- This topic has 6 replies, 2 voices, and was last updated 5 years, 4 months ago by
.
- Posts
[color=purple][size=5][i]A3 & I are computer geeks … This is an OT thread to share the good, bad, and ugly related to computers 8)
WARNING WARNING WILL ROBINSON — A brand new CPU design vulnerability has been discovered affecting almost every known device & a hot topic for inner security circles … below is a small spinet from my blog:[/i][/size][/color]
Security WARNING – PATCH NOW warning for Spectre & Meltdown vulnerabilities
[size=5]The ISC recommends a “PATCH NOW” that has to do with new processor design vulnerabilities, where unencrypted data, passwords, or other sensitive information might be exposed. This is a more general design flaw in the way modern CPUs buffer & transfer information in the CPU, than a vendor specific warning (some new “governors” & controls are needed to restrict access to distributed parts of CPU)
Hardware & cloud vendors are quickly responding with early fixes for the worst and most exploitable aspects of these 2 serious vulnerabilities to the most immediate design threats (with likely more detailed fixes in future). Some performance impacts may occur with restricting CPU addressability and predictive processing. Currently there are NO known “in-the-wild” exploits, but the vulnerabilities could be weaponzied into exploits in future days ahead. As just like a house, it’s best to patch before the storm arrives.
Android: Google security update dated Jan. 5 will include “mitigations” to help protect your phone, and future updates will include more fixes.
On Jan. 23, a new version of Google Chrome should also include mitigations to protect your desktop and phone from web-based attacks.
Google says an experimental feature called Site Isolation can help right away.
To turn on Site Isolation on Windows, Mac, Linux, Chrome OS or Android:Type or copy-paste chrome://flags/#enable-site-per-process into the URL field at the top of your Chrome web browser, then hit the Enter key.
Look for Strict Site Isolation, then tap or click the box labeled Enable.
If your work is saved, hit Relaunch Now. Otherwise, save your work, then quit and relaunch Chrome.
For Chrome on iOS (iPhone, iPad), Google says Apple will deliver any necessary fixes.Mozilla will update its current Firefox 57 and Microsoft will modify both its Internet Explorer and new Edge browsers.
Google’s Chromebooks are, or will be, automatically protected from these flaws, according to Google. The company says Chromebooks with ARM chips aren’t affected at all
Google says none of its other consumer-facing products (Google Home, Chromecast, WiFi, OnHub, Gmail, Apps and Services) are affected by these vulnerabilities.
Microsoft says it released a Win10 security update Wednesday to help mitigate the issue.
https://www.cnet.com/how-to/how-to-fix-meltdown-spectre-intel-amd-arm-windows-mac-android-ios/
Microsoft’s Azure cloud – which runs a lot of Linux as well as Windows – will undergo maintenance and reboots on January 10, presumably to roll out the above fixes.
Amazon Web Services also warned customers via email to expect a major security update to land on Friday this week, without going into details.
Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715).
The update —KB4078130— targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions.
Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3.
Intel
We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.
End-users should continue to apply updates recommended by their system and operating system providers.
After Intel’s announcement, Dell advised customers to “revert back to a previous BIOS versions” that did not include Spectre patches.
HP also took a similar step. After it previously made available BIOS updates containing Meltdown and Spectre (Variant 1 and Variant 2) patches, HP reissued BIOS updates this week that only contained Meltdown and Spectre Variant 1 patches, but not Variant 2.
Red Hat Enterprises also decided to revert Spectre Variant 2 patches last weekend, even before Intel’s formal announcement.
Intel is not the only major CPU maker having issues with Spectre Variant 2 patching. This bug also caused issues for devices with AMD processors, so much so that Microsoft paused the rollout of Windows updates for devices with AMD processors. Microsoft resumed these updates, but only after AMD worked with Microsoft to correct reported BSOD errors.
MICROSOFT’S UPDATE CAN ONLY BE MANUALLY DOWNLOADED RIGHT NOW
Update protects against random reboots and data losshttps://www.catalog.update.microsoft.com/Search.aspx?q=KB4078130
[hr]
Intel says it has identified the issues behind the unexpected reboots on Broadwell and Haswell processors and is working toward releasing an update that addresses the exploits without causing random reboots and data loss. Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors are also affected, and Intel says it’s “actively working on developing solutions” for those platforms too.A
ClearGuide to Meltdown and Spectre Patcheshttps://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help#windows-updates
- You must be logged in to reply to this topic.