Jump to content

Major Flaw in Millions of Intel Chips


Corrine

Recommended Posts

From Major flaw in millions of Intel chips revealed - BBC News:

A serious flaw in the design of Intel's chips will require Microsoft, Linux and Apple to update operating systems for computers around the world.

 

Intel has not yet released the details of the vulnerability, but it is believed to affect chips in millions of computers from the last decade.

 

The UK's National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

 

Some experts said a software fix could slow down computers.

 

Note: Windows Insiders running Build 17035 already have the fix.

 

Response from Intel at Intel Responds to Security Research Findings

 

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

 

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

 

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

  • Like 2
Link to comment
Share on other sites

Microsoft issues emergency Windows update for processor security bugs - The Verge

Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft’s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 4PM ET / 1PM PT today.

 

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

 

Just checked and no updates here, Windows 10, 64bit, Version 1709.

  • Like 1
Link to comment
Share on other sites

no updates showing up by me either - 7,10 and server12r2.

 

also, settle down people. don't fall for the hype. and if you insist on being worried about this, your IoT devices are the things to be worried about as ARM is just as vulnerable as the rest to the biggest 'threat'.

Edited by crp
  • Like 1
Link to comment
Share on other sites

i am going to give that podcast a shot, so far i am impressed.

to the current point, i appreciate his post. I've seen a ton of "sky is falling , we are all going to die" but next to nothing in

  1. how can a device get probed,
  2. how likely is it to succeed,
  3. how much needs to be known in advance to make the probe,
  4. how much needs to be known if 'paydirt' was hit.

  • Like 1
Link to comment
Share on other sites

Due to the probability of resulting in BSOD's and an unrecoverable PC, Microsoft is not releasing the patch until the appropriate registry key is added by the A/V. For a table showing the latest from the Meltdown AV spreadsheet tracker see CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibilityhttps://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true.

  • Like 2
Link to comment
Share on other sites

From Meltdown Mitigation - Malwarebytes Endpoint Protection - Malwarebytes Forums:

For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches.
  • Like 1
Link to comment
Share on other sites

BTW MalwareBytes has now fixed their issues and the patch will apply when Microsoft makes it available.

While this is indeed a serious flaw it is probably broadly based but may be quite shallow in its impact. The average user with Intel won't see a big performance hit with the patch and AMD machines are mostly unaffected.

For the home user to be affected by any exploit they would have to be as stupid as anyone who doesn't have proper AV/Malware protection or clicks on email attachments and/or visits dodgy websites. And no exploit has been seen as yet.

It's a bigger problem for VMs in the cloud and server networks.

This looks like a good news item to be exploited by fake malware and scareware jockeys: "Your machine has been affected by the Meltdown virus!!!!! Call 1-800-IMA-DOPE for more information!!!!"

Edited by raymac46
  • Like 3
Link to comment
Share on other sites

Here is the AMD situation:

 

https://www.amd.com/en/corporate/speculative-execution

 

In summary:

Spectre 1 is patched or will be by the O/S guys.

Spectre 2 has a pretty remote chance of happening with AMD.

Meltdown doesn't affect AMD.

 

After all those years of feeling like a fool buying AMD while Intel was eating its lunch, maybe we fanbois have some perverse vindication. Don't want to gloat though. :smashcomp:

  • Like 1
Link to comment
Share on other sites

Cheers for ESET who was among the first to add the reg key!

 

From Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key:

 

According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches.

 

As explained by Kevin Beaumont in Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you:

 

There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes. To be honest, some of the techniques are similar to ones used by rootkits — Kernel Patch Protection was introduced by Microsoft a decade ago to combat rootkits, in fact. Because some anti-virus vendors are using very questionable techniques they end up cause systems to ‘blue screen of death’ — aka get into reboot loops.

 

Check this list to see if your A/V requires a manual registry key setting: Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you. If so, Bleeping Computer has created a reg file that can be used. See the article at Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key. The file is at the bottom of the article but be sure to read the entire article first. You can also check the status with PowerShell (See How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws).

 

Microsoft Support Page: Important: January 3, 2018, Windows security updates and antivirus software

  • Like 4
Link to comment
Share on other sites

EDIT: As of a few minutes ago, reg key was created by ESET.

 

No registry key on mother's windows machine running ESET Smart Security. Everything is up-to-date according to ESET ABOUT screen. I'm wondering what's going on.

Edited by ebrke
  • Like 1
Link to comment
Share on other sites

Intel Corp. admits security patches for Meltdown and Spectre flaws have bugs while AMD says its chips are vulnerable to both Spectre variants - Silicon Valley Business Journal

 

Santa Clara-based Intel Corp. is quietly urging its biggest data center customers to hold off on installing the company’s latest security patches for the Spectre and Meltdown chip flaws, because the patches have bugs that could cause unexpected system reboots, The Wall Street Journal reports.

In a public post Thursday, Intel executive Navin Shenoy confirmed the issue, saying “a few customers” running Intel’s older Broadwell and Haswell chips had experienced higher-than-normal system reboots.

“We are working quickly with these customers to understand, diagnose and address this reboot issue,” he wrote.

 

  • Like 1
Link to comment
Share on other sites

List of Links: BIOS Updates for the Meltdown and Spectre Patches:

As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs.

 

While not all vendors have patches available for vulnerable products right away, most have promised updates in the following months.

 

Bleeping Computer will be updating the list as more information becomes available.

  • Like 2
Link to comment
Share on other sites

Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners:

 

As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.

 

Based on this, we are updating our guidance for customers and partners:

  • We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
  • We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.

  • Like 2
Link to comment
Share on other sites

There is a new patch from MS, only available through the catalog for all versions of Windows KB 4078130 that undoes the buggy patch.

My question is, if you have a computer that either suffers from a BSOD and/or a reboot loop, how are you supposed to apply this patch to fix it?

 

I'm afraid to install ANY of the January patches because I don't need borked computers.

  • Like 2
Link to comment
Share on other sites

I'm afraid to install ANY of the January patches because I don't need borked computers.

That's the way I feel. My mother's laptop is one of her mainstays for amusement since she rarely gets out of the house any more, and I can't take the chance of disabling it. As it is, I spent most of Saturday cleaning up after MB and something she had apparently downloaded accidentally that I'm pretty sure was malware. Luckily, it couldn't install since she's on a limited user account. I have her FF up to date with latest patches, and I did install NoScript since Java Script seems to be the area of highest risk. I'm just not willing to install anything now.

Link to comment
Share on other sites

Hello,

 

The companies involved were working on patches to correctly resolve these issues. The reason we are having so many issues now with buggy patches being released and then withdrawn is because the premature disclosure of information about the vulnerabilities caused the affected vendors to scramble and release patches that will hadn't been thoroughly tested.

 

Regards,

 

Aryeh Goretsky

 

 

the worst part of this disaster is that intel, google, & microsoft all withheld vital information for 6 months from other major vendors such as amazon, major isps, major streaming video vendors, who only could get together after the fact (after jan 3). their input may have been valuable and prevented a lot of blue-screen windows machines.

  • Like 1
Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...