Speculative execution security flaw(s)

[Jaskalas]

Updated 2018-01-05

CNN: Major chip flaws affect billions of devices

• Cnet: Spectre and Meltdown: Details you need on those big chip flaws
• Anandtech: Understanding Meltdown & Spectre
• Arstechnica: Here’s what Intel, Apple, Microsoft, others are doing about it

Testing Windows 10 performance after patching for "meltdown".
Results: mostly minor impact for end users.

Current question, does the public have security patches to protect against Spectre yet?



Original Post:

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.

https://hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos

PSA, this could have some significant ramifications for both security and performance. If the story checks out, we're talking one busy month of major security patches.

 

[Malogeek]

Discussion going on here.

 

[Red Squirrel]

With all these cpu security flaws, starting to wonder if all the IT guys from Equifax went to work for Intel. lol.

 

[C1]

Yes ,these "flaws" were discussed this evening by Lauren Weinstein and referred to as "Spectre " and "Meltdown " exploits. According to Weinstein, these supposed flaws (or architectural vulnerabilities) have existed in, for example, INTEL processors for the last 10 years !

Is anyone certain that these supposed flaws were not really NSA (or deep state) mandated back doors all along, but just now being exposed by the technical community (eg, Julian Assange types) ?

In today's news:

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq


Update:

Meltdown spying on passwords
https://www.youtube.com/watch?v=RbHbFkh6eeE&feature=youtu.be

Benchmarking The Intel CPU Bug Fix, What Can Desktop Users Expect?
https://www.youtube.com/watch?v=_qZksorJAuY&feature=youtu.be

 

[Elixer]

Here is a tool from MS that tells you if your system has the bug(s).

Microsoft has also released a set of Powershell one-liners that you can use to check if your PC installed the updates properly, or if you need additional firmware updates.

When starting PowerShell, make sure you start it with Admin privileges so that you can install the required modules.

The Powershell command below will download and install a Powershell module for testing for the Meltdown and Spectre flaws.

Install-Module SpeculationControl​

If you run the command and get execution errors, you might need to adjust your Powershell execution policy. Run the following command:

Set-ExecutionPolicy Bypass​

Now, you know can run a second Powershell command that actually checks your system:

Get-SpeculationControlSettings

For more details...

https://www.bleepingcomputer.com/ne...stems-for-the-meltdown-and-spectre-cpu-flaws/

 

[William Gaatjes]

https://www.amd.com/en/corporate/speculative-execution

Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

This is the output:
SInce i have an AMD cpu, the security fix seems to not be enabled since it is unnecessary.

Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False

.


Forgot to note that when you do the powershell thing, do not forget to do a
Set-executionpolicy Restricted afterwards.
Or Set-executionpolicy default will do.
I think that is better for safety.
Check with Get-executionpolicy that it is set to restriced which is default.

https://docs.microsoft.com/en-us/po...urity/set-executionpolicy?view=powershell-5.1

 

[ultimatebob]

They still haven't really found a way to remotely exploit a system with these processor defects.... right? I'm not sure why CNN is panicking about this, since it looks like you need to be logged into the system in order to exploit the issue.

Hell, the Red Hat and VMWare patches for this are only classified as "Important", which basically means "patch it as part of your normal maintenance cycle". With the way people are screaming about this, I was expecting them to be classified as "critical", AKA the "stop what you're doing and patch your shiznit NOW" kind of issue.

 

[Jaskalas]

With patches having gone out to the public for Meltdown, does anyone have information on security patches for Spectre? Perhaps we could get a handle on who has patches and who doesn't.

Update, Arstechnica: Here’s what Intel, Apple, Microsoft, others are doing about it

 

[Fanatical Meat]

They still haven't really found a way to remotely exploit a system with these processor defects.... right? I'm not sure why CNN is panicking about this, since it looks like you need to be logged into the system in order to exploit the issue.

Hell, the Red Hat and VMWare patches for this are only classified as "Important", which basically means "patch it as part of your normal maintenance cycle". With the way people are screaming about this, I was expecting them to be classified as "critical", AKA the "stop what you're doing and patch your shiznit NOW" kind of issue.

CNN is acting crazy about this almost Y2K crazy.

 

[Red Squirrel]

What I'd like to see mainstream media freak out about is the ME backdoor. And talk about the AMD one too, it's not just Intel. That is more concerning than any of these exploits yet it's something nobody really ever talks about.

 

[Elixer]

What I'd like to see mainstream media freak out about is the ME backdoor. And talk about the AMD one too, it's not just Intel. That is more concerning than any of these exploits yet it's something nobody really ever talks about.

ME backdoor doesn't have a catchy name...

Most places that I have seen lump in AMD with intel... for everything, and while not 100% accurate, it is "good enough" for them.

CNN is acting crazy about this almost Y2K crazy.

You are shocked by this? It is CNN after all...

 

[bononos]

They still haven't really found a way to remotely exploit a system with these processor defects.... right? I'm not sure why CNN is panicking about this, since it looks like you need to be logged into the system in order to exploit the issue.
............

The exploit could be used while you're on your browser. Or used by trojans. So the risk was definitely high.

Also initially it was thought that some variants of the exploit (Spectre) could not be fixed via software patches for Intel cpus. And the performance hit was high for the Meltdown fix.

 

[bononos]

What I'd like to see mainstream media freak out about is the ME backdoor. And talk about the AMD one too, it's not just Intel. That is more concerning than any of these exploits yet it's something nobody really ever talks about.

AMD is much much less affected because it wasn't affected by variant 3. Only theoretical vulnerability to variant 2 on linux and variant 1 could be patched without significant performance loss. Intel tried to softpedal the issue and say every company was affected but that is incorrect.

Currently some people are reporting major performance impacts from the intel fix for certain tasks like compiling. Large impact on NVME peformance. Significant drops in minimum fps in gaming.

 

[sdifox]

CNN is acting crazy about this almost Y2K crazy.

This is much bigger than Y2K