Jump to content

Intel CPU Design Flaw

MyOwn

By MyOwn
in Lounge

 Share

Recommended Posts

  • MyOwn changed the title to Intel CPU Design Flaw
  • 3 weeks later...
Zen Traveler Klipsch Forum Lifer

Zen Traveler

Posted
Posted
On ‎1‎/‎3‎/‎2018 at 6:35 AM, Steve_S said:

Performance hits loom

 

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

 

Wow! Thanks for posting this. A couple of weeks ago I had a friend in the field try to explain this to me and had no idea what he was talking about--Now I see why his stress level was up.  

Link to comment
Share on other sites
Dave A Klipsch Fanatic

Dave A

Posted
Posted

FUD and truth are out there. Don't ignore this. I will tell you this. My critical workstations my business depends on NEVER go online. None of this junk worries me in the least because of that and my proprietary info stays mine. I have a separate PC which is allowed online and rely on being current on all updates and keep good antivirus programs current to. Knock on wood like most here I search for music files and torrents are not safe things to look for and have not been caught out yet with bad virus or hackers. Do not store your passwords in a file on your computer and do not use autofill for any site but trivial ones like here. Use a different password for everything and don't be stupid enough to use 1234, 1235, 1236 etc. Make backups at least once a month just in case because hackers hack and hard drives fail.

  Folks buy a cheap piece of junk to do your online stuff. $300 will get you more than you need and DO NOT store any financial info on there of any sort.

 

 

 

Beware, AMD chip owners.

For you Windows Secrets readers who have computers with AMD inside, these Spectre/Meltdown patches are causing more issues than they are preventing. So much so that Microsoft has halted release of the updates on machines that have AMD chipsets. Some of the relevant security posts include the following:

  • Microsoft's KB4073707 on the issues with AMD chip sets and how Microsoft is blocking the patches until the issue is resolved.
  • Microsoft's KB4073757 recapping the overall guidance

Let's recap the big picture:

  • Intel CPU chips have a bug in their very architecture.
  • Researchers found a way for attackers to possibly steal passwords and other confidential information from our machines. As of publication, the attack has not been used in the wild. However, the potential is there and it'sreally concerning up in cloud servers as it could mean that fellow virtual servers could read information from a tenant next door.
  • It won't be enough to patch for the Windows operating system, you'll need to patch the firmware on your computer as well.
  • It's not a Microsoft bug, but because everything uses CPUs, pretty much everything needs to be patched ranging from phones to firewalls. So after you get your patches for Windows, go look for updates for anything else that has a CPU included in it (I'm not kidding or overstating the issue).
  • A bigger concern to many will be the performance hit this "fix" will make on your system as discussed in a Microsoft blog. The older your computer the more the "hit" will be. If you have a computer that is a 2015-era PC with Haswell or older CPU - you will notice a difference.
  • CERT goes so far as to recommend replacing the CPU hardware in their blog post. I'm not ready to go that far, but it would be wise to review how old your computer hardware is, evaluate the performance hit and plan accordingly.

 

 

Check That Your Antivirus Is Supported

Because this is a kernel update, antivirus vendors who have hooked into the kernel for additional protection could trigger blue screens of death if they are not updated for the change introduced by this patch. Thus Microsoft is requiring that before the January Windows and .NET updates are installed that a registry entry is made by the vendor - or by you if your vendor doesn't provide the registry key in an update - before the January updates are installed.

Make sure you review the antivirus listing page that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn't support these updates, it's time to find a new vendor. If you don't use antivirus (say on a specialized server), you'll need to manually add the following:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right hand side in the registry look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

For those who have to patch servers, you need to be aware that you'll need to perform all the steps done as you did on Windows client workstations - checking that antivirus is ready, and installing the updates - but also manually add two or three registry keys on the server. You will need to add two registry keys for a "normal" server, and all three registry keys as noted in the KB4072698 if the server is a HyperV or virtualization host.

The registry keys that need to be added include:

  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
  • reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

And finally remember that just about every device uses CPU chips. Start reviewing your phones, your devices, to see if these items need patches and firmware updates as well.

-What to do: Review that you are ready for this update and feel free to wait a bit longer to be sure your system and your antivirus is ready for this update.

 

 

  And then this from an earlier newsletter

 

 

All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You'll have read about this -- the press have already labeled the flaws as the Meltdown and Spectre bugs.

As Microsoft said in "ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities:"

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

Because this is a kernel update that interacts with antivirus utilities, there is a big "BUT" in how you might get this update: You'll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won't get the update offered up to you.

If you want to visually see if your systems are prepared for this update, you can click on Start, type in regedit and click to approve the elevated prompt. Then you'll need to drill down to review the following registry key. Note that each bullet point represents a level you'll need to drill down to:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right-hand side in the registry, look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

If you see these values, your antivirus vendor has updated itself and it's safe to install this patch. If you don't see this registry value, this means your system (and, therefore, your antivirus vendor) is not ready for this update. Do not manually enter this key, nor manually download this update from the catalog site to install this update.

This Google docs file is maintaining an unofficial listing of vendors that have updated to support this patch and therefore sidestep the Meltdown and Spectre vulnerabilities.

For Windows 10 you'll see the following updates:

Windows 8.1 and Windows 7 are also receiving out-of-band updates, but only in the WSUS channel. For home users, you'll see the normal cumulative update next week.

For those in businesses, you'll see:

For small businesses, my usual advice to wait for patch side effects to shake out applies: consider waiting until next week to wait to patch.

In addition to these operating systems updates, start looking for firmware updates that eliminate the vulnerabilities introduced via Meltdown and Spectre. I would recommend going to your hardware vendors and look for any firmware

Now comes the bad news: You may see a performance hit by installing this update. Some tech sites are indicating that performance hits on Linux can be as high as 35 percent.

If you want to see whether your systems' computing performance will be impacted, run this CPU benchmark test before the patch and then after the update to see the impact on your own system.

While you are there patching your workstations, review whether you have any additional overdue firmware updates that need to be installed. This isn't the first bug in the Intel chipset; in November, Intel posted about a series of chip bugs that the company has since fixed through firmware updates available via their advisory page. Please review whether you need firmware patches as well by downloading Intel's testing tool.

-What to do: I recommend checking to see if your system can receive the update. When your system is ready, test it to see what the performance hit (if any) will be, see if there have been any reports of patch side effects, and then update your system.

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft's list of recently released patches, go to the MS Security TechCenter page.

Patch Released Description Status
KB405689 1-03 Windows 7 rollup Install*
KB4056898 1-03 Windows 8 Install
KB4056892 [1709] 1-03 Windows 10 1709 Install
KB4056891 [1703] 1-03 Windows 10 1703 Install
KB4056890 [1607] 1-03 Windows 10 1607 Install

*Hold: Please note if you've installed these updates and are not seeing any side effects you can leave the updates installed. I'm only recommended holding off if you are severely impacted by these side effects.

STATUS RECOMMENDATIONS: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You'll have read about this -- the press have already labeled the flaws as the Meltdown and Spectre bugs.

As Microsoft said in "ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities:"

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

Because this is a kernel update that interacts with antivirus utilities, there is a big "BUT" in how you might get this update: You'll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won't get the update offered up to you.

If you want to visually see if your systems are prepared for this update, you can click on Start, type in regedit and click to approve the elevated prompt. Then you'll need to drill down to review the following registry key. Note that each bullet point represents a level you'll need to drill down to:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right-hand side in the registry, look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

If you see these values, your antivirus vendor has updated itself and it's safe to install this patch. If you don't see this registry value, this means your system (and, therefore, your antivirus vendor) is not ready for this update. Do not manually enter this key, nor manually download this update from the catalog site to install this update.

This Google docs file is maintaining an unofficial listing of vendors that have updated to support this patch and therefore sidestep the Meltdown and Spectre vulnerabilities.

For Windows 10 you'll see the following updates:

Windows 8.1 and Windows 7 are also receiving out-of-band updates, but only in the WSUS channel. For home users, you'll see the normal cumulative update next week.

For those in businesses, you'll see:

For small businesses, my usual advice to wait for patch side effects to shake out applies: consider waiting until next week to wait to patch.

In addition to these operating systems updates, start looking for firmware updates that eliminate the vulnerabilities introduced via Meltdown and Spectre. I would recommend going to your hardware vendors and look for any firmware

Now comes the bad news: You may see a performance hit by installing this update. Some tech sites are indicating that performance hits on Linux can be as high as 35 percent.

If you want to see whether your systems' computing performance will be impacted, run this CPU benchmark test before the patch and then after the update to see the impact on your own system.

While you are there patching your workstations, review whether you have any additional overdue firmware updates that need to be installed. This isn't the first bug in the Intel chipset; in November, Intel posted about a series of chip bugs that the company has since fixed through firmware updates available via their advisory page. Please review whether you need firmware patches as well by downloading Intel's testing tool.

-What to do: I recommend checking to see if your system can receive the update. When your system is ready, test it to see what the performance hit (if any) will be, see if there have been any reports of patch side effects, and then update your system.

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft's list of recently released patches, go to the MS Security TechCenter page.

Patch Released Description Status
KB405689 1-03 Windows 7 rollup Install*
KB4056898 1-03 Windows 8 Install
KB4056892 [1709] 1-03 Windows 10 1709 Install
KB4056891 [1703] 1-03 Windows 10 1703 Install
KB4056890 [1607] 1-03 Windows 10 1607 Install

*Hold: Please note if you've installed these updates and are not seeing any side effects you can leave the updates installed. I'm only recommended holding off if you are severely impacted by these side effects.

STATUS RECOMMENDATIONS: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

 

Link to comment
Share on other sites
JJkizak Klipsch Fanatic

JJkizak

Posted
Posted
11 hours ago, Dave A said:

FUD and truth are out there. Don't ignore this. I will tell you this. My critical workstations my business depends on NEVER go online. None of this junk worries me in the least because of that and my proprietary info stays mine. I have a separate PC which is allowed online and rely on being current on all updates and keep good antivirus programs current to. Knock on wood like most here I search for music files and torrents are not safe things to look for and have not been caught out yet with bad virus or hackers. Do not store your passwords in a file on your computer and do not use autofill for any site but trivial ones like here. Use a different password for everything and don't be stupid enough to use 1234, 1235, 1236 etc. Make backups at least once a month just in case because hackers hack and hard drives fail.

  Folks buy a cheap piece of junk to do your online stuff. $300 will get you more than you need and DO NOT store any financial info on there of any sort.

 

 

 

Beware, AMD chip owners.

For you Windows Secrets readers who have computers with AMD inside, these Spectre/Meltdown patches are causing more issues than they are preventing. So much so that Microsoft has halted release of the updates on machines that have AMD chipsets. Some of the relevant security posts include the following:

  • Microsoft's KB4073707 on the issues with AMD chip sets and how Microsoft is blocking the patches until the issue is resolved.
  • Microsoft's KB4073757 recapping the overall guidance

Let's recap the big picture:

  • Intel CPU chips have a bug in their very architecture.
  • Researchers found a way for attackers to possibly steal passwords and other confidential information from our machines. As of publication, the attack has not been used in the wild. However, the potential is there and it'sreally concerning up in cloud servers as it could mean that fellow virtual servers could read information from a tenant next door.
  • It won't be enough to patch for the Windows operating system, you'll need to patch the firmware on your computer as well.
  • It's not a Microsoft bug, but because everything uses CPUs, pretty much everything needs to be patched ranging from phones to firewalls. So after you get your patches for Windows, go look for updates for anything else that has a CPU included in it (I'm not kidding or overstating the issue).
  • A bigger concern to many will be the performance hit this "fix" will make on your system as discussed in a Microsoft blog. The older your computer the more the "hit" will be. If you have a computer that is a 2015-era PC with Haswell or older CPU - you will notice a difference.
  • CERT goes so far as to recommend replacing the CPU hardware in their blog post. I'm not ready to go that far, but it would be wise to review how old your computer hardware is, evaluate the performance hit and plan accordingly.

 

 

Check That Your Antivirus Is Supported

Because this is a kernel update, antivirus vendors who have hooked into the kernel for additional protection could trigger blue screens of death if they are not updated for the change introduced by this patch. Thus Microsoft is requiring that before the January Windows and .NET updates are installed that a registry entry is made by the vendor - or by you if your vendor doesn't provide the registry key in an update - before the January updates are installed.

Make sure you review the antivirus listing page that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn't support these updates, it's time to find a new vendor. If you don't use antivirus (say on a specialized server), you'll need to manually add the following:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right hand side in the registry look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

For those who have to patch servers, you need to be aware that you'll need to perform all the steps done as you did on Windows client workstations - checking that antivirus is ready, and installing the updates - but also manually add two or three registry keys on the server. You will need to add two registry keys for a "normal" server, and all three registry keys as noted in the KB4072698 if the server is a HyperV or virtualization host.

The registry keys that need to be added include:

  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
  • reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

And finally remember that just about every device uses CPU chips. Start reviewing your phones, your devices, to see if these items need patches and firmware updates as well.

-What to do: Review that you are ready for this update and feel free to wait a bit longer to be sure your system and your antivirus is ready for this update.

 

 

  And then this from an earlier newsletter

 

 

All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You'll have read about this -- the press have already labeled the flaws as the Meltdown and Spectre bugs.

As Microsoft said in "ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities:"

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

Because this is a kernel update that interacts with antivirus utilities, there is a big "BUT" in how you might get this update: You'll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won't get the update offered up to you.

If you want to visually see if your systems are prepared for this update, you can click on Start, type in regedit and click to approve the elevated prompt. Then you'll need to drill down to review the following registry key. Note that each bullet point represents a level you'll need to drill down to:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right-hand side in the registry, look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

If you see these values, your antivirus vendor has updated itself and it's safe to install this patch. If you don't see this registry value, this means your system (and, therefore, your antivirus vendor) is not ready for this update. Do not manually enter this key, nor manually download this update from the catalog site to install this update.

This Google docs file is maintaining an unofficial listing of vendors that have updated to support this patch and therefore sidestep the Meltdown and Spectre vulnerabilities.

For Windows 10 you'll see the following updates:

Windows 8.1 and Windows 7 are also receiving out-of-band updates, but only in the WSUS channel. For home users, you'll see the normal cumulative update next week.

For those in businesses, you'll see:

For small businesses, my usual advice to wait for patch side effects to shake out applies: consider waiting until next week to wait to patch.

In addition to these operating systems updates, start looking for firmware updates that eliminate the vulnerabilities introduced via Meltdown and Spectre. I would recommend going to your hardware vendors and look for any firmware

Now comes the bad news: You may see a performance hit by installing this update. Some tech sites are indicating that performance hits on Linux can be as high as 35 percent.

If you want to see whether your systems' computing performance will be impacted, run this CPU benchmark test before the patch and then after the update to see the impact on your own system.

While you are there patching your workstations, review whether you have any additional overdue firmware updates that need to be installed. This isn't the first bug in the Intel chipset; in November, Intel posted about a series of chip bugs that the company has since fixed through firmware updates available via their advisory page. Please review whether you need firmware patches as well by downloading Intel's testing tool.

-What to do: I recommend checking to see if your system can receive the update. When your system is ready, test it to see what the performance hit (if any) will be, see if there have been any reports of patch side effects, and then update your system.

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft's list of recently released patches, go to the MS Security TechCenter page.

Patch Released Description Status
KB405689 1-03 Windows 7 rollup Install*
KB4056898 1-03 Windows 8 Install
KB4056892 [1709] 1-03 Windows 10 1709 Install
KB4056891 [1703] 1-03 Windows 10 1703 Install
KB4056890 [1607] 1-03 Windows 10 1607 Install

*Hold: Please note if you've installed these updates and are not seeing any side effects you can leave the updates installed. I'm only recommended holding off if you are severely impacted by these side effects.

STATUS RECOMMENDATIONS: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You'll have read about this -- the press have already labeled the flaws as the Meltdown and Spectre bugs.

As Microsoft said in "ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities:"

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

Because this is a kernel update that interacts with antivirus utilities, there is a big "BUT" in how you might get this update: You'll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won't get the update offered up to you.

If you want to visually see if your systems are prepared for this update, you can click on Start, type in regedit and click to approve the elevated prompt. Then you'll need to drill down to review the following registry key. Note that each bullet point represents a level you'll need to drill down to:

  • HKEY_LOCAL_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right-hand side in the registry, look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”
  • Data="0x00000000”

If you see these values, your antivirus vendor has updated itself and it's safe to install this patch. If you don't see this registry value, this means your system (and, therefore, your antivirus vendor) is not ready for this update. Do not manually enter this key, nor manually download this update from the catalog site to install this update.

This Google docs file is maintaining an unofficial listing of vendors that have updated to support this patch and therefore sidestep the Meltdown and Spectre vulnerabilities.

For Windows 10 you'll see the following updates:

Windows 8.1 and Windows 7 are also receiving out-of-band updates, but only in the WSUS channel. For home users, you'll see the normal cumulative update next week.

For those in businesses, you'll see:

For small businesses, my usual advice to wait for patch side effects to shake out applies: consider waiting until next week to wait to patch.

In addition to these operating systems updates, start looking for firmware updates that eliminate the vulnerabilities introduced via Meltdown and Spectre. I would recommend going to your hardware vendors and look for any firmware

Now comes the bad news: You may see a performance hit by installing this update. Some tech sites are indicating that performance hits on Linux can be as high as 35 percent.

If you want to see whether your systems' computing performance will be impacted, run this CPU benchmark test before the patch and then after the update to see the impact on your own system.

While you are there patching your workstations, review whether you have any additional overdue firmware updates that need to be installed. This isn't the first bug in the Intel chipset; in November, Intel posted about a series of chip bugs that the company has since fixed through firmware updates available via their advisory page. Please review whether you need firmware patches as well by downloading Intel's testing tool.

-What to do: I recommend checking to see if your system can receive the update. When your system is ready, test it to see what the performance hit (if any) will be, see if there have been any reports of patch side effects, and then update your system.

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft's list of recently released patches, go to the MS Security TechCenter page.

Patch Released Description Status
KB405689 1-03 Windows 7 rollup Install*
KB4056898 1-03 Windows 8 Install
KB4056892 [1709] 1-03 Windows 10 1709 Install
KB4056891 [1703] 1-03 Windows 10 1703 Install
KB4056890 [1607] 1-03 Windows 10 1607 Install

*Hold: Please note if you've installed these updates and are not seeing any side effects you can leave the updates installed. I'm only recommended holding off if you are severely impacted by these side effects.

STATUS RECOMMENDATIONS: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

 

 

Holy cow!.

JJK

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...