New CPU vulnerabilities found: Intel's DOWNFALL and AMD's INCEPTION

[leadeater]

21 minutes ago, _StrikE_ said:

but none where as hard as Kaby & Skylake by basically killing of TSX (and the main reason i bought Skylake in the first place), in hindsight of that i believe having an overclockable 4790k would have given me more performance gains then my current i7 6700 due to... you know... overclocking it.

What are you using that actually makes use of TSX? Unless it's databases and network stack related then TSX pretty much isn't used much, games certainly do not use it, aside from emulators.

 

21 minutes ago, _StrikE_ said:

microshi... demands for windows 11 are down right ridiculous and i'd rather stay away from some of the newer games then to accept some of their down right ridiculous requirements which make no sense

None of the Windows 11 OEM system builder requirements for the Windows 11 logo are requirements for Windows 11. Windows 11 will install on your current system as is no changes to anything there. Has to be a new install not an upgrade, upgrades to Windows 11 are not supported/allow without the system recommendations since there is no real safe way to know issues will not happen.

[wanderingfool2]

4 hours ago, leadeater said:

What are you using that actually makes use of TSX? Unless it's databases and network stack related then TSX pretty much isn't used much, games certainly do not use it, aside from emulators.

Emulation of the modern consoles I think utilizes the TSX sometimes...not sure if they optimized the code enough to still utilize it though

[leadeater]

22 minutes ago, _StrikE_ said:

I'm sorry but i do not understand or better said i'm rather confused of what your trying to say here.

The listed system specifications are requirements are for companies like Dell and HP and you must meet them to be able to have the Windows 11 logo on the system and retail packaging. Those "minimum specifications" are not the actual requirements to be able to install Windows 11.

 

There is a difference between a Windows 11 Ready/Complaint system and the actual requirements for it to install, Microsoft only states the first not the second publicly because that's what they want, note want not what is required.

 

22 minutes ago, _StrikE_ said:

if windows 11 gains traction on enough systems to dominate the pc "ecosystem" as windows 10 did, what's to stop them from pulling the plug at one point and make it impossible for unsupported systems to work ?

That would never happen since such an update would not meet the requirements to install, you'd just be orphaned on an old build of Windows 11 and nothing more than that. Also won't happen anyway.

 

22 minutes ago, _StrikE_ said:

I honestly think that is a dangerous mindset to have

There is nothing dangerous about it. Exactly zero features of Windows 11 make use of TPM or any other hardware features by default. All the ones that can or do are not enabled and likely won't be changed to default during the lifecycle of Windows 11. Much of them are only relevant to enterprise network and have no real purpose in the home setting and the other ones have performance impacts that are not mitigated by any current hardware which is why they are off by default.

 

Windows 11 started as a major build update of Windows 10, then got changed to Windows 11 mostly for branding reasons. Windows 11 is Windows 10 running newer kernel builds and branch with only a few things not put in to Windows 10 and not because they can't be but because Microsoft doesn't want to, like the new Thread Director for Alder Lake and newer Intel hybrid CPUs.

 

Also Windows 11 Embedded (now called IoT) does not require TPM etc either. There are official Windows 11 versions that do not require or list TPM etc as requirements.

 

Quote

Trusted Platform Module (TPM)    While TPM requirements are highly encouraged for Windows 10 IoT Enterprise, it isn't required. The use of a TPM for Windows 10 IoT Enterprise devices is determined based on the usage and security requirements of each device. For additional information about TPM, see TPM Requirements, Trusted Platform Module Technology Overview, and TPM Recommendations

https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/hardware/hardware_requirements

 

This does also apply to Windows 11 IoT as well.

 

So like I said, you could run Windows 11 on your system right now with no issues and that won't change under Windows 11.

[ImorallySourcedElectrons]

On 8/8/2023 at 11:32 PM, porina said:

Watching with interest. Will have to flag it on some other forums where AVX heavy software is often used, although I don't know if they make heavy use of GATHER instructions. The do use a ton of FMAs though, but how does the data get picked up?

Gather is quite "meh" from a performance perspective, it's improved with more recent compilers and CPU architectures, but it's often just more efficient to reorganize the memory by applying some tricks if you're going to be handcrafting AVX code.

 

On 8/11/2023 at 5:24 PM, StDragon said:

Exploiting the function of speculative execution was really a flaw in the paradigm of computing science; the philosophy if you will. This exploit transcended all sorts of CPU make/models that it required a complete re-evaluation of how to better secure data on the CPU being processed in-flight. Yes, even ARM architecture was effected.

 

This was so bad that Theo de Raadt said to just out-right disable Hyper-Treading. He was spot-on. It was like taking a sledge-hammer to the CPU functionality, but it was a safe catch-all in mitigation at the time (in 2018, not sure now). Even VMWare and other vendors recommended to disable HT for their hypervisors too.

I think it really demonstrated a communication gap between the hardware and software folks, the potential vulnerability there was quite evident from a hardware side, but the software (e.g., operating system) was implemented in such a way that it became quite vulnerable to it.

[Alex Atkin UK]

On 8/10/2023 at 2:42 PM, Kisai said:

you could probably use the side channel attack to grab the keys and capture the entire network activity of watching the video, and then just decrypt the entire thing again to get the data. Not terribly useful when it's usually just easier to go buy the BD and rip that instead.

I only wish it was that simple, the amount of content on streaming services available on physical media is a minority these days.

[Zodiark1593]

5 hours ago, Alex Atkin UK said:

I only wish it was that simple, the amount of content on streaming services available on physical media is a minority these days.

Not to mention the latest physical media standard is literally dead on PC. 

[leadeater]

4 hours ago, _StrikE_ said:

The Embedded/IoT versions of windows are not for the general consumer/home users, getting a license as a home user was basically considered a grey area at most with Windows 10 LTSC/IoT and its the same with 11, those versions are strictly for bussinesses and institutions, not available to the general public. 

Windows is Windows, they are all the same with just a flag to tell it what edition to be. Yes those are not for home usage but they are the same OS, the only TPM requirement to install Windows 11 at all is 1.2 and that exists on anything back to 2013, at least Intel anyway. I forget when AMD added TPM 1.2 as fTPM but they weren't exactly relevant back then heh.

 

Point is while Microsoft is publishing official support pages on how to disable TPM check and allowing Point of Sales vendors to have Windows 11 compliance that are different to the main advertised requirements nothing in Windows 11 is going to change that will create problems with usage.

 

Your fear just isn't really founded, same with those that say Apple is going to do XYZ but never actually do.

 

Secured Core PC, VBS, HVCI are the newer security features that actually require these new hardware platforms (either outright or to not cripple performance) but they are all optional and off by default and no plans within Windows 11 lifecycle to change that. They also are supported and can be used in Windows 10.

 

And you'll never get official support from Microsoft, companies simply do not go back and validate hardware that isn't supported by the hardware vendor. Were you aware that Intel 6th Gen isn't actually officially supported in Windows 10 22H2? Last supported Windows version was Windows 10 21H2.

[ImorallySourcedElectrons]

5 hours ago, leadeater said:

Windows is Windows, they are all the same with just a flag to tell it what edition to be. Yes those are not for home usage but they are the same OS, the only TPM requirement to install Windows 11 at all is 1.2 and that exists on anything back to 2013, at least Intel anyway. I forget when AMD added TPM 1.2 as fTPM but they weren't exactly relevant back then heh.

 

Point is while Microsoft is publishing official support pages on how to disable TPM check and allowing Point of Sales vendors to have Windows 11 compliance that are different to the main advertised requirements nothing in Windows 11 is going to change that will create problems with usage.

 

Your fear just isn't really founded, same with those that say Apple is going to do XYZ but never actually do.

 

Secured Core PC, VBS, HVCI are the newer security features that actually require these new hardware platforms (either outright or to not cripple performance) but they are all optional and off by default and no plans within Windows 11 lifecycle to change that. They also are supported and can be used in Windows 10.

 

And you'll never get official support from Microsoft, companies simply do not go back and validate hardware that isn't supported by the hardware vendor. Were you aware that Intel 6th Gen isn't actually officially supported in Windows 10 22H2? Last supported Windows version was Windows 10 21H2.

What I find especially crazy about all of this is that TPMs aren't actually all that secure, and it's an issue that's frequently ignored.

 

Folks often use the debit/credit/smart card analogy when referring to TPMs, but the key factor there is that these card are only brought into the equation when authorization is required. To avoid getting into the gritty details, you insert your card into the payment terminal, you enter your authorization code, and the chip on the card is now able to encode/decode a "challenge" to verify who it is or to underwrite some form of transaction or data. The moment you pull that card out, the terminal loses the ability to provide that service to a third party. So the terminal can only perform transactions as long as the card is present and if it knows your "key to the kingdom", and it could potentially remember the key but it'll never be able to get a hold of the secret inside the card.

 

Meanwhile, the TPM is always present, and there's no real ability to safeguard said key. And while I might not be able to extract whatever secret the TPM is holding onto, I could in principle just use it directly from within malicious software to replicate its intended functionality, and the safeguards protecting against such usage are the same as if you didn't have a TPM in place. So it's main functionality is pretty much limited to identifying a specific device, and it's not actually able to provide security against malicious actors beyond that. So I find the current banking apps that rely on the presence of a TPM in phones to be horribly insecure, and there have been multiple attacks against such applications already.

 

Hence why I've been of the opinion that the TPMs being made mandatory was primarily done for two reasons:

• Mobile platforms that require eSIMs, which is part of Microsoft's push onto the phone and tablet market again,
• It's pretty damn useful for DRM and restricting Windows licenses to a single computer/motherboard.

If you want security, you need physically disconnected 2FA, and anything else is just a façade.

[leadeater]

1 hour ago, ImorallySourcedElectrons said:

If you want security, you need physically disconnected 2FA, and anything else is just a façade.

I like the use cases for TPM for things like certificate private key storage, instead of inside the OS. It's actually a good place to keep private keys and stuff like that. But TPM isn't nearly as secure, or at least more easy to exploit currently, than Microsoft Pluton (Enterprise edition only so useless for the common person).

 

Personally I prefer methods that prevent malware executing in the first place or preventing them from breaking in to anything actually useful like VBS/HVCI etc but those shouldn't really be used on anything less than Intel 8th Gen or AMD Ryzen 3000 (Zen2 specifically). Can't remember which editions support theses, I think it's been brought down to less editions, not sure.

 

What I don't like about fTPM is that when there is some stupid problem the only way to fix it is usually wipe/reset TPM which is pretty damn useless.

[StDragon]

10 hours ago, leadeater said:

Secured Core PC, VBS, HVCI are the newer security features that actually require these new hardware platforms (either outright or to not cripple performance) but they are all optional and off by default and no plans within Windows 11 lifecycle to change that. They also are supported and can be used in Windows 10.

HVCI (aka Memory Integrity), Local Security Authority (LSA) protection, including Kernel-Mode Hardware-enforced Stack Protection that supersedes it, are not enabled by default. However, at least with a fresh install of Windows 11, eventually there will be a suggestion in Windows Security to enable Memory Integrity.

With a Win11 upgrade from 10, often there will be an unsigned driver that prevents these features from being enabled. If you know how to unregister and remove conflicting drivers, you can enable all applicable VBS features on an upgraded Win11 PC, but it's not a simple task your average user will perform.

[StDragon]

5 hours ago, ImorallySourcedElectrons said:

...TPM is always present, and there's no real ability to safeguard said key. And while I might not be able to extract whatever secret the TPM is holding onto, I could in principle just use it directly from within malicious software to replicate its intended functionality, and the safeguards protecting against such usage are the same as if you didn't have a TPM in place. So it's main functionality is pretty much limited to identifying a specific device, and it's not actually able to provide security against malicious actors beyond that.

 

Hence why I've been of the opinion that the TPMs being made mandatory was primarily done for two reasons:

• Mobile platforms that require eSIMs, which is part of Microsoft's push onto the phone and tablet market again,
• It's pretty damn useful for DRM and restricting Windows licenses to a single computer/motherboard.

If you want security, you need physically disconnected 2FA, and anything else is just a façade.

 

The TPM, or fTPM was never a true "secure enclave" in the way Apple has it implemented. As such TPM info can be extracted under certain exploitive conditions. The answer and successor to the TPM will be Microsoft Pluton. It's basically a dedicated security processor on the x86 die. Effectively Microsoft sovereign territory (like an embassy) on Intel/AMD die real-estate.
 

As for the TPM, you're missing a 3rd important function; BitLocker. Without someplace secure to store the keys, BitLocker would otherwise be asking for the recovery key at every reboot. That's why a TPM is required for BitLocker encryption to maintain normal everyday functionality as to be transparent to the end-user. And let me tell you, all businesses with a competent IT director / manager will have mandated BitLocker on every mobile device that leaves the office. In some situations, even desktops get BitLocker-ed to prevent intellectual property and PII from literally waking out the door unaccounted for. 

[leadeater]

1 hour ago, StDragon said:

HVCI (aka Memory Integrity), Local Security Authority (LSA) protection, including Kernel-Mode Hardware-enforced Stack Protection that supersedes it, are not enabled by default. However, at least with a fresh install of Windows 11, eventually there will be a suggestion in Windows Security to enable Memory Integrity.

Yep but Microsoft has officially stated there are no plans to change Windows 11 to having any of these as default to on. They do however ask OEM/ODM vendors to validate new systems for these features and have them enabled by default, but it's not actually a requirement either. So the only time it would be on by default is on a new Dell/HP/Lenovo etc system.

[leadeater]

3 hours ago, _StrikE_ said:

So ? Does that make you happy or something ? In all honesty that list is pretty sketchy to begin with, it seems more to me that microsh... does not know how to differentiate between "tested cpu list"  and "supported cpu list" considering it lists the i7-5775C and most Xeon Skylakes CPUs (among other older models)...

Nope it just doesn't make the argument over Windows 11 valid since it's not any different to before. And it also happened with Windows 7 over time with SP updates. Microsoft simply don't keep validating every generation of CPU. If it's officially supported then it was tested.

 

As for CPUs like the i7-5775C that's Broadwell architecture which kept hardware support from Intel for longer and it's also present in many ODM/OEM systems that also featured longer support, so Microsoft likely had a reason to test it since someone was asking for it unlike standard S series desktop CPUs.

 

And Xeon Skylake isn't anything like desktop Skylake, they came out at very different times and have very different architectures.

 

3 hours ago, _StrikE_ said:

Windows may be Windows, but licenses are indeed different and that's what where are talking about

No that is not what we are talking about. You are raising fears like Microsoft could do XYZ thing and this is a new fear with just Windows 11 yet this "issue" of hardware not being officially supported yet it's been happening since forever ago, further back than just Windows 10 or 8, and Microsoft is not and will not be maintaining a different "Windows 11" for IoT edition or any of the other editions so they are not going to break Windows 11 in the way you are saying, it will not happen. As much as you dislike Microsoft for whatever reason you hold there are just some things that will not happen and one of those is installing Windows 11 on a 6th Gen CPU and then it just stopping booting one day.

 

So no your point does not stand for what you are saying, licenses aren't relevant here since, they don't change Windows 11 at all.

 

You've had 2 years for Microsoft to break Windows 10 on Intel 6th Gen, has it happened? No, will it happen? No. Will it happen on Windows 11? Also no. Windows 12? Who knows, we can address that when it exists or is announced.

 

And even if you disagree in any way to what I am saying, which you are of course free to do, you need to apply everything equally to Windows 10 and not treat Windows 11 as being unique since they both live in the same situation.

 

3 hours ago, _StrikE_ said:

Not to mention that this has nothing to do with the discussion at hand, which is assurance for people with older hardware, older hardware that to this days still performs great.

As above it has everything to do with the decision, it has the most to do with it. Windows 10 current build does not support 6th Gen. Windows 11 does not support 6th Gen. Windows 10 as it got build updates dropped official hardware support. Your concerns cannot and must not be pointed only at Windows 11.

 

You personally with your 6th Gen CPU have as much assurance with Windows 10 as you do with Windows 11, you are not officially supported. How much you actually care about that is up to you.

 

And anyway, actual historical evidence for such things is that Microsoft is a very slow burn company. Just look at how long it took for 16bit app support to actually get removed.

[Mark Kaine]

On 8/11/2023 at 7:52 PM, Radium_Angel said:

Oh I'm aware I was "affected" by Spectre, just not by the latest batch of mess because I run an old CPU (or pair, to be accurate)

almost everyone was... kinda none issue,  tested on weak i5 laptop and my then r5 3600 desktop,  difference in performance with / without the patches was maybe 1%, almost none existent.  

[ImorallySourcedElectrons]

4 hours ago, StDragon said:

 

The TPM, or fTPM was never a true "secure enclave" in the way Apple has it implemented. As such TPM info can be extracted under certain exploitive conditions. The answer and successor to the TPM will be Microsoft Pluton. It's basically a dedicated security processor on the x86 die. Effectively Microsoft sovereign territory (like an embassy) on Intel/AMD die real-estate.
 

As for the TPM, you're missing a 3rd important function; BitLocker. Without someplace secure to store the keys, BitLocker would otherwise be asking for the recovery key at every reboot. That's why a TPM is required for BitLocker encryption to maintain normal everyday functionality as to be transparent to the end-user. And let me tell you, all businesses with a competent IT director / manager will have mandated BitLocker on every mobile device that leaves the office. In some situations, even desktops get BitLocker-ed to prevent intellectual property and PII from literally waking out the door unaccounted for. 

That does not actually address the type of vulnerability I'm talking about, it's a fundamental flaw with the concept of the TPM and not even Pluton will solve that, nor does Apple's "wonder solution". If you can access the TPM (or whatever you wish to call it) from within code, and I can run my own custom code on that hardware, then by definition it's not secure unless if there's a possibility to physically disconnect it. The only thing it can possibly help with is identifying that an operation came from a specific device, and even there you got a serious security issue once I can start running code on the system.

 

And bitlocker falls under the restricting access to/identifying a single computer, but the reality is that it's at best a defence against an occasional thief. Anyone serious about corporate espionage will easily bypass the TPM with the variety of exploits available. You cannot secure hardware through hardware or software design, at best you can make it slightly more difficult to implement the attack unless if you go to extreme ends (see the classic PoS payment terminals rolled out in most European countries). Security through custom hardware has been proposed countless times over the past thirty years, and every single time it fails once there's a big enough party interested in defeating it.

[StDragon]

28 minutes ago, ImorallySourcedElectrons said:

That does not actually address the type of vulnerability I'm talking about, it's a fundamental flaw with the concept of the TPM and not even Pluton will solve that, nor does Apple's "wonder solution". If you can access the TPM (or whatever you wish to call it) from within code, and I can run my own custom code on that hardware, then by definition it's not secure unless if there's a possibility to physically disconnect it. The only thing it can possibly help with is identifying that an operation came from a specific device, and even there you got a serious security issue once I can start running code on the system.

TPM is about hardware attestation and acting as a lockbox for keys; that's fundamentally it. 

 

It's not easily exploitable, specifically Apple's secure enclave. Only in certain edge-cases can it be, but that's a rare exception to the rule. No one is saying TPM on its own is a perfect solution, but it's far better to have it than not.

[leadeater]

5 hours ago, _StrikE_ said:

First of your wrong here:

 

i7-5775C official support until: Wednesday, June 30, 2021 

I have already checked the dates and I know when that CPU was ended by Intel. However like I said the Broadwell architecture itself was under support from Intel (June 30, 2022), not this CPU itself, and it's also likely that this CPU is being used in systems that had support from that vendor longer than the support period by Intel. There could be many reasons as to why this CPU is on the officially supported list and if it's on there then Microsoft did actually validate on that CPU.

 

Broadwell-S, Broadwell-E, Broadwell-EP, Broadwell-EX etc are all the same microarchitecture where as Skylake-S and Skylake-SP are not.

 

And FYI I still have HPE servers with Broadwell CPUs under support still from HPE.

 

5 hours ago, _StrikE_ said:

Also actually from what i researched a while back looking up the i7-5775C for some personal research it didn't seem to me to be nearly as used as much as  you said, and i don't think it doesn't even come close to how much  an i7 6700 was used in systems, if usuability was a main criteria, there's a lot of other processors that needed to be in front of it

Being present in many ODM/OEM systems and being widely used is not the same thing. i7-5775C like all the Broadwell parts of that generation were not as ubiquitous as other regular product releases but that doesn't mean it's not used in a lot of things, things that might be more important support wise than say MSI gaming laptop. And why it is only about this one CPU model anyway? There are many different SKUs all in that support list.

 

Fanless industrial PCs and Thin clients used these Broadwell generation CPUs and those have really long support lengths and that is done by the vendor not Intel. You don't have to end your support because Intel does.

 

Another very large example would be Apple, obviously not applicable to Windows here but as an example Apple officially supports their products with these CPUs past the date of Intel support (June 30, 2023) and they are not the only one.

 

Having more systems with a particular CPU is not actually the main criteria, it's important but it's not as important as a customer or partner actually asking Microsoft of validate these CPU models. That in my opinion is much more likely to get something on a support list than just having a high quantity of something that is now quite old.

 

5 hours ago, _StrikE_ said:

And this, i really have no idea where you pulled this from, Skylake mainstream processors came in Q3 2015 and Skylake Xeon CPU's came out in Q4 2015

I don't know where you got your dates from or you are looking at Skylake-S Xeon (low end desktop/small workstation class Xeon) since Skylake-SP, the server microarchitecture, was released in 2017.

https://en.wikichip.org/wiki/intel/cores/skylake_sp

 

Just a few examples of how different they are; Skylake-SP moved to Mesh from Ring Bus, had different cache sizes, had AVX512, supported Omni-Path. You can look over wikichip for both if you want but they are very different.

 

5 hours ago, _StrikE_ said:

That's what i said, so please stop it already with the "not booting part".

 

Not booting or not receiving updates it doesn't matter, It changes nothing about what I am saying or what will happen. Microsoft not allowing installation of major version updates for CPUs like Intel 6th Gen is exceedingly low and there is no product development lifecycle plans that would necessitate it either.

 

What I'm saying is it's just not worth worrying about it, it hasn't happened yet with the multitude of opportunities that have existed and multitude of times hardware came off support lists and there is no reason to think that's going to change. Windows 11 got a bad rep at release due to all these installation annoyances and that is literally the only reason people seem to care right now or even look at hardware support lists for Windows down to the level of CPU etc. Did you honestly ever check before?

 

5 hours ago, _StrikE_ said:

In all honesty i'm getting quite tired of this talk alltogheter and regret even sharing my two cents to begin with lets just agree to dissagree, plus the fact that we will not ever see eye to eye on this and be done with it.

Obviously we won't but that doesn't change the fact the you singling out Windows 11 and only Windows 11 as the seemingly potential problem is silly since it exists in Windows 10. That's the entire and whole thing I find odd about what you said, that it's somehow only a problem with Windows 11 and not every Windows version ever.

 

Overall just seems like an excessive amount of fretting over nothing.

[ImorallySourcedElectrons]

5 minutes ago, StDragon said:

TPM is about hardware attestation and acting as a lockbox for keys; that's fundamentally it. 

A job it fails horribly at if you can execute code on the same platform. Proxy attacks on this have happened already to attack banking applications.

 

6 minutes ago, StDragon said:

It's not easily exploitable, specifically Apple's secure enclave. Only in certain edge-cases can it be, but that's a rare exception to the rule. No one is saying TPM on its own is a perfect solution, but it's far better to have it than not.

This is exactly what I mean by the software community not understanding what hardware security actually entails. If the key is physically present, you can extract it. Most TPMs and SEs on the market today are quite vulnerable to powerline attacks, and that's without getting into how vulnerable cryptography becomes if you can play around and choose what it encrypts or signs, it significantly reduces the complexity of the mathematical problem it's based on in most instances. And Apple needs to get off its high horse, several flaws were already found in M1 and M2.

 

Just to be clear, for most widely deployed TPMs currently in use there are already exploits which dump all the supposedly inaccessible data and enable software emulation. And even if someone sets out to make an undefeatable security chip, it gets defeated quite quickly if random code execution is possible on the same system; So unless if you plan to lockdown computers entirely and only allow signed software by Microsoft and Apple to run, consider the TPM exploited and a minor roadblock at best. This has been going on since that entire clipper chip debacle, and until folks finally realise that the only thing that works is air gapping and controlling physical access, we're just going to roll from bad solution to bad solution.

[StDragon]

24 minutes ago, ImorallySourcedElectrons said:

until folks finally realise that the only thing that works is air gapping and controlling physical access, we're just going to roll from bad solution to bad solution.

I get it, there's AI now being used to fuzz test HW and software to identify exploits. Security and exploitation has always been a cat-and-mouse game, but here we are, and I don't see that changing at all. Well, not unless we go back to pen, paper, and store them into a iron vaulted fireproof safe.

As for Microsoft, they're already in the process of rewriting core code with Rust. I'll just leave it here with the following video. 
 

 

[ImorallySourcedElectrons]

On 8/14/2023 at 12:43 AM, StDragon said:

I get it, there's AI now being used to fuzz test HW and software to identify exploits. Security and exploitation has always been a cat-and-mouse game, but here we are, and I don't see that changing at all. Well, not unless we go back to pen, paper, and store them into a iron vaulted fireproof safe.

As for Microsoft, they're already in the process of rewriting core code with Rust. I'll just leave it here with the following video. 
 

I don't think AI has anything to do with it, it's just that there's no way to really establish a chain of trust if you don't have physical control over the device and if it can execute random code. And that's without getting into the issue that many of the current generation TPMs/SEs/... are flawed by fundamental design.

 

But what's funny is how this returns every couple of years since the 90s clipper chip debacle. Though that one remains possibly the most hilarious one.

[Agall]

I'm assuming it would be a good idea to perform BIOS updates on externally facing IIS servers with affected Xeon chips?

 

Asking for a friend  

[ImorallySourcedElectrons]

2 minutes ago, Agall said:

I'm assuming it would be a good idea to perform BIOS updates on externally facing IIS servers with affected Xeon chips?

 

Asking for a friend  

I'd imagine if they get to the point where they can do code execution you've already got other problems going on  

[Agall]

4 minutes ago, ImorallySourcedElectrons said:

I'd imagine if they get to the point where they can do code execution you've already got other problems going on  

Zero days happen, ideally one VM isn't able to jump to another VM, especially if this vulnerability is applicable in such a way. I'm just confirming with Dell to see if that's the case and how they're defining what servers are affected and what the resolution is.

 

I'm seeing at least one machine with a 08AUG2023 BIOS update available, but nothing mentioning CVE-2022-40982.

[ImorallySourcedElectrons]

9 hours ago, Agall said:

Zero days happen, ideally one VM isn't able to jump to another VM, especially if this vulnerability is applicable in such a way. I'm just confirming with Dell to see if that's the case and how they're defining what servers are affected and what the resolution is.

 

I'm seeing at least one machine with a 08AUG2023 BIOS update available, but nothing mentioning CVE-2022-40982.

Ideally, yes. But in practice I have yet to see a typical virtualisation setup configured correctly to prevent privilege escalation. Then again, proper virtualisation would potentially stop this attack from occurring, it really depends on how it ticks.

[Agall]

6 hours ago, ImorallySourcedElectrons said:

Ideally, yes. But in practice I have yet to see a typical virtualisation setup configured correctly to prevent privilege escalation. Then again, proper virtualisation would potentially stop this attack from occurring, it really depends on how it ticks.

Its also supposedly been a known vulnerability for a year, so the OEMs have had time to patch this. Dell basically told me just to have the newest version of firmware and we "should be good".

 

We're not hosting and remotely accessible virtual machines that would otherwise spell issue for this specifically, and my colleague agreed with your previous statement.

16 hours ago, ImorallySourcedElectrons said:

I'd imagine if they get to the point where they can do code execution you've already got other problems going on