Intel CPU bug

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Intel CPU bug

Post by LawBeefaroni »

Am I reading this right, Intel CPU are about to take a 17%+ performance hit?


'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Intel CPU bug

Post by Isgrimnur »

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Intel CPU bug

Post by Carpet_pissr »

Wow, I guess I am glad I have delayed upgrading my old AMD CPU.
User avatar
hentzau
Posts: 15092
Joined: Thu Oct 21, 2004 11:06 am
Location: Castle Zenda, Ruritania

Re: Intel CPU bug

Post by hentzau »

Yeah, this is a huge topic of conversation around work today. We're concerned that we're going to have an entire generation of PCs that we're going to have to retire about a year and a half early. That wasn't budgeted for this year. Probably talking 10,000 PCs (conservatively.) Haven't even thought about what it will mean to our server farms...
“We can never allow Murania to become desecrated by the presence of surface people. Our lives are serene, our minds are superior, our accomplishments greater. Gene Autry must be captured!!!” - Queen Tika, The Phantom Empire
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Intel CPU bug

Post by Isgrimnur »

I guess I'll start looking at the Ryzens for my new rig upgrade, which I will probably shop for over the next few days once this chest cold settles in and makes it to the point where I don't want to move.
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Intel CPU bug

Post by Carpet_pissr »

Isgrimnur wrote: Wed Jan 03, 2018 12:20 pm I guess I'll start looking at the Ryzens for my new rig upgrade, which I will probably shop for over the next few days once this chest cold settles in and makes it to the point where I don't want to move.
Are not the latest gen Intel chips somewhat immune to this slowdown? Coffee Lake in particular. If not, I will definitely be going AMD (I was fully planning on Coffee Lake for my much needed desktop overhaul project).
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Intel CPU bug

Post by Isgrimnur »

PCWorld
There isn’t any concrete data yet, but speculation is that the bug affects all Intel x86 CPUs produced over the past 10 years, regardless of the OS you’re running or whether you have a desktop or laptop. There are some reports that say newer Intel CPUs are less impacted than older ones, but the full extent is unclear.
...
In a message to the Linux Kernel Mailing List, AMD’s Tom Lendacky asked for Linux’s “Kernel Page Table Isolation” (KPTI) fix to not apply to Team Red’s processors.

“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” he wrote. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

AMD CPUs could potentially wind up suffering a performance hit as collateral damage, though. It depends on how the final patches for the Intel CPU kernel bug vulnerability are implemented. Operating system makers could code in exceptions for AMD processors to keep them at full speed, as Lendacky requested for the Linux kernel. But operating system vendors may also take a salted earth approach and force the fix onto all x86 processors just to be safe.
It's almost as if people are the problem.
User avatar
Zarathud
Posts: 16433
Joined: Fri Oct 15, 2004 10:29 pm
Location: Chicago, Illinois

Re: Intel CPU bug

Post by Zarathud »

AMD never had the performance benefit so, at best, it stays the same.
"If the facts don't fit the theory, change the facts." - Albert Einstein
"I don't stand by anything." - Trump
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.” - John Stuart Mill, Inaugural Address Delivered to the University of St Andrews, 2/1/1867
“It is the impractical things in this tumultuous hell-scape of a world that matter most. A book, a name, chicken soup. They help us remember that, even in our darkest hour, life is still to be savored.” - Poe, Altered Carbon
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Intel CPU bug

Post by stessier »

Zarathud wrote: Wed Jan 03, 2018 4:50 pm AMD never had the performance benefit so, at best, it stays the same.
Not exactly. Or maybe I don't understand what you're saying.

The Intel chips got a benefit from the predictive portion and having the kernel already loaded. They are losing the loaded kernel benefit. The AMD chips got a benefit from both and, if they are excluded from the software changes, would maintain both since their prediction couldn't pass info to the kernel. If they are forced to reload the kernel, they would suffer the same hit as Intel.

Or at least that is what I've read.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

As a DBA type I'm kinda worried about this, especially as some of the bleeding edge testing on the Linux side seems to indicate that IO heavy workloads are going to be some of the most affected.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Hmm...
Edit: possible explanation of above
Spoiler:
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Some commentary on what MacOS does to mitigate...
Spoiler:
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

And more commentary on the Windows solution...
Spoiler:
Sorry if this is spammy... :oops:
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: Intel CPU bug

Post by hitbyambulance »

nope, this is quite informative. keep at it...
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: Intel CPU bug

Post by Daehawk »

I thought this was an very old thread on the Intel CPU that had some math error many years ago and the thread had been updated. I need to look that one up. i think it was a math co-processor bug.

EDIT: Good Lord!!! That was 1994. Much older than I thought.

https://en.wikipedia.org/wiki/Pentium_FDIV_bug

This one one seems worse in some ways and not in others. Its slower but at least it returned the correct numbers :) If I could upgrade Id go Ryzen or a 4700 most likely. Maybe in 4 years Id go 8700.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Okay now for some Linux links:

What got my attention today is I saw a link to this comment on the Linux Kernel mailing list by an AMD developer saying that:
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
The implication is of course, that Intel's architecture allows it.

For example this tweet:
Spoiler:
Page table isolation (PTI), which I believe is the mitigation that is being discussed for this issue has been shown to impact performance:

http://lkml.iu.edu/hypermail/linux/kern ... 01274.html

The original poster sees a 5% hit on an in memory workload, so probably not taxing disk IO that much.
There is a bit more here too with some worse case scenarios >20% impact.
Phoronix did some bench marking too
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Google has announced their mitigations:

https://support.google.com/faqs/answer/7622138
https://googleprojectzero.blogspot.com/ ... -side.html

These seem to be the CVEs associated with the issues (nothing there yet, but I imagine in the next 24 hours the information will be there) I'll speculate now that Variant 3 is what caught my eye this morning.

Edit: Added CVEs, and link to Project Zero, updated what CVEs mean, and who it appears to affect.
Last edited by xwraith on Sat Jan 06, 2018 4:07 pm, edited 1 time in total.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Ah new words for us IT people to bandy about:

Welcome "Meltdown and Spectre" to our lexicon

In brief, Meltdown seems to be Intel only. Every processor since the Pentium Pro in 1995! They do speculate that it could be possible for the attack to work against other OOO processors, but they weren't able.

Spectre seems to affect everybody.
On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR [8] has the important (but inadvertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leakage
6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.
Edit: Updated things.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
Alefroth
Posts: 8486
Joined: Thu Oct 14, 2004 1:56 pm
Location: Bellingham WA

Re: Intel CPU bug

Post by Alefroth »

Windows 10 already being automatically updated.

https://www.theverge.com/2018/1/3/16846 ... ows-10-fix
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Intel CPU bug

Post by Pyperkub »

xwraith wrote: Wed Jan 03, 2018 6:32 pm Google has announced their mitigations:

https://support.google.com/faqs/answer/7622138
https://googleprojectzero.blogspot.com/ ... -side.html

These seem to be the CVEs associated with the issues (nothing there yet, but I imagine in the next 24 hours the information will be there) I'll speculate now that Variant 3 is what caught my eye this morning.

Edit: Added CVEs, and link to Project Zero, updated what CVEs mean, and who it appears to affect.
Per Meltdown/Spectre and the Project Zero link above, it's not limited to Intel. AMD and ARM/Qualcomm also impacted. Ow, Ow, Ow...
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Yeah all share variant 1 & 2 (specter). Variant 2 & 3 (meltdown) appears to be intel only though at this point

Variant 3 (Meltdown) is currently intel only

Edit: Fixed
Last edited by xwraith on Sat Jan 06, 2018 4:08 pm, edited 1 time in total.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: Intel CPU bug

Post by LawBeefaroni »

Of course, this:


Intel CEO Brian Krzanich sold off a large portion of his stake in the company months after Google had informed the chipmaker of a significant security vulnerability in its flagship PC processors - but before the problem was publicly known.


...
The stock sale raised eyebrows when it was disclosed, primarily because it left Krzanich with just 250,000 shares of Intel stock - the minimum the company requires him to hold under his employment agreement.

...

Intel says the sale was preplanned - but that plan was put in place months after it learned of the chip vulnerability
In the statement, the Intel representative said Krzanich's sale had nothing to do with the newly disclosed chip vulnerability and was done as part of a standard stock-sale plan.
...
But Krzanich put that plan in place only October 30, according to the filing. His decision to set up that plan was "unrelated" to information about the security vulnerability, the representative said.

Still, the timeline raises questions: Krzanich's plan was created October 30, and the company learned of the chip vulnerability in June.
Hilarious.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

The cool think about Linux is you can see things as they are getting done, and it kinda gives you insight into what the fixes are going to be.

For example this code landed to help mitigate variant 2 for intel processors:

https://lkml.org/lkml/2018/1/4/615
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Also if you are running Windows, Microsoft released a powershell script that will tell you if you are vulnerable and if the fixes have been applied:

Code: Select all

Install-Module SpeculationControl
Import-Module SpeculationControl
Get-SpeculationControlSettings
My output currently on an I7 2600K:
Spoiler:
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Install the latest available updates for Windows with support for speculation control mitigations.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698


BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
Biyobi
Posts: 5440
Joined: Wed Oct 13, 2004 12:21 pm
Location: San Gabriel, CA

Re: Intel CPU bug

Post by Biyobi »

Ran a BIOS update for my computer last night and received a Win10 update this morning (wasn't found by its normal self-check, but found it when I ran Update manually). Running that powershell script resulted in safe "true" values in everything, but in the bottom subcategories I get:

BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False

I understand the second one is hardware related: my new 8700k has support built-in to it. I still need to look into why the patches don't block the first by default.
Black Lives Matter
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: Intel CPU bug

Post by Rumpy »

If anything, this gives me more of an incentive to upgrade as I'm quite a bit behind, with an Intel i5 3.3ghz, on a 32-bit version of Windows. At the time of my last upgrade, there wasn't all that much of a reason to move to 64-bit as there was nothing that really required; it was seen more as an option, but now it's implicit, and slowly but surely more and more things are offered only as 64-bit.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Here is an interesting document on what Red Hat is doing to mitigate
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: Intel CPU bug

Post by hitbyambulance »

https://arstechnica.com/gadgets/2018/01 ... -about-it/

good update on what Intel's, AMD's, ARM's, Microsoft's, Apple's, Amazon's and Google's responses (and some web browsers) have been so far.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Intel CPU bug

Post by Blackhawk »

I can't for the life of my figure out why I'm not getting the Win10 update that fixes this. My last installed update shows 12/17/2017, and 'Check for Updates' shows that I'm up to date.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Intel CPU bug

Post by Carpet_pissr »

Have you rebooted lately?
User avatar
Victoria Raverna
Posts: 5012
Joined: Fri Oct 15, 2004 2:23 am
Location: Jakarta

Re: Intel CPU bug

Post by Victoria Raverna »

Blackhawk wrote: Mon Jan 08, 2018 1:25 am I can't for the life of my figure out why I'm not getting the Win10 update that fixes this. My last installed update shows 12/17/2017, and 'Check for Updates' shows that I'm up to date.
Which antivirus do you run on your PC?

From https://support.microsoft.com/en-us/hel ... s-software

To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Intel CPU bug

Post by Blackhawk »

I'd already seen that. Windows Defender on the PCs in question, so it isn't that.

It also poisons the search, such that I can't find answers to the problem that don't refer to that issue.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: Intel CPU bug

Post by LawBeefaroni »

Flashback to WinXP. Have been installing update, it's at 10% and has been going for 35 minutes.

This is a big one.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Blackhawk wrote: Mon Jan 08, 2018 1:36 pm I'd already seen that. Windows Defender on the PCs in question, so it isn't that.

It also poisons the search, such that I can't find answers to the problem that don't refer to that issue.
Did you run the powershell script that checks the per-requisites?
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Intel CPU bug

Post by Blackhawk »

I ran a powershell script that was supposed to tell you if you still have the vulnerability, but I had no idea how to read the results beyond the site's instruction that 'false means still vulnerable.'
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

Blackhawk wrote: Mon Jan 08, 2018 8:06 pm I ran a powershell script that was supposed to tell you if you still have the vulnerability, but I had no idea how to read the results beyond the site's instruction that 'false means still vulnerable.'
I think what you need to look at is the "Hardware support for branch target injection mitigation is present" flag, and I think that is delivered via a bios patch for older platforms (assuming you are running Intel)

IIRC the patch will block until the hardware reqs are present, and then it will apply.

Since I'm running a 5+ year old motherboard I'm thinking I'm never going to get patched.

Edit:
Of course now that I wrote this I just saw this, which has a nice table that lays everything out. Spectre variant 2 is what requires a microcode update.

Also it looks like they update theirclient guidance article yesterday
Last edited by xwraith on Tue Jan 09, 2018 1:49 pm, edited 1 time in total.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Intel CPU bug

Post by Blackhawk »

That's about how old my newest motherboard is. I doubt I have more than one or two components in the entire house that is still supported by the manufacturer. If it takes a manufacturer's update to be safe, I'm screwed.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Intel CPU bug

Post by stessier »

LawBeefaroni wrote: Mon Jan 08, 2018 1:55 pm Flashback to WinXP. Have been installing update, it's at 10% and has been going for 35 minutes.

This is a big one.
I'm running Win10 and waited until it said the update was ready. I hit the restart button and was done in under 2 minutes. I'm using an SSD drive, so maybe that helped? Quite painless.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Intel CPU bug

Post by stessier »

I'm trying to confirm I got the patch. My powershell says I can't run the import-module because of the execution policy. Is it safe to set the execution policy to bypass? Is there a safer way?
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
xwraith
Posts: 1085
Joined: Mon Mar 21, 2005 6:42 pm

Re: Intel CPU bug

Post by xwraith »

stessier wrote: Tue Jan 09, 2018 7:24 pm I'm trying to confirm I got the patch. My powershell says I can't run the import-module because of the execution policy. Is it safe to set the execution policy to bypass? Is there a safer way?
I believe it just requires RemoteSigned. The client guidance article link has a little wrapper script that set your security setting, imports the module, runs it and then reverts it.
I forgot to call it "a box of pure malevolent evil, a purveyor of
insidious insanity, an eldritch manifestation that would make Bill
Gates let out a low whistle of admiration," but it's all those, too.
-- David Gerard, Re: [Mediawiki-l] Wikitext grammar, 2010.08.06
Post Reply