Major Intel CPU Hardware Vulnerability Found

[Regeneration]

https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions

Even if the mb manufactures doesn't bother to update the microcode and microsoft doesn't bother to update the microcode loaded by windows you can still use a newer microcode in windows following the stuff in the link above, but we still need Intel to release a microcode update (the latest https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File is from 11/17/2017).

Keep in mind that if you decide to use the method described in the link above you do it on your own risk.

(I saw no problems on my Haswell cpu while using the method described in the link above to update the microcode, but well this is just my case.)

Note 1 : On boot the bios will load the old microcode, the stuff from the above link is basicaly a driver that will load a newer microcode (as long as it's available) in Windows (it has to be loaded every time Windows starts because it doesn't changes the microcode in your bios).
Note 2: From what I tested with this stuff I know it also works with AMD k10 cpus but it doesn't work with AMD k8 cpu (similar with linux, didn't bothered to read the amd k8 family cpu errata, maybe the k8 microcode update procedure is bugged or well there is no such procedure to begin with).

In Linux you can update the cpu microcode from Drivers Manager (or whatever the name for this things is in your distro). It's actually easier in Linux .

Don't even try it. VMware CPU Microcode Updater can fry your hardware.

 

[Bill_Bright]

You say that, but look at how many data leaks get reported and you can't possibly be convinced this won't go south at some point.

And how many of those leaks occurred because the system administrator failed in their responsibilities and neglected to keep the system and system security fully updated in a timely basis? Virtually all of them. How many of those were then exploited because the user of the outdated computer was "click-happy" on some unsolicited link, download, attachment or popup? Virtually all of them.

So stop panicking! Microsoft already released patches. Intel already issued updates. Many were available BEFORE Meltdown and Spectre were disclosed!

At least Asus has released a new Bios update for my Board

Gigabyte has for mine too.

And, except in rare circumstances, the fixes do NOT impart any performance hit.

(My bold underline added to R-T-B's comment below to illustrate my following point)

Bill, I like you, but you really don't understand this one. This vulnerability, if allowed unchecked, is akin to being locked in a cage in a house with money, with the keys to cage in hand.

If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine... Yes, undetected, from within your own VM. In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked. That's how bad this is unpatched, and there is no exaggeration there.

I do fully understand. Sorry (and I like you too) but it is you who don't understand the threat here. To continue your analogy, that house is still locked and surrounded by security - just like me and my computer are now! A bad guy still must get through my locked doors and security to get in. And even I have to purposely unlock and disable my security to get out with my money!

You are suggesting anyone with a VM automatically has access to and can see the data in memory of any other VM on that same machine. That is NOT true. Certainly not that simple. The badguy (who must have root access in the first place), must be running a program on the hacked system which is then used to gain access to the memory in other VMs. Having access to the memory does NOT mean any ol' Jane or Joe can see (and make sense of) the data in that memory.
Therefore, there are several big IFs that must fall into place before this vulnerability can be exploited. So yes, you are exaggerating this.

The knee jerk reaction to this story was totally overblown.

I think it is more precise to say, "there was a knee jerk reaction to the totally overblown reporting of this story".

It IS a big story because it potentially affects so many devices. I am not denying that! But the story has been blown way out of proportion by the IT press, bloggers and parrots with all the exaggerated claims the impact will be. Because, there are many hurdles the bad guy must bypass first before this vulnerability can be exploited (as R-T-B correctly noted) IF allowed unchecked.

 

[Vya Domus]

Having access to the memory does NOT mean any ol' Jane or Joe can see (and make sense of) the data in that memory.

???

Then what does having access to a portion memory mean other than the fact that you can read from it ? You do know that all that is stored there can be easily interpreted , it's all just data or instructions or addresses to either one of them. Once you can see what is there it doesn't take much effort to find out what is going on.

 

[Deleted member 163934]

Don't even try it. VMware CPU Microcode Updater can fry your hardware.

I wrote: "Keep in mind that if you decide to use the method described in the link above you do it on your own risk." for a reason.

Also I doubt the current microcode from Intel is fixing the current vulnerability. At least for my Haswell both 11/17/2017 ( https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File ) and 7/7/2017 (https://downloadcenter.intel.com/download/26925/Linux-Processor-Microcode-Data-File) update to the same revision: 22. If Intel would had release a microcode update back in 7/7/2017 to solve this doubt all the news about this problem would had existed .

I doubt it will fry the hardware but well if the BIOS/UEFI is coded in weird ways it can easily mess up with it and make the pc not boot. (It's not like Ubuntu 17.10 didn't messed up some Lenovo laptops http://www.omgubuntu.co.uk/2017/12/ubuntu-corrupting-lenovo-laptop-bios ).
Brand pcs/laptops have higher chances to not play well with microcode update done this way (or in the way linux can do it) mostly because they have a passion to just lock things for no reason at all...

 

[jsfitz54]

Closing backdoors is a good thing. Major data leaks that affect national security and private finance and utility companies and hospitals needs to stop.
This has been going on more heavily these past 2 years.

I'm glad for the shake up.

Who do we have to blame?
Nefarious actors include: North Korea, Russia, China, Iran and others.

 

[TheoneandonlyMrK]

And how many of those leaks occurred because the system administrator failed in their responsibilities and neglected to keep the system and system security fully updated in a timely basis? Virtually all of them. How many of those were then exploited because the user of the outdated computer was "click-happy" on some unsolicited link, download, attachment or popup? Virtually all of them.

So stop panicking! Microsoft already released patches. Intel already issued updates. Many were available BEFORE Meltdown and Spectre were disclosed! Gigabyte has for mine too.

And, except in rare circumstances, the fixes do NOT impart any performance hit.

(My bold underline added to R-T-B's comment below to illustrate my following point)


I do fully understand. Sorry (and I like you too) but it is you who don't understand the threat here. To continue your analogy, that house is still locked and surrounded by security - just like me and my computer are now! A bad guy still must get through my locked doors and security to get in. And even I have to purposely unlock and disable my security to get out with my money!

You are suggesting anyone with a VM automatically has access to and can see the data in memory of any other VM on that same machine. That is NOT true. Certainly not that simple. The badguy (who must have root access in the first place), must be running a program on the hacked system which is then used to gain access to the memory in other VMs. Having access to the memory does NOT mean any ol' Jane or Joe can see (and make sense of) the data in that memory.
Therefore, there are several big IFs that must fall into place before this vulnerability can be exploited. So yes, you are exaggerating this.
I think it is more precise to say, "there was a knee jerk reaction to the totally overblown reporting of this story".

It IS a big story because it potentially affects so many devices. I am not denying that! But the story has been blown way out of proportion by the IT press, bloggers and parrots with all the exaggerated claims the impact will be. Because, there are many hurdles the bad guy must bypass first before this vulnerability can be exploited (as R-T-B correctly noted) IF allowed unchecked.

Reassuring to a point and I don't dissagree with any of it but there are two points that you are not accounting for.
Intel and clearly a few others knew about this for a while yet only disclosed when forced to which to me means also only what they were forced to.
There can be no way to know if this is the extent of the issue, it's clear intel would not say if it's worse until pushed and due to the disparity of time between known and fixed ,a time in which many other hacks occoured some netting millions.
Systems were and already are compromised, perhaps not by this perhaps, but as you say access is required,it might already have been had ,but who can now definitely state that two months ago their email and the accounts it represents were safe /are safe, dramma yes but honestly I don't know, I'm sure ill get to know but would That be a year from now too, you see there's a third point, Trust not just in the hardware but in the Word of the Intel, they have work to do no doubt.

And play fair No one expects the average joe to be able to utilise this issue ,no one , it's potent professional actors that concern me.

 

[Bill_Bright]

???

Then what does having access to a portion memory mean other than the fact that you can read from it ? You do know that all that is stored there can be easily interpreted , it's all just data or instructions or addresses to either one of them. Once you can see what is there it doesn't take much effort to find out what is going on.

Right. So according to you, this vulnerability is so exposed to the world that any "ol' Jane and Joe" I referenced to above can easily use one VM system to run any old program to access the memory in another VM system, and then totally understand the raw hexidecimal data stored in memory on that other VM system.

Okay. We are all doomed.

 

[Vya Domus]

Right. So according to you, this vulnerability is so exposed to the world that any "ol' Jane and Joe" I referenced to above can easily use one VM system to run any old program to access the memory in another VM system

I am not saying every idiot can jump in and do that , obviously they can't. But you said gaining access to the memory of another VM isn't enough to do anything which just isn't really true. That's why there is all this security in the first place for Christ sake.

and then totally understand the raw hexidecimal data stored in memory on that other VM system.

Those hexadecimal values aren't complete gibberish to everyone, you can eventually track down and decode the instructions and data and determine what is going on , that's what this is about. To what degree that is useful I don't know but clearly there is a concern for it.

 

[notb]

https://access.redhat.com/articles/3307751

8-19% in heavy I/O load (sysbench, pgbench - fairly realistic stuff for datacenters)
3-7% in DSS and JVM
2-5% in HPC

Bad, but very far from the 30% or more apocalypse that many hoped for.
I mean: it's not like servers and supercomputers will stop working and tomorrow you'll wake up in a world where some things - like weather forecasts - don't work very well.
It's nothing that can't be quickly compensated by getting a bit better or more stuff. Especially when Intel will pay for most of it.

RedHat is going to optimize the patch further, so expect a decent improvement.

Possibly a good time to buy Intel stock if you haven't done that in the morning.

 

[Bill_Bright]

but there are two points that you are not accounting for.
Intel and clearly a few others knew about this for a while yet only disclosed when forced to which to me means also only what they were forced to.

I did account for it, a couple times already in this thread. Way back in post #64 I said,

Others are criticizing Intel for being secretive about this. Of course they are be secretive. In any security situation (not just computer security) you don't go blabber-mouthing your vulnerabilities to the world letting the bad guys know your weaknesses.

And I pointed out in post #202 above that Intel already released patches too which shows they have been working on it for some time.

Systems were and already are compromised, perhaps not by this perhaps, but as you say access is required,it might already have been had ,but who can now definitely state that two months ago their email and the accounts it represents were safe /are safe, dramma yes but honestly I don't know

Thank you pointing out your comment is "drama" - further illustrating my point that this "story" is being blown way out of proportion.

Those hexadecimal values aren't complete gibberish to everyone, you can eventually track down and decode the instructions and data and determine what is going on , that's what this is about. To what degree that is useful I don't know but clearly there is a concern for it.

NOT ONCE did I say this issue was not of concern. In fact, I said "This IS a big story". But even now you are admitting it would take someone with special skillsets and tools to "eventually track down and decode the instructions and data and determine what is going on".

Possibly a good time to buy Intel stock if you haven't done that in the morning.

Actually, Intel stocks are doing just fine. And I am very happy I started buying (through an allotment so I would not miss it out of my paycheck) $50 worth of Intel per month starting in 1995 in a DRIP account as I now have 578.348647 shares.

 

[TheoneandonlyMrK]

https://access.redhat.com/articles/3307751

8-19% in heavy I/O load (sysbench, pgbench - fairly realistic stuff for datacenters)
3-7% in DSS and JVM
2-5% in HPC

Bad, but very far from the 30% or more apocalypse that many hoped for.
I mean: it's not like servers and supercomputers will stop working and tomorrow you'll wake up in a world where some things - like weather forecasts - don't work very well.
It's nothing that can't be quickly compensated by getting a bit better or more stuff. Especially when Intel will pay for most of it.

RedHat is going to optimize the patch further, so expect a decent improvement.

Possibly a good time to buy Intel stock if you haven't done that in the morning.

That many hoped for, i did wonder where you was but no more.
Whos hoping for a shitter outcome then is necessary , poor choice of words , surely even intel Hater's realise no good comes from such a thing , see my other posts for common sense comments on the security issues your missing completely.
I am not one of those who dramatised the performance penalties btw before you suggest it.


@Bill_Bright my coment sounded like dramma did it so show me why and how your so sure email servers were safe two Months ago then.
You dodged that question last time to imply i was being dramatic , crack on and illuminate me i would love further reassurance.

 

[notb]

Actually, Intel stocksare doing just fine.

That's what I meant. Obvious correction. Also AMD is going down.

And I am very happy I started buying (through an allotment so I would not miss it out of my paycheck) $50 worth of Intel per month starting in 1995 in a DRIP account as I now have 578.348647 shares.

Hm... not bad. I'm currently opening an account for buying stocks outside of my country this year for a similar saving idea. For now I can only access these markets via financial derivatives.
I just wished I did it earlier, because I missed the AI/Autonomous car boom.
Maybe I'll find something else or just keep buying Microsoft, Intel and NVIDIA for the next 20 years.

 

[FireFox]

I have it as well.. did you check the history and see if it already installed?

Yeap i have checked and nothing there.

 

[notb]

Whos hoping for a shitter outcome then is necessary

You didn't read these few threads very closely, did you?

surely even intel Hater's realise no good comes from such a thing

I very much doubt they do.

see my other posts for common sense comments on the security issues your missing completely.
I am not one of those who dramatised the performance penalties btw before you suggest it.

You've taken it very personally. I wonder why.

 

[TheoneandonlyMrK]

Maybe I'll find something else or just keep buying Microsoft, Intel and NVIDIA for the next 20 years.


explains a lot , I've found a signature i think.

 

[P4-630]

Yeap i have checked and nothing there.

It must be in the first 2018 update that you already have installed IIRC.

 

[Bill_Bright]

@Bill_Bright my coment sounded like dramma did it so show me why and how your so sure email servers were safe two Months ago then.

That's just silly and you know it. Show us where BT was not hacked in November. Show us unicorns don't exist. Show us TPU was not hacked last year. Show us ANY - even one - report from any of the 1000s of security experts looking at this that these vulnerabilities have been exploited.

I just wished I did it earlier

I've said that a million times - even with Intel. If I started investing in Intel in 1980 when I first learned of Intel (I lived in Albuquerque back then), I would be a millionaire many times over by now. Same with bitcoin and many other missed opportunities I was too scared to risk the money on.

 

[TheoneandonlyMrK]

That's just silly and you know it. Show us where BT was not hacked in November. Show us unicorns don't exist. Show us TPU was not hacked last year. Show us ANY - even one - report from any of the 1000s of security experts looking at this that these vulnerabilities have been exploited.
I've said that a million times - even with Intel. If I started investing in Intel in 1980 when I first learned of Intel (I lived in Albuquerque back then), I would be a millionaire many times over by now. Same with bitcoin and many other missed opportunities I was too scared to risk the money on.

Thing is i agreed with you at first it's all to dramatic ,you say im adding drama lol but no i just have doubts and accounts im looking for reassurance on that's impossible to get see , it may yet be about right on the dramma scale ,we may both be wrong in a year.

 

[FireFox]

It must be in the first 2018 update that you already have installed IIRC.

This is the update KB4056892 right?

 

[Bill_Bright]

Woody Leonard pointed readers to this nice read, A Simple Explanation of the Differences Between Meltdown and Spectre.

Note the following, my bold added,

Both Meltdown and Spectre allow low-privilege users who execute code on your system to read sensitive information from memory via Speculative Execution.

 

[P4-630]

This is the update KB4056892 right?

Yeah, I thought you posted a screenshot of it before but I can't seem to find it anymore.

 

[FireFox]

Yeah, I thought you posted a screenshot of it before but I can't seem to find it anymore.

So, you have confirmed what i continue telling you, i don't have that update
#118

 

[P4-630]

So, you have confirmed what i continue telling you, i don't have that update
#118

Hmm, ok.
I have read something about that the update depends on what anti virus you have installed.

"Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact yourAnti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine"

https://www.google.nl/search?q=kb40...rome..69i57.5563j0j4&sourceid=chrome&ie=UTF-8

 

[xkm1948]

 

[TheoneandonlyMrK]

Hmm, ok.
I have read something about that the update depends on what anti virus you have installed.

"Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact yourAnti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine"

https://www.google.nl/search?q=kb40...rome..69i57.5563j0j4&sourceid=chrome&ie=UTF-8

Strange so Av has a say , my rig installed that update on a strange 2am reboot last night ,i say strange because its set up to let me decide when to install nit just reboot whenever as it did but hey ho.

So i checked my four other rigs a mix of Av solutions on them unlike mine on security essentials and no sign of the patch.
It seams to be as you say Av dependant when you get patched.