Meltdown and Spectre vulnerabilities.

Thread: Meltdown and Spectre vulnerabilities.

  1. JonEp's Avatar

    JonEp said:

    Default Meltdown and Spectre vulnerabilities.

    Meltdown and Spectre are serious vulnerabilities built into the chip set of nearly all the computers including brand new ones on sale in the stores.

    I have been trying to get all my kit patched, Most windows 10 patched Meltdown with an update but not Spectre which is apparently more difficult to fix.

    My servers refused to take any of the MS patches despite running Server 2016.

    I know there was problems with the patch, AV and a required registry key needed to be present for the patch to run. In the end the only way I got Meltdown protection was a re image and ran updates before install anything else.

    You can check the status of a computer using the free InSpectre tool [Only registered and activated users can see links. ]

    Has anyone else had any problems with this ?
    Last edited by JonEp; 7th May 2018 at 10:47 AM.
     
  2. c0axial's Avatar

    c0axial said:

    Default Re: Meltdown and Spectre vulnerabilities.

    [Only registered and activated users can see links. ]

    [Only registered and activated users can see links. ]
     
  3. JonEp's Avatar

    JonEp said:

    Default Re: Meltdown and Spectre vulnerabilities.

    The reality is almost every laptop, PC, server and phone on sale in the likes of PCWorld etc is vulnerable to the attacks out of the box, never mind legacy kit.

    I wonder what the fall out will be longterm. Medical records, credit history and criminal records are are all for the taking if the vulnerabilities are able to be exploited as there appears to be no real fix and no secure hardware to replace?
    Last edited by JonEp; 8th May 2018 at 03:12 AM.
     
  4. evilsatan's Avatar

    evilsatan said:

    Default Re: Meltdown and Spectre vulnerabilities.

    The "fixes" can have double digit impact on performance, reported to mainly affect processors over 4 years old such as Intel Ivy Bridge and earlier so that alone will put off some from patching. From what I've read the fixes so far require a Windows patch, Intel ME firmware upgrade (if on your system) and BIOS updates so most normal users won't have installed anything other then the Windows patch and depending on their AV that may not even install, let alone older systems where the BIOS won't be updated by the manufacturer.

     
  5. evilsatan's Avatar

    evilsatan said:

    Default Re: Meltdown and Spectre vulnerabilities.

    My laptop is fully patched with little-no speed penalty according to Jons tool (coaxials tool was blocked by Chrome and Eset - presumably a false positive if it runs code to dummy exploit the vulns), but my main PC (i5-2500k) needs a microcode patch and this will affect the speed. This PC still powers through everything like a trooper, it's overclocked so will read up about real-world performance as this was such a popular proc. I read the blurb and it seems that if the BIOS won't be updated by the board manufacturer then Microsoft have released some patches if the processors have had the microcode patched by Intel:
    [Only registered and activated users can see links. ]