Intel rolls out new batch of Spectre/Meltdown microcode updates and this time, no bricking side effects

[captain_to_fire]

This is the first time I made a thread with my phone just like @NumLock21 while traveling so I hope I don’t butcher it. ??

 

Sources: PC Gamer, Intel

 

Quote

 

Intel has begun shipping microcode updates to its OEM partners to deal with Spectre and Meltdown, and presumably they don't come with the unwanted side effect of bricking PCs or random reboots.

 

That hasn't always been the case since Spectre and Meltdown erupted onto the scene. Intel's first attempt at patching the problem caused some systems to reboot unexpectedly, while Microsoft's own efforts to mitigate the threats resulted in some older AMD PCs refusing to bootaltogether.

As it pertains to Intel, the company advised its partners and customers to stop installing the problematic firmware, then it began dishing out out beta firmware. Testing on the updated code is now complete and apparently good to go.

 

The new firmware updates apply to Intel's 6th, 7th, and 8th generation Core product lines, otherwise known as Skylake, Kaby Lake, and Coffee Lake. They also apply to Intel's Core X series (Kaby Lake-X and Skylake-X), along with its recently announced Xeon Scalable and Xeon D processors for datacenters.

 

This is a response to the problematic Spectre v2 patch that prompted Microsoft to push a roll back update which now Intel managed to fix and hopefully no boot loops or bricked PCs but it’s available only to Skylake up to Coffee Lake. Sandy Bridge up to Broadwell may have to wait as those updates are currently in beta.  Given how NVIDIA and Princeton University managed to make a working exploit leveraging Spectre and Meltdown vulnerabilities it’s a good idea to update your computers. Also, make sure your anti-virus programs are up to date and is expressing the proper registry keys because that’s the only time the update installation will proceed. As it turns out, some AV programs like Bitdefender and McAfee are circumventing Windows 10’s built in rootkit protection named “kernel patch protection” which makes it harder for the those AV companies to certify compatibility. Windows Defender, ESET, and Kaspersky and others as it turns out do not mess with Windows 10’s security feature that’s why they where they’re te first ones certified for compatibility. [link I used to have but currently unavailable because I’m only with my phone]

 

found it: https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/

Quote

Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key,” Microsoft said in a Jan. 3 security bulletin.

Of the top 39 affected AV vendors, 22 have not confirmed they have added the registry key, according to a running list maintained by security researcher Kevin Beaumont. last updated Jan. 8. (see full list below)

Beaumont notes that many of the Microsoft patches put on hold include important security fixes, such as patches for SMB server.

“The main thing to know is the January patches, and currently all future security patches, will not install unless antivirus vendors take action — and some don’t want to or feel they cannot,” Beaumont wrote in a post Monday.

The problem, he describes, is that some anti-virus vendors are using a technique to bypass “Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes.”

 

Edited February 22, 2018 by hey_yo_

[Guest]

When the fix is more dangerous than the problem.... sigh.

[NoxiousOdor]

This makes me thankful that my xeons are old enough for no one to care about fixing them. I am happy with my performance and the chances of anyone who is qualified to use the MD/Sp exploits hacking my system is small and if they wanted to hack into my system something like this wouldn't stop them anyway

 

 

Edit: I forgot a thought

Edited February 22, 2018 by WhisperingKnickers
typo

[WMGroomAK]

Sad when you now have to make a decision on risking a firmware patch over a potential hardware exploit...  I might give this firmware patch some time before installing just to be extra sure there are no little bugs that will pop up unexpectedly. 

[captain_to_fire]

Just now, Pangea2017 said:

I still want a killswitch for this meltdown fix. It have destroyed the performance of one of my programms.

The microcode patches are I think turned off by default with Windows Server OS. I’m not sure, maybe @leadeater can answer. 

[Blademaster91]

2 minutes ago, WMGroomAK said:

Sad when you now have to make a decision on risking a firmware patch over a potential hardware exploit...  I might give this firmware patch some time before installing just to be extra sure there are no little bugs that will pop up unexpectedly. 

More sad that Windows doesn't give you choice if you want the patch or not, if this patch has the same performance impact.

[captain_to_fire]

7 minutes ago, WMGroomAK said:

Sad when you now have to make a decision on risking a firmware patch over a potential hardware exploit...  I might give this firmware patch some time before installing just to be extra sure there are no little bugs that will pop up unexpectedly. 

Microsoft will roll this out in waves amd only Skylake and above will receive it at the moment. 

1 minute ago, Pangea2017 said:

But i can not disable this page table copy. Which is/were debated for linux.

That I do not know 

[leadeater]

13 minutes ago, Blademaster91 said:

More sad that Windows doesn't give you choice if you want the patch or not, if this patch has the same performance impact.

Same reg keys can be used on Windows desktop, just set them to the disabled state. I will say though it should not be required it has VERY little impact on a desktop