Meltdown and Spectre vulnerabilities.

Thread: Meltdown and Spectre vulnerabilities.

  1. JonEp's Avatar

    JonEp said:

    Default Meltdown and Spectre vulnerabilities.

    Meltdown and Spectre are serious vulnerabilities built into the chip set of nearly all the computers including brand new ones on sale in the stores.

    I have been trying to get all my kit patched, Most windows 10 patched Meltdown with an update but not Spectre which is apparently more difficult to fix.

    My servers refused to take any of the MS patches despite running Server 2016.

    I know there was problems with the patch, AV and a required registry key needed to be present for the patch to run. In the end the only way I got Meltdown protection was a re image and ran updates before install anything else.

    You can check the status of a computer using the free InSpectre tool [Only registered and activated users can see links. ]

    Has anyone else had any problems with this ?
    Last edited by JonEp; 7th May 2018 at 09:47 AM.
     
  2. c0axial's Avatar

    c0axial said:

    Default Re: Meltdown and Spectre vulnerabilities.

    [Only registered and activated users can see links. ]

    [Only registered and activated users can see links. ]
     
  3. JonEp's Avatar

    JonEp said:

    Default Re: Meltdown and Spectre vulnerabilities.

    The reality is almost every laptop, PC, server and phone on sale in the likes of PCWorld etc is vulnerable to the attacks out of the box, never mind legacy kit.

    I wonder what the fall out will be longterm. Medical records, credit history and criminal records are are all for the taking if the vulnerabilities are able to be exploited as there appears to be no real fix and no secure hardware to replace?
    Last edited by JonEp; 8th May 2018 at 02:12 AM.
     
  4. evilsatan's Avatar

    evilsatan said:

    Default Re: Meltdown and Spectre vulnerabilities.

    The "fixes" can have double digit impact on performance, reported to mainly affect processors over 4 years old such as Intel Ivy Bridge and earlier so that alone will put off some from patching. From what I've read the fixes so far require a Windows patch, Intel ME firmware upgrade (if on your system) and BIOS updates so most normal users won't have installed anything other then the Windows patch and depending on their AV that may not even install, let alone older systems where the BIOS won't be updated by the manufacturer.

     
  5. evilsatan's Avatar

    evilsatan said:

    Default Re: Meltdown and Spectre vulnerabilities.

    My laptop is fully patched with little-no speed penalty according to Jons tool (coaxials tool was blocked by Chrome and Eset - presumably a false positive if it runs code to dummy exploit the vulns), but my main PC (i5-2500k) needs a microcode patch and this will affect the speed. This PC still powers through everything like a trooper, it's overclocked so will read up about real-world performance as this was such a popular proc. I read the blurb and it seems that if the BIOS won't be updated by the board manufacturer then Microsoft have released some patches if the processors have had the microcode patched by Intel:
    [Only registered and activated users can see links. ]

     
  6. onemc4you's Avatar

    onemc4you said:

    Default Re: Meltdown and Spectre vulnerabilities.

    All the patches are BS!
    Someone has to have physical contact with your server to do the Spector attack. Just lock your pc in a metal box and hide the key.

    Big brother in every device! All patches do is move the open door somewhere else.
    Atari computers are the only pcs not open to big brother attacks.

    Use virtual machines in linux and you better off!
    Windows as a server too much holes.


    Sent from my iPhone using Tapatalk
     
  7. Teajunkie's Avatar

    Teajunkie said:

    Default Re: Meltdown and Spectre vulnerabilities.

    Why are you posting in threads that Haven’t been posted in for a year?
    are you looking to be banned on your second post?
    Instagram and twitter @mrteajunkie.
     
  8. onemc4you's Avatar

    onemc4you said:

    Default Re: Meltdown and Spectre vulnerabilities.

    I dont know. Tapatalk is to blame. It said it was new


    Sent from my iPhone using Tapatalk