odd, I run Win7 64-bit & see no such bs... by fisted · · Score: 3, Funny

    Why would you patch Windows XP? It's not like it's still in heavy use, there's no point. Only ATMs, POS, medical and industrical equipment, really who cares.

    --
    CLI paste? paste.pr0.tips!
  9. DeepAPK by DrYak · · Score: 2

    Somewhere, someone is training some "Deep-Trump"-like deep neural net on APK's corpus of bullshit, and is ready to generate entire discussion trees of APK-"deep"-impostors all shouting at each-other...

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  10. Re:So, how is this forced update thing working out by Anne+Thwacks · · Score: 2
    Anyone know when that will be?

    A couple of centuries after hell freezes over.

    --
    Sent from my ASR33 using ASCII