Malonn Posted March 16, 2018 Share Posted March 16, 2018 I saw that. Still only goes back to Skylake, but they are making progress. Tons of people use pre-Skylake CPUs--I guess Skylake + makes up the bulk out there in the wild. Link to comment Share on other sites More sharing options...
Malonn Posted March 22, 2018 Share Posted March 22, 2018 Here's a little update on the AMD security issues. They may not be too bad. Patches should come forthwith. Link to comment Share on other sites More sharing options...
Arthmoor Posted March 22, 2018 Share Posted March 22, 2018 Indeed. Patchable in firmware, in a few weeks vs months or never, requires admin access AND a BIOS reflash to make it all work. Color me unsurprised to find all that out. It's basically no worse than Intel's own problems with their IME chip that everyone swept under the rug. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted March 22, 2018 Author Share Posted March 22, 2018 Good news Link to comment Share on other sites More sharing options...
alt3rn1ty Posted April 6, 2018 Author Share Posted April 6, 2018 Intel are cutting back on the amount of planned microcode fixes, so some older models will not be supported .. https://arstechnica.com/gadgets/2018/04/intel-drops-plans-to-develop-spectre-microcode-for-ancient-chips/ And here's the guide listing all the ones that will be getting an update .. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf Thankfully all of our family machines are being done. And just a reminder, here are the ones already done .. https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates Link to comment Share on other sites More sharing options...
alt3rn1ty Posted April 15, 2018 Author Share Posted April 15, 2018 InSpectre has been updated Release #8 — Now shows whether an Intel microcode patch is (ever) available for Spectre. Intel has finished designing microcode update patches for its processors. On April 2nd, 2018, they announced that processors that have not yet been patches will never be patched. Their full statement is available in this PDF document. In that document, Intel specifies which of their many processors do have patches and which of their more recent processors will never receive updated firmware. Now that the industry has this information, this 8th release of InSpectre incorporates that list of CPUIDs and displays whether microcode firmware updates exist for the system's Intel CPU. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted April 18, 2018 Author Share Posted April 18, 2018 AMD Spectre mitigation update news https://www.amd.com/en/corporate/security-updates#paragraph-290416 Link to comment Share on other sites More sharing options...
alt3rn1ty Posted April 28, 2018 Author Share Posted April 28, 2018 And at long last my machine has had all the fixes, although at the moment the Spectre microcode fix is the one fed to the processor as windows boots up, I would still prefer the BIOS fix from MSI, which is going to take a while longer. https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates https://support.microsoft.com/en-us/help/4078407/update-to-enable-mitigation-against-spectre-variant-2 InSpectre release #8 (running in Admin mode) detects all of them as fixed And so far I have had no detectable performance decrease in games, but if that happens just use InSpectre before hand and use its Disable fix buttons temporarily. Link to comment Share on other sites More sharing options...
drizzan Posted April 29, 2018 Share Posted April 29, 2018 According to hardware sites the decrease in performance should not be noticeable while gaming, other programs were affected at a larger scale (cannot remember which ones) but nothing I used atleast. A BIOS update is available for my MSI card atleast: https://www.msi.com/Motherboard/support/Z270-GAMING-PRO-CARBON/#down-bios Link to comment Share on other sites More sharing options...
alt3rn1ty Posted April 29, 2018 Author Share Posted April 29, 2018 I just received an email today from MSI linking me to a BIOS update for my laptop machine. I sent them a request for support in case my machine model had mistakenly been missed, and I think my suspicion was sort of correct, the modified date on the BIOS file was 22nd of March. I think someone just forgot to update my machines page on their website. Anyway, alls well that ends well, its now successfully reflashed with the new BIOS firmware and doing the necessary Link to comment Share on other sites More sharing options...
alt3rn1ty Posted May 2, 2018 Author Share Posted May 2, 2018 Windows 10 April 18 update - Apparently they have not bundled the Spectre mitigation microcode updates (KB4090007) with it. So if you already applied the update to Windows 10 Fall Creators update 1709 .. Standby to watch that get overwritten and not be protected anymore, and go back to waiting for another update from Microsoft. For those of us with actual BIOS updates thats not a problem, but you would have thought they would include the boot time microcode updates they have already done for everybody in the major overhaul of the OS. Link to comment Share on other sites More sharing options...
drizzan Posted May 2, 2018 Share Posted May 2, 2018 Well I just updated to my latest BIOS (1.8) and according to InSpectre the system is still vulnerable to Spectre. So MSI have not fixed this on my motherboard yet. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted May 2, 2018 Author Share Posted May 2, 2018 I just this minute finished updating to Windows 10 April 18 update v 1803, and InSpectre is reporting I am still protected across the board .. So the MSI BIOS update I was emailed a link to by MSI support Staff seems to be working fine here (otherwise due to the new windows update not including the on boot microcode update I would have reverted to Spectre Protection not installed) : The MSI support page in my case though still needs to be updated with a new BIOS (at least to match the one I received), so I am guessing MSI are still doing their best to update all the models they need to, and the supporting website pages and links to new files. Just a case of remaining patient, but also, unless some attacker has actual access to your machine, it cant be exploited. And so far there are no reports anyone has heard of that the vulnerability has any actual code in the wild to take advantage of it. Maybe nation state level organisations have, for use of government spooks, but I have no worries they would be interested in my game modding machine, unless they are bored. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted May 2, 2018 Author Share Posted May 2, 2018 2 hours ago, drizzan said: Well I just updated to my latest BIOS (1.8) and according to InSpectre the system is still vulnerable to Spectre. So MSI have not fixed this on my motherboard yet. Oh wait .. Did you right click InSpectre and "Run as Administrator" If not it will not have enough access permission to find out if your BIOS is protecting you, and defaults to answering NO Link to comment Share on other sites More sharing options...
drizzan Posted May 2, 2018 Share Posted May 2, 2018 I did run it as both admin and regular user, in both cases it answers with not protected vs Spectre. The latest BIOS for my card was released in January 2018, it had a note that said: "- Update Intel Micro code for security vulnerabilities " but that doesn't seem to be Spectre, unless you need a Windows 10 update for Spectre aswell which I haven't downloaded manually. I have just gotten the regular updates through Windows Update. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted May 23, 2018 Author Share Posted May 23, 2018 For anyone who updated to Win 10 1803 (which overwrote any previous updates and made everyone vulnerable to Spectre again .. ) Here's the new standalone update to fix Spectre https://support.microsoft.com/en-gb/help/4100347/intel-microcode-updates-for-windows-10-version-1803-and-windows-server The link for the download is under "Method 3" Link to comment Share on other sites More sharing options...
Malonn Posted May 24, 2018 Share Posted May 24, 2018 Asus decided to work some BIOS's to include a Spectre fix. Kudos, Asus (if you're reading ). BIOS-level should have less of an impact on performance, yes, no? Link to comment Share on other sites More sharing options...
alt3rn1ty Posted March 14, 2019 Author Share Posted March 14, 2019 On 5/24/2018 at 4:53 PM, Malonn said: Asus decided to work some BIOS's to include a Spectre fix. Kudos, Asus (if you're reading ). BIOS-level should have less of an impact on performance, yes, no? Sorry its been a while since I looked in here : No, BIOS = Microcode fix, so same performance hit. You can still disable both Spectre and Meltdown fixes temporarily using Steve Gibsons InSpectre Use the disable buttons while you play a CPU intensive game for example, then enable again afterwards. ------------------------ Also there is a new MS site which supports newer versions of windows and the associated fixes https://support.microsoft.com/en-gb/help/4093836/summary-of-intel-microcode-updates So windows 10 v1809 has fixes listed now - Are these newer fixes bundled with windows updates ? .. I dont know I installed these mitigation's for win 10 1807, then win 10 1809 was installed and InSpectre still shows my machine as fully protected. So I did an overwrite install with the newer ones in case the code is actually specifically tailored to the stated OS version confused. Anyway, new kind of attack sort of using Speculative execution (affects Intel but not AMD) - https://www.grc.com/sn/SN-705-Notes.pdf (Page 19 onwards). Link to comment Share on other sites More sharing options...
Sladen2019 Posted March 14, 2019 Share Posted March 14, 2019 Microsoft has added Retpoline to Windows 10 1809 on March 1st. It is disabled by default, but can be enabled. It was in Fast Ring builds for awhile and seemingly has the same amount of protection with little or no performance loss. https://www.bleepingcomputer.com/news/security/boost-windows-10-performance-with-retpoline-spectre-mitigation/ Link to comment Share on other sites More sharing options...
alt3rn1ty Posted March 14, 2019 Author Share Posted March 14, 2019 Now I am even more confused as to what to do. Think I will just let windows do the necessary roll-out, and see what it makes of what is already enabled. Retpoline is compatible with my I7 anyway, so is desirable if its better performance. Link to comment Share on other sites More sharing options...
Sladen2019 Posted March 15, 2019 Share Posted March 15, 2019 I am just waiting for them to roll it out and enable it by default offically themselves also. I have been running with the older fixes disabled, and have had no issues. Inspectre is wonderful for letting us disable them. I am aware that its risky, but I am also aware that it is really and incredibly tough to exploit. There are fixes for it on just about everything, not just our own PCs. I monitor the tech world news everyday, and if an outbreak happens, I will find out about it and simply re enable the fixes. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted June 15, 2019 Author Share Posted June 15, 2019 I did a Clean install of Windows 1903 recently (primarily because I wanted new features in Windows 10 which you only get if you do a clean installation, like Reserved Storage), and it has the Retpoline (better optimised fixes for Spectre & Meltdown) suite of microcode on boot fixes included, Steve Gibsons InSpectre shows this machine is protected .. So keeping up with developments and using old links for fixes is no longer necessary if your windows 10 is up to date. The rollout of 1903 was staggered, to ensure compatibility with all the computer variations of hardware, so some machines may not have updated to 1903 yet. I prompted it to happen by using Windows Media Creation Tool to do the clean installation. Retpoline was included in a cumulative update for Win 10 1809 too, which also proved to fix all Spectre & Meltdown, but that update was a bit buggy. Anyway glad they finally got on top of this. Link to comment Share on other sites More sharing options...
DayDreamer Posted June 20, 2019 Share Posted June 20, 2019 Yeah, but there are Spectre variants that have no software fix. A few months ago, I watched a demo where they could run OpenSSH between two processors, it was so fast and effective. There are even BTB exploits that can bypass the new compiler directives that mitigate the other exploits (just saw a presentation on Tuesday). SPOILER makes the attacks even faster, and can run in driveby Javascript. Still, we are all thankful to Gibson and his many utilities over the years. I still regularly use his password generators. Link to comment Share on other sites More sharing options...
alt3rn1ty Posted July 15, 2019 Author Share Posted July 15, 2019 On 6/20/2019 at 2:25 PM, DayDreamer said: Yeah, but there are Spectre variants that have no software fix. A few months ago, I watched a demo where they could run OpenSSH between two processors, it was so fast and effective. There are even BTB exploits that can bypass the new compiler directives that mitigate the other exploits (just saw a presentation on Tuesday). SPOILER makes the attacks even faster, and can run in driveby Javascript. Still, we are all thankful to Gibson and his many utilities over the years. I still regularly use his password generators. Godz, I hope this cat n mouse stops eventually. Companies are doing their level best to mitigate issues and then another bad penny turns up. I just got a new Dell laptop (with a Geforce GTX 1050 TI), did a clean install with win 10 1903 (the pre-installed win 10 had issues trying to update .. probably due to the pre-installed "helpfull" apps manufacturers install), then grabbed all the necessary custom drivers from the offical support site including firmware updates to the BIOS .. .. Without doing anything else, InSpectre reports the machine is completely protected : I guess the immediate BIOS update, and 1903 clean install also includes all fixes to date including at boot microcode fixes, has my back without having to do anything else .. Time will tell. Steve is deeply immersed in doing the final spec for SQRL just now, and has said the most important next thing on the agenda is a long overdue update to Spinrite. Whether InSpectre needs any updates to catch up with recent developments I dont know. He does keep well informed in Security matters anyway, so I would imagine if there was anything concerning he would update it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now