Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 28 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

csbin

Senior member
Feb 4, 2013
838
351
136
https://www.reddit.com/r/intel/comments/7oeh84/performance_impact_of_windows_patch_and_bios/

bios patch +windows patch :coldsweat:


vbymibcgj9801.png
 

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,482
14,434
136
Why big CPU boards (and older ones at that) before latest boards? Because it suits you better? Personally I would do latest chipsets first then work backwards, seems the logical approach.
X99 is old ?? socket 2011-3 ????
 

goldstone77

Senior member
Dec 12, 2017
217
93
61
But even if Intel rolls out Micro Code update back ~8-10 years. The motherboard manufacturers have abandoned updating those boards. How many years can you expect support ~3 years on new processors?
 
  • Like
Reactions: lefty2

goldstone77

Senior member
Dec 12, 2017
217
93
61
http://www.guru3d.com/articles_pages/windows_vulnerability_cpu_meltdown_patch_benchmarked

8700K(ASUS M10F BIOS 1003) +960Pro

4K Read
13415.77 IOPS ---> 10423.99 IOPS
52.41 MB/s ---> 40.72 MB/s


4K Write
45250.04 IOPS ---> 37399.2 IOPS
176.76 MB/s ---> 146.09 MB/s

This is something that I've noticed. No mention of the micro code bios patch that is going to cause the big hit to performance, because it affect speculative branch prediction more so than the OS update. They mention the motherboard bios upgrade, but only grab the windows update! Expect further losses in performance!
Fact is that all OSes will need to be patched, yours as well. For Windows, this will be done through an incremental software update, and very likely your motherboard will need to be upgraded with a new BIOS as well. On Tuesday that patch will automatically become available, and who knows perhaps it is propagating already. The new security patches for Windows 10, however, can be download as standalone already. I decided to grab it, install it and see what happens.
 

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
sigh.... i really want to pass on the bios update... seriously..

i really don't care if they hack this machine... its my gaming machine.... at most they will find what? a few pictures of my doberman, some screen shots of the games i play, and my steam gaming directory.

Even then for me to be hacked, they would need to single me out of millions, and then get past my firewall and network.
Hell by the time they got that far, it would obviously be an inside job, and i honestly think someone in my family has a higher chance of downloading a adware virus before i get hacked and compromised via meltdown/specter.
 

coercitiv

Diamond Member
Jan 24, 2014
6,151
11,686
136
If the BIOS updates really affect gaming and multimedia editing then this will escalate from "redacted on fan" to "biological hazard" in just a few weeks. They sold Coffee Lake while being aware of the vulnerability and by that time they probably knew the magnitude of the performance impact as well.

No profanity in the tech forums.

AT Mod Usandthem
 
Last edited by a moderator:
  • Like
Reactions: rgallant

Malogeek

Golden Member
Mar 5, 2017
1,390
778
136
yaktribe.org
i really don't care if they hack this machine... its my gaming machine.... at most they will find what? a few pictures of my doberman, some screen shots of the games i play, and my steam gaming directory.
So you don't login to email or any secure sites that might contain personal private or financial data on that computer?
 

goldstone77

Senior member
Dec 12, 2017
217
93
61
sigh.... i really want to pass on the bios update... seriously..

i really don't care if they hack this machine... its my gaming machine.... at most they will find what? a few pictures of my doberman, some screen shots of the games i play, and my steam gaming directory.

Even then for me to be hacked, they would need to single me out of millions, and then get past my firewall and network.
Hell by the time they got that far, it would obviously be an inside job, and i honestly think someone in my family has a higher chance of downloading a adware virus before i get hacked and compromised via meltdown/specter.

This was a team in a lab performing these attacks with non-public information on the processors. But, what about the miles of building that include the chineses hacking force? I think you can see an exponential increase in manpower(from bad actors) devoted to learning secrets and deploying various Java Script malware exploits. These will surely evolve into new more creative way to attack this vulnerability know that it's known. A.I. is having fun beating games at a record pace. Sounds like there is a new game in town that's even more fun to play!
 
  • Like
Reactions: french toast

french toast

Senior member
Feb 22, 2017
988
825
136
Kim Jong un... "shall we play a game?"

Kim Jong un is going put his vast warehouses of human tech labor and Dyno powered mechanical computers running Win 2000 to work on this.
 
Last edited:
  • Like
Reactions: goldstone77

bononos

Diamond Member
Aug 21, 2011
3,883
142
106
This is something that I've noticed. No mention of the micro code bios patch that is going to cause the big hit to performance, because it affect speculative branch prediction more so than the OS update. They mention the motherboard bios upgrade, but only grab the windows update! Expect further losses in performance!

Is a motherboard UEFI/BIOS patch necessary in addition to the OS patch?

edit- read that a bios update is needed for patching spectre.
 
Last edited:

DrMrLordX

Lifer
Apr 27, 2000
21,582
10,785
136
Kim Jong un... "shall we play a game?"

Kim Jong un is going put his vast warehouses of human tech labor and Dyno powered mechanical computers running Win 2000 to work on this.

Look at the bright side: If the NSA isn't already having a field day with his creaky old machines, they will very soon.

Is a motherboard UEFI/BIOS patch necessary in addition to the OS patch?

To properly patch for Meltdown and Spectre, you will need to update UEFI and patch OS. Which vulnerabilities need patching will vary from system to system.
 
  • Like
Reactions: french toast

bryanW1995

Lifer
May 22, 2007
11,144
32
91
I knew you'd be back with your "anything is possible" argument. You do realize your bolded part basically says that it's entirely possible the CPU may be hacked in some other way? Well of course, that's true for any CPU and for any other type of hack method. You also realize by the same argument, these patches wouldn't block that attack either, because the patch specifically fixes issues associated with these 3 forms of attacks.

It's "entirely possible" that phynaz' account has been hacked by intel PR.





Inflammatory "baiting" is not allowed.


esquared
Anandtech Forum Director
 
Last edited by a moderator:

Tup3x

Senior member
Dec 31, 2016
944
925
136
It looks like benchmarks need to be redone after all these patches are implemented.
 
  • Like
Reactions: rgallant

bryanW1995

Lifer
May 22, 2007
11,144
32
91
Well, looks like this will be a big year for AMD and their Threadripper.

I doubt it, seems rather more likely that AMD execs really will have that "liquid lunch" referenced above, all of them will get arrested for DWI, and intel will have everything smoothed over before they get bailed out...
 

bryanW1995

Lifer
May 22, 2007
11,144
32
91
Hey you never know, this security issue affects nearly every relevant Intel CPU from that last 10 years.

Their stocks is tumbling and AMD will be right on their heels.

This might just fire up the CPU race again.

Intel stock is nearly back up where it was before the news hit, it is down less than 5% now. Seems that AMD has reaped more benefit (up 15%) than intel has been punished by this.

https://finance.yahoo.com/quote/INTC/
https://finance.yahoo.com/quote/AMD?p=AMD
 

noneis

Junior Member
Mar 4, 2017
21
29
91
That is pretty bad. I wonder how many other game servers are going to suffer the same fate?
All of them? Most servers for multiplayer games process large amounts of very small packets, much smaller packets then web-servers. Mining pools servers will probably get hit as well - lots of small packets and lots of IO when syncing blockchain.
 

dark zero

Platinum Member
Jun 2, 2015
2,655
138
106
Kim Jong un... "shall we play a game?"

Kim Jong un is going put his vast warehouses of human tech labor and Dyno powered mechanical computers running Win 2000 to work on this.
Win 2000 is too much for them... They just use Windows 95.