Microsoft Halts Meltdown-Spectre Patches to AMD PCs as Some Turn Unbootable

[londiste]

Why? Because what that patch is doing is basically screaming at the CPU "no you won´t be doing this, you are blocked, find another route". Because if the CPU does what it was programmed to, it will put valuable information on a place where a hacker can access. Wich is what meltdown is, in easy non complex words. This is not your common insecure software code that can be 100% patched. This is on the core of the CPUs!

What the patch does is tell CPU to clean out the valuable information from a place where hacker can access before the hacker gets to the point where he can access it.
When that information is not there, the CPU is not going to be able to read it.

Even a website can mess your meltdown patch and you are open again.

No, it cannot.

If you have no problems by using a CPU at that constant risk, that´s up to you. I refuse to.

What are you going back to, one of the Atoms?
For Meltdown, AMD and most of ARMs seem to be unaffected. For Spectre, here is a list:
https://forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128

 

[_JP_]

It would be a different story if that patch would bin applied by CPU micro code or BIOS fix, not Software / OS fix.

Manufacturers are actively releasing BIOS/UEFI updates to mitigate the known CVEs, for systems in their support's timeframe. Check for updates on your manufacturer's website.

 

[I No]

That people actually believe, that a 'patch' will solve this thing, lol. Patch will be overwritten and your system is back to being vulnerable again. It takes some time for hackers to develop a serious exploit.


You sure? If a hacker would succesfully write his own patch to disable that patch, then that CPU goes back to doing normal thing again, making it vulnerable. He is right. The scale of Meltdown is easily underestimated. Every intel CPU is vulnerable. It would be a different story if that patch would bin applied by CPU micro code or BIOS fix, not Software / OS fix.

The mitigation for Meltdown has the following parts : OS Updates and BIOS firmware (ASUS were among the first ones to roll out the BIOS update that INCLUDES the mitigation). Meltdown IS mitigated thus far. Techspot even has a benchmark on it. At this point this is turning to be a contest between which is worse Specter or Meltdown ... and it shouldn't be the case since BOTH are serious vulnerabilities that are being mitigated until a possible fix will be out with tech companies working around the damn clock to find a fix that will not impact performance. Stop acting like nobody is working on the matter and furthermore stop spreading FUD.

 

[PLAfiller]

If you have no problems by using a CPU at that constant risk, that´s up to you. I refuse to.

I don't think this is right. I literary assembled my PC a few months ago. And probably use it for 5-7 years or so. Like millions of people that are not super tech savvy/ on a budget. Are you suggesting all of us should just sell, or whatever our current systems and switch right away with substantial cost taken on our account? This makes no sense to me. Problem is being solved and with adequate user behavior lots of dangers can be avoided.

 

[Captain_Tom]

The Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...

 

[ssdpro]

]please update the image to reflect that the issue happens on older chipsets and/or add more information, Ryzen seems not to be affected so far. As it stands, it is vague and creates FUD around which AMD products this is being affected, with reports so far pointing to K8-era hardware. It is enough that this is already happening with Intel CPUs..

AMD already confirmed their CPUs are vulnerable to variant 1 and variant 2. The internet trolls like to say AMD isn't vulnerable to variant 2 since AMD says "there is near zero risk". Near is not "no". All of this is near zero for all CPUs. RyZen is AMD's current product and this is their problem (bricking PCs). And yes, Intel sucks. Just being fair.

 

[64K]

The Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...

I think MS has shifted the burden of QA and testing from themselves to their customers. Pretty damn lazy of them and what happened here is a result of that mindset.

 

[Jism]

The Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...

Install W7 X64. And use it for another 2 years untill support ends up. By that time, linux and Wine is getting so accepted that you should be able to create an alternative OS easily. It's the same i'm doing. You cant tell how many computers every month get bricked due to failed updates.

 

[Captain_Tom]

I think MS has shifted the burden of QA and testing from themselves to their customers. Pretty damn lazy of them and what happened here is a result of that mindset.

I am sure that is part of it. But then if that's the way MS wants to do things... Why are they making the updates mandatory?!


If they thoroughly tested each update themselves, then I would understand (a little) why they want to force updates for security reasons. But that is clearly not true if they released this update without testing it on AMD systems! LOL what is this amateur hour?

 

[_JP_]

AMD already confirmed their CPUs are vulnerable to variant 1 and variant 2. The internet trolls like to say AMD isn't vulnerable to variant 2 since AMD says "there is near zero risk". Near is not "no". All of this is near zero for all CPUs. RyZen is AMD's current product and this is their problem (bricking PCs). And yes, Intel sucks. Just being fair.

This news article and my reply refer to Microsoft's patch and it's effect on older AMD processors/chipset, NOT the vunlnerabilty of AMD's line-up to Spectre I and II. That aspect wasn't in evidence here and has not been discussed. Please, don't create confusion over this.

 

[Captain_Tom]

Install W7 X64. And use it for another 2 years untill support ends up. By that time, linux and Wine is getting so accepted that you should be able to create an alternative OS easily. It's the same i'm doing. You cant tell how many computers every month get bricked due to failed updates.

I am sorry I had to stop myself from laughing myself out of my chair. Look I want Linux to be a viable alternative just as much as you, but it ISN'T. It isn't even close!


P.S. Let me go boot up my SteamOS system. That should be well supported after 5 years right? Oh wait...

 

[DeathtoGnomes]

if m$ is pointing fingers at anyone, intel paid them to point at AMD. #conspiracytheories

 

[ssdpro]

Please, don't create confusion over this.

I am not sure what is confusing? This article is about a MS patch and its effect on AMD processors. That same update applied to Intel processors without issue. The variable is AMD which is why the AMD pic was used. This isn't confusing stuff.

 

[Casecutter]

if m$ is pointing fingers at anyone, intel paid them to point at AMD. #conspiracytheories

This... while btarunr continues to propagate the two (Intel/MS) as "holier-than-thou" and bashes AMD and their resent CPU product, when it appears it's not!

 

[ssdpro]

This... while btarunr continues to propagate the two (Intel/MS) as "holier-than-thou" and bashes AMD and their resent CPU product, when it appears it's not!

I have no idea what is so confusing to people here or if this is trolling or marketing stuff. This article has nothing to do with Intel. The problem is an MS update applied on some systems running AMD processors. AMD has even acknowledged it. See the update to the first post/story. I really don't think there is some massive Techpowerup/btarunr/Intel conspiracy here. The update applied to both Intel and AMD systems. Intel systems had no problem reports. AMD systems did. Same patch, different hardware. The variable was AMD hence the pic and title.

 

[INSTG8R]

Last one broke my ASUS Software I use to control my fans. I got so frustrated last night I finally just reset Windows and blocked updates for a bit. Now I’m afraid to even turn the damn thing on as I got it “back” to where I want it.
https://rog.asus.com/forum/showthre...-update-KB4056892-(Intel-vulnerability-patch)

 

[Casecutter]

I have no idea what is so confusing to people here or if this is trolling or marketing stuff. This article has nothing to do with Intel. The problem is an MS update applied on some systems running AMD processors. AMD has even acknowledged it. See the update to the first post/story. I really don't think there is some massive Techpowerup/btarunr/Intel conspiracy here. The update applied to both Intel and AMD systems. Intel systems had no problem reports. AMD systems did. Same patch, different hardware. The variable was AMD hence the pic and title.

"issue with some older generation processors"
But, honestly is it effecting Ryzen and why doesn't btarunr change the picture he's implicating Ryzen is part of this... it's not!

 

[MarcusTaz]

Why the Ryzen image???

btarunr - pls remove it!!!

Agreed!

 

[Red_Machine]

I think I'm a victim of this as well, despite having an Intel CPU. My PC wouldn't boot this morning and I had to do startup repair; I saw this news and went to check my recently installed updates, and this particular update was pending install. So I'm thinking that startup repair rolled it back and it's going to fuck up again. I'll have to wait and see.

 

[Manu_PT]

What the patch does is tell CPU to clean out the valuable information from a place where hacker can access before the hacker gets to the point where he can access it.
When that information is not there, the CPU is not going to be able to read it.
No, it cannot.
What are you going back to, one of the Atoms?
For Meltdown, AMD and most of ARMs seem to be unaffected. For Spectre, here is a list:
https://forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128

1- No it doesn´t clean anything. It just stops the CPU from using that space to put information easily accessible for it to perform tasks quicker. If the patch was only about cleaning, it would do nothing because before the hacker could have that information in 1 milisecond. This is why CPUs will be a bit slower in some tasks, because it is not operating as it was suppose to, is not because of cleaning, that would have no performance hit at all.

2- Spectre is not nearly as dangerous as Meltdown. It is harder to fix, wich doesn´t mean is as bad. There are websites with more dangerous threats than spectre itself, and in AMD case, it only gets really affected by 1 of its variants.

3- Meltdown is considered the worst security flaw ever in history, for a reason.

You guys are protecting intel to death. Meltdown is not an issue that you can solve with a patch. you will be installing new patches forever as long as you use intel Cpus, because this war will never end. When the flaws are on the hardware itself any patch can lose its effect in days. You will see.

 

[londiste]

Patches do not stop CPU from using caches. It will make sure these are cleaned out as much as possible in certain situations where getting stuff from cache maliciously is possible. Performance hit comes from both the process of clearing and because cached information has to be reloaded from RAM which is very slow.

Well, if you want to be technically correct, KAISER makes sure (better than before) that user memory space is separate from kernel memory space but on microarchitecture level clearing caches should be the end result.

Would you like to explain why it is not an issue that can be solved with a patch?

 

[wiyosaya]

I somewhat hate to say this, but M$ had been pushing broken Windows 10 updates before the creator's update - at least for me. Most every update broke something I used, and in searching for solutions, I found that there were others experiencing the same problems. So, it in the least does not surprise me that they pushed yet another broken update. For me, the resolution to this was to turn off updates on my 10 pro pcs, and disable the windows update service on my 10 home pc. That way, I am in control of my updates, and the only way that I update is to do an image backup right before updating so if M$ has borked something, I have a way back to a working system.

That said, M$ really needs to learn regression testing and quality control, IMO.

 

[londiste]

Meltdown is not an issue that you can solve with a patch.

Meltdown paper seems to disagree with you:

The KAISER patch by Gruss et al. [8] implements a stronger isolation between kernel and user space. KAISER does not map any kernel memory in the user space, except for some parts required by the x86 architecture (e.g., interrupt handlers). Thus, there is no valid mapping to either kernel memory or physical memory (via the direct-physical map) in the user space, and such addresses can therefore not be resolved. Consequently, Meltdown cannot leak any kernel or physical memory except for the few memory locations which have to be mapped in user space.
We verified that KAISER indeed prevents Meltdown, and there is no leakage of any kernel or physical memory.
Furthermore, if KASLR is active, and the few remaining memory locations are randomized, finding these memory locations is not trivial due to their small size of several kilobytes.

You are technically correct that it does not fix the issue, it is a mitigation measure. However, it does effectively mitigate the problem to the degree where it is not feasible to use the vulnerability. The paper describes the situation further:

As hardware is not as easy to patch, there is a need for software workarounds until new hardware can be deployed. Gruss et al. [8] proposed KAISER, a kernel modification to not have the kernel mapped in the user space. This modification was intended to prevent side-channel attacks breaking KASLR [13, 9, 17]. However, it also prevents Meltdown, as it ensures that there is no valid mapping to kernel space or physical memory available in user space. KAISER will be available in the upcoming releases of the Linux kernel under the name kernel page-table isolation (KPTI) [25]. The patch will also be backported to older Linux kernel versions. A similar patch was also introduced in Microsoft Windows 10 Build 17035 [15]. Also, Mac OS X and iOS have similar features [22].

Although KAISER provides basic protection against Meltdown, it still has some limitations. Due to the design of the x86 architecture, several privileged memory locations are required to be mapped in user space [8]. This leaves a residual attack surface for Meltdown, i.e. , these memory locations can still be read from user space. Even though these memory locations do not contain any secrets, such as credentials, they might still contain pointers. Leaking one pointer can be enough to again break KASLR, as the randomization can be calculated from the pointer value.

Still, KAISER is the best short-time solution currently available and should therefore be deployed on all systems immediately. Even with Meltdown, KAISER can avoid having any kernel pointers on memory locations that are mapped in the user space which would leak information about the randomized offsets. This would require trampoline locations for every kernel pointer, i.e., the interrupt handler would not call into kernel code directly, but through a trampoline function. The trampoline function must only be mapped in the kernel. It must be randomized with a different offset than the remaining kernel. Consequently, an attacker can only leak pointers to the trampoline code, but not the randomized offsets of the remaining kernel. Such trampoline code is required for every kernel memory that still has to be mapped in user space and contains kernel addresses. This approach is a trade-off between performance and security which has to be assessed in future work.

 

[ensabrenoir]

Told you......Intel will not go alone into the cold dark night........

 

[laszlo]

Meltdown paper seems to disagree with you:


You are technically correct that it does not fix the issue, it is a mitigation measure. However, it does effectively mitigate the problem to the degree where it is not feasible to use the vulnerability. The paper describes the situation further:

what @Manu_PT try to explain is that current patch will become useless once the hackers(nsa) will manage to undo is effects and use the vulnerability again ... so we may have an endless release of patches(if hackers successful attack is discovered..) .... patching the previous patch without success as a soft patch can't fix a cpu architecture design which has a flaw (feature)...