More Intel leaks.. this one is not good though

[NumLock21]

15 minutes ago, jagdtigger said:

Many things that turned out to be true were labeled as tinfoil hat theory so you(and others too) shouldn't throw it around so easily...

Such as?

[jagdtigger]

Just now, NumLock21 said:

Such as?

Read snowden leaks for one...

[NumLock21]

6 minutes ago, jagdtigger said:

Read snowden leaks for one...

This topic is on meltdown and spectre. What does this have to do with snowden?

[jagdtigger]

3 minutes ago, NumLock21 said:

This topic is on meltdown and spectre. What does this have to do with snowden?

Re read you own post and my response:

36 minutes ago, NumLock21 said:

Tin foil hat level over 9000!

 

31 minutes ago, jagdtigger said:

Many things that turned out to be true were labeled as tinfoil hat theory so you(and others too) shouldn't throw it around so easily...

 

14 minutes ago, NumLock21 said:

Such as?

 

13 minutes ago, jagdtigger said:

Read snowden leaks for one...

 

[NumLock21]

1 minute ago, jagdtigger said:

Re read you own post and my response:L

 

The update show no degrade in performance.

[jagdtigger]

1 minute ago, NumLock21 said:

The update show no degrade in performance.

At least not in the tested use cases...

[Stefan Payne]

25 minutes ago, LAwLz said:

Can you please give a summary? We already know that Intel, AMD and ARM got info about these exploits in June 2017.

No, its longer than that...

There is a Black Hat Paper from August 2016 about a similar issue. 

https://technet.microsoft.com/en-us/mt767986.aspx?tduid=(bf6d346b2ff447e6deea8dd6544f5401)(81561)(686431)(at102920_a107739_m1_p3564_t1117_cDE)()

Breaking Kernel Address Space Layout Randomization with Intel TSX 
Yeongjin Jang, Sangho Lee, and Taesoo Kim
Georgia Institute of Technology, August 3, 2016

 

And what the guy is talking about was that Intel had a huge interest on one of their projects they were working on (the KAISER patch). That seemed strange to them and they looked deeper into the issue.

[trekkie1701c]

11 hours ago, NumLock21 said:

Okay I ran some CB15 on my desktop this time and here are the results. What I first did was unplug from the internet so that windows does not automatically download and install that update. I ran it 3 times before the update and 3 times after. Scores are in the order they are run at from 1st run to 3rd run. The update I've installed was the Delta update. With that update installed, windows will not accept the cumulative update, says "it's already installed on this computer".

 

OpenGL, Multicore, Singlecore

 

Before update

99.43,106.9,150 / 99.8,1073,149 / 99.8, 1074, 149

 

After update

101.64, 1070,148 / 100.50, 1078, 149, / 100.19, 1075,148

 

 

 

I'm showing similar in 3DMark:  https://www.3dmark.com/compare/spy/2931839/spy/3075672#

 

Granted, not the best benchmarking tool but it's what I have pre-patch data for.

 

12 hours ago, Zmax said:

Anyone have the patch number. I think I have it and I do not see any degradation of performance

 

Of course my games are very low user of the CPU so no big deal. 

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 If you have Windows 10

 

https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894  Is what I think you need for Win 7

 

You'll also want to check with your computer or motherboard manufacturer for a BIOS update.

 

Once done take a look here to make sure you've been fully patched: https://www.reddit.com/r/sysadmin/comments/7o2bxw/powershell_script_to_check_against_speculative/

 

[luigi90210]

5 hours ago, LAwLz said:

[Citation Needed]

I've seen this get reported a few times now but nobody has been able to provide me with a source, leading me to believe it's some misinformation being spread.

 

[Citation Needed] for Spectre being patched already. From what I have seen and heard, only Meltdown is patched at the time of writing.

Source for #1 where I heard that was Jayztwocents in his video and I think he heard it from industry insiders I would have to watch his video on it again but he does mention that iirc. 

 

Source for #2 would be the Microsoft patch that was released. Meltdown isn't patched until Intel releases the microcode updates that work in conjunction with the windows update and that isn't being released until the 9th(so all the performance tests people are doing is useless). Spectre is patched afaik with the same patch. A lot of news sources are advising people about their AV blocking that patch and to allow it because it patches Spectre 

[luigi90210]

5 hours ago, Stefan Payne said:

No, its longer than that...

There is a Black Hat Paper from August 2016 about a similar issue. 

https://technet.microsoft.com/en-us/mt767986.aspx?tduid=(bf6d346b2ff447e6deea8dd6544f5401)(81561)(686431)(at102920_a107739_m1_p3564_t1117_cDE)()

Breaking Kernel Address Space Layout Randomization with Intel TSX 
Yeongjin Jang, Sangho Lee, and Taesoo Kim
Georgia Institute of Technology, August 3, 2016

 

And what the guy is talking about was that Intel had a huge interest on one of their projects they were working on (the KAISER patch). That seemed strange to them and they looked deeper into the issue.

This kind of exploit was talked about during REcon14 so it's been talked about in public space since at least 2014

[leadeater]

5 hours ago, Stefan Payne said:

No, its longer than that...

There is a Black Hat Paper from August 2016 about a similar issue. 

https://technet.microsoft.com/en-us/mt767986.aspx?tduid=(bf6d346b2ff447e6deea8dd6544f5401)(81561)(686431)(at102920_a107739_m1_p3564_t1117_cDE)()

Breaking Kernel Address Space Layout Randomization with Intel TSX 
Yeongjin Jang, Sangho Lee, and Taesoo Kim
Georgia Institute of Technology, August 3, 2016

 

And what the guy is talking about was that Intel had a huge interest on one of their projects they were working on (the KAISER patch). That seemed strange to them and they looked deeper into the issue.

The suspicion about Meltdown and Spectre type attacks has been around for a long time but no one has been able to do it, this was the first successful attempt not the first attempt. Research usually leads other people to look in to similar but different aspects of it as information is uncovered and more ideas are formed. The linked exploit had to do with TSX but there are similarities, I think what Intel was concerned about was both that exploit but also the broader concept of a TLB side channel attack because if it can be done with TSX maybe it can be done another way.

[leadeater]

17 minutes ago, luigi90210 said:

Source for #2 would be the Microsoft patch that was released. Meltdown isn't patched until Intel releases the microcode updates that work in conjunction with the windows update and that isn't being released until the 9th(so all the performance tests people are doing is useless). Spectre is patched afaik with the same patch. A lot of news sources are advising people about their AV blocking that patch and to allow it because it patches Spectre 

Meltdown is patched in that Windows Update with the performance hit, the microcode update will remove some of the performance loss and maybe increase it in other areas who knows. Some aspects of Spectre is patched in the update but not completely and not all the mitigations are on by default as the have a performance impact.

 

Quote

Enabling protections on the server

---

Customers have to enable mitigations to help protect against speculative execution side-channel vulnerabilities.

Enabling these mitigations may affect performance. The actual performance impact will depend on multiple factors, such as the specific chipset in your physical host and the workloads that are running. Microsoft recommends that customers assess the performance impact for their environment and make necessary adjustments.

Your server is at increased risk if it is in one of the following categories:

• Hyper-V hosts
• Remote Desktop Services Hosts (RDSH)
• For physical hosts or virtual machines that are running untrusted code such as containers or untrusted extensions for database, untrusted web content or workloads that run code that is provided from external sources.

Use these registry keys to enable the mitigations on the server and make sure that the system is restarted for the changes to take effect:

Switch | Registry Settings To enable the fix reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f If this is a Hyper-V host: fully shutdown all Virtual Machines. Restart the server for changes to take effect. To disable this fix reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Restart the server for the changes to take effect. (There is no need to change MinVmVersionForCpuBasedMitigations.)

Note For Hyper-V hosts, live migration between patched and unpatched hosts may fail: See https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/CVE-2017-5715-and-hyper-v-vms for more information.

Verifying that protections are enabled

---

To help customers verify that protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands:

PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or WMF 5.0/5.1)

Install the PowerShell Module PS> Install-Module SpeculationControl Run the PowerShell module to validate the protections are enabled PS> # Save the current execution policy so it can be reset PS> $SaveExecutionPolicy = Get-ExecutionPolicy PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser PS> Import-Module SpeculationControl PS> Get-SpeculationControlSettings PS> # Reset the execution policy to the original state PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

The last bit on the powershell check you can do that on your desktop, that will tell you exactly what has been applied and what protections are in place and if they are software only or hardware.

[luigi90210]

11 minutes ago, leadeater said:

Meltdown is patched in that Windows Update with the performance hit, the microcode update will remove some of the performance loss and maybe increase it in other areas who knows. Some aspects of Spectre is patched in the update but not completely and not all the mitigations are on by default as the have a performance impact.

 

https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

The last bit on the powershell check you can do that on your desktop, that will tell you exactly what has been applied and what protections are in place and if they are software only or hardware.

That's not what I have been hearing. I don't have a source for the claim though as it's been chatted about in the various discord servers I'm in as well as 4chan. 

 

This crap is so confusing with all the information being spread around, you don't know what's true or isn't true. What I'm glad to hear about though from rewatching jayztwocents video is that processors with PCID are less affected than processors without that so Haswell and newer have minimal performance loss. Sucks for older processors though. 

[leadeater]

5 minutes ago, luigi90210 said:

That's not what I have been hearing. I don't have a source for the claim though as it's been chatted about in the various discord servers I'm in as well as 4chan. 

 

This crap is so confusing with all the information being spread around, you don't know what's true or isn't true. What I'm glad to hear about though from rewatching jayztwocents video is that processors with PCID are less affected than processors without that so Haswell and newer have minimal performance loss. Sucks for older processors though. 

The link has two powershell scripts, one if your powershell version isn't new enough. That is the best and most accurate way to check.

 

Quote

PS C:\> Get-SpeculationControlSettings

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

Example output

 

Meltdown is CVE-2017-5754 btw.

[NumLock21]

What's with the "you're about to install from a untrusted repositry" and "The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks" nonsense, when you try to verify if your PC is patched, by entering those commands in Power Shell? So do you allow or don't allow? Even this power shell command is something I don't trust.

 

 

 

 

[mr moose]

20 hours ago, Drak3 said:

It's kind of like the BAR.

 

Are you a summer 4 pack of light truck tires? I'll need some in a few months.

Yes, I was definitely light truck yesterday. 

[leadeater]

44 minutes ago, NumLock21 said:

What's with the "you're about to install from a untrusted repositry" and "The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks" nonsense, when you try to verify if your PC is patched, by entering those commands in Power Shell? So do you allow or don't allow? Even this power shell command is something I don't trust.

It's because the default security settings only allow the execution of locally created scripts which is a good thing. Remote signed scripts means that downloaded scripts can be executed but only by a trusted publisher, basically HTTPS/SSL of powershell. Powershell default execution policies are extremely paranoid for a reason.

 

Quote

RemoteSigned

• Scripts can run. This is the default execution policy in Windows Server 2012 R2.

• Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including e-mail and instant messaging programs).

• Does not require digital signatures on scripts that you have written on the local computer (not downloaded from the Internet).

• Runs scripts that are downloaded from the Internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet.

• Risks running unsigned scripts from sources other than the Internet and signed, but malicious, scripts.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1&viewFallbackFrom=powershell-Microsoft.PowerShell.Core

 

Edit:

Oh and use the official Microsoft powershell cmdlet if you can over the the other one if possible, Microsoft is endorsing the second as it was written by a trusted person but having an update to date powershell version and WMF is just better.

[Notional]

Well, I guess the Windows 10 update has been rolled out. Seems that it completely murdered Asus' AI suite 3 software for overclocking and fan control. GREAT JOB INTEL!

[leadeater]

Just now, Notional said:

Well, I guess the Windows 10 update has been rolled out. Seems that it completely murdered Asus' AI suite 3 software for overclocking and fan control. GREAT JOB INTEL!

Good, horrible software. Uninstall it immediately lol.

[Notional]

Just now, leadeater said:

Good, horrible software. Uninstall it immediately lol.

I need it to control my fans. Doing that in EUFI is worse than Intel's CPU security.

[captain_to_fire]

Looks like I need to reinstall Windows 10 before installing the update because of corrupted Windows Update components. I tried using the WU troubleshooter but it can’t seem to fix registry errors. ?

[NumLock21]

27 minutes ago, leadeater said:

It's because the default security settings only allow the execution of locally created scripts which is a good thing. Remote signed scripts means that downloaded scripts can be executed but only by a trusted publisher, basically HTTPS/SSL of powershell. Powershell default execution policies are extremely paranoid for a reason.

 

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1&viewFallbackFrom=powershell-Microsoft.PowerShell.Core

 

Edit:

Oh and use the official Microsoft powershell cmdlet if you can over the the other one if possible, Microsoft is endorsing the second as it was written by a trusted person but having an update to date powershell version and WMF is just better.

I tried then 2nd method and it somehow it does not work.

2 minutes ago, Notional said:

Well, I guess the Windows 10 update has been rolled out. Seems that it completely murdered Asus' AI suite 3 software for overclocking and fan control. GREAT JOB INTEL!

I forgot about that my AI Suite stopped working too

1 minute ago, leadeater said:

Good, horrible software. Uninstall it immediately lol.

No it's not, best software ever, shows me a fake OC of 5.8GHz for my cpu, while the real OC is at 4.3GHz.

 

[leadeater]

2 minutes ago, Notional said:

I need it to control my fans. Doing that in EUFI is worse than Intel's CPU security.

Pff use a better tool, always hated AI Suite. Maybe version 3 is better, but 1 and 2 were awful.

[Notional]

2 minutes ago, leadeater said:

Pff use a better tool, always hated AI Suite. Maybe version 3 is better, but 1 and 2 were awful.

It's ok. But 3 was released more than 2 years ago. So 1 and 2 are ancient.

 

3 minutes ago, NumLock21 said:

No it's not, best software ever, shows me a fake OC of 5.8GHz for my cpu, while the real OC is at 4.3GHz.

Haha awesome.

[leadeater]

Just now, Notional said:

So 1 and 2 are ancient.

You can tell that to my 4930k because it's old as hell now too, but still fine.