Tuesday, January 9th 2018
Microsoft Halts Meltdown-Spectre Patches to AMD PCs as Some Turn Unbootable
Microsoft late-Monday halted Meltdown and Spectre security patches to machines running AMD processors, as complaints of machines turning unbootable piled up. Apparently the latest KB4056892 (2018-01) Cumulative Update causes machines with AMD processors (well, chipsets) to refuse to boot. Microsoft has halted distributing patches to PCs running AMD processors, and issued a statement on the matter. In this statement, Microsoft blames AMD for not supplying its engineers with the right documentation to develop their patches (while absolving itself of any blame for not testing its patches on actual AMD-powered machines before releasing them).
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," said Microsoft in its statement. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown," it added. Microsoft is working with AMD to re-develop, test, and release security updates, on the double.Update (09/01): AMD responded to this story, its statement posted verbatim is as follows.
Source:
The Verge
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," said Microsoft in its statement. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown," it added. Microsoft is working with AMD to re-develop, test, and release security updates, on the double.Update (09/01): AMD responded to this story, its statement posted verbatim is as follows.
AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.
51 Comments on Microsoft Halts Meltdown-Spectre Patches to AMD PCs as Some Turn Unbootable
support.microsoft.com/en-us/help/4073707/windows-operating-system-security-update-block-for-some-amd-based-devi
And what's with the Ryzen image? As far as this issue is concerned, Ryzen is not affected. AMD has made some other CPUs and this particular problem seems to revolve around chipset(s) anyway.
answers.microsoft.com/en-us/windows/forum/windows-7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1
btarunr - pls remove it!!!
Minor edit for completeness.
If this patch is also for Meltdown, then I would advice this F*(&**&( company to stop trying to make AMD processors look as bad, in this case, as Intel CPUs. Meltdown is an Intel ONLY issue.
In any case I will also advice this lovely company to buy a few AMD systems for proper testing and not assume that whatever works on Intel will also work on AMD. It's the same case as with game developers 5-10 years ago, before the GCN consoles, where they where testing their games only on Nvidia systems, making AMD's drivers look bad.
2- This whole meltdown thing just shown me how much people around the world are biased towards Intel. Everyone, including media, are basically trying to hide what is the biggest security flaw ever in the history of technology and making it seem like is just a "patchable" thing that dissapears once you patch it.
We are talking about a flaw that can compromise ANY PC, be it consumer or enterprise. And everyone trying to convince people that they just need to patch it and that is WRONG. This meltdown thin is NO JOKE, a patch can always be reversed by a hacker, when the flaw is physically on the CPU. The correct posture from the media was to tell everyone to switch platform ASAP! And no I´m not over reacting. This is not happening because everyone knows Intle has like 95% of the market and it would be a disaster with everyone needing to change computer. But this just shown me how we are "controlled", we are shills, that´s all. Anyone is at risk right now using Intel CPUs with this meltdown thing. Your bank account details, your credit card infos, your passwords, everything is at risk. Yes the patch made it a bit more difficult, but what do you expect? Do you really think hackers will stop trying to do their thing because of a patch? A patch that they will eventually find ways to exploit and steal all your info from your kernel? Sure, good luck on that fellas.
The way media is handling this situation is shocking to me. Meanwhile Intel is announcing new products on CES (NUC with kaby lake + Vega, new coffee lake motherboards), the other brands are announcing new laptops and system with Intel CPUs like NOTHING HAS HAPPENED, and THIS IS WRONG. You are making everyone fool. NO ONE SHOULD USE CPUs WITH MELTDOWN ISSUE, PERIOD. DO NOT SUPPORT THESE COMPANIES TRYING TO FOOL YOU.
Sorry for the rant, but this whole situation made me mad because I´m into this kind of stuff and I know how harmful meltdown is.
The better way to look at this is that Spectre is a new family of vulnerabilities, affecting most modern processors. Meltdown is a subset of that, a specific vulnerability affecting (almost) all Intel processors. The way things have turned out is a bit strange, especially considering the initial reaction and coverage.
Meltdown mitigation measures in the form of KAISER-type patches (KPMI in Linux and functionally similar patches for Windows and MacOS) are fairly effective. While not resolving the issue, it is an effective mitigation of this particular hardware issue. At this time, Linux has AMD processors excluded and same appears to be true for Windows patches (it's a bit more complex as the same update includes parts for Spectre mitigation). And yes, this causes a measurable performance hit for Intel processors. Initial estimate of maybe 5% in general and worst cases 30% appears to be accurate as well.
Meltdown patch cannot be reversed by hacker, at least not from within the patched operating system.
Spectre is like opening a whole can of worms and it does affect almost all current processors (all, if we look at desktop). There is no straightforward fix Spectre class of vulnerabilities. There are mitigation measures that are being taken. This includes updates to firmware, microcode, operating system kernels and even pieces of software separately.
90 billion dollars in revenue
21 billion dollars in profit
and they are sitting on a massive hoard pile of cash of around 130 billion dollars.
www.microsoft.com/investor/reports/ar17/index.html
Media and big corporations manipulate everyone. Is shocking. This meltdown thing is no joke and should be terminated immediatly. Yes I know it would give a big loss to a lot of people but one day things will get worse, trust me they will. The correct thing to do, if we lived in a world not controlled by superior corporations, was telling EVERYONE to change their systems immediatly. Not keep releasing CPUs with meltdown flaws and annoucing new product lines with it. All of this is shocking to me. I was never the conspiracies kind of guy, but this situation called my attention to the current world we live now. Because I´m into this stuff and I know what meltdown flaw is. It is shocking, trust me. No other flaw in the past beat this one, not even the PSN servers thing in 2011 or the XBlaster on Windows XP in 2001.
All my systems were Intel and I´m currently switching everything to AMD. No way I want to run a flawed CPU 24/7, I will not wait for some hacker to reverse the patch line codes and do his thing, now that the flaw is known worldwide and anyone that can read code lines can debunk it. Easy! Too easy!
Meltdown is effectively solved by the patches that are being rolled out. The core of what the Meltdown patches do is to clean cache (and TLB) during context switch.
Edit:
Pretty much all of Manu_PT's last post is wrong, except the first sentence. And even that is subjective. Meltdown seems to be much easier to mitigate.
Should I uninstall KB4056982 which i installed manualy? I have a AMD 7th. Generation APU A6-9500B.
Regards.
Using Powershell you can check what the patch actually did apply:
betanews.com/2018/01/05/microsoft-powershell-meltdown-spectre-script/
For AMD CPUs, in the Speculation control settings for CVE-2017-5754 [rogue data cache load] section it should show - Hardware requires kernel VA shadowing: False
Is like having a powerful and very dangerous virus on your PC that you just can´t delete. You just wrote lines to control it and make it quiet. Very different things. Is still dangerous when you have a bomb that can be detonated at any time. Even a website can mess your meltdown patch and you are open again. This will be a never ending fight between hackers and continous OS patches. Yes because there are more to come, don´t worry. As soon as this one is debunked and easily exploitable.
If you have no problems by using a CPU at that constant risk, that´s up to you. I refuse to.
When that information is not there, the CPU is not going to be able to read it. No, it cannot. What are you going back to, one of the Atoms? :)
For Meltdown, AMD and most of ARMs seem to be unaffected. For Spectre, here is a list:
forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128