Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Meltdown/Spectre protection status?


  • Please log in to reply
27 replies to this topic

#1 saluqi

saluqi

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 10 January 2018 - 08:32 PM

Desktop: Dell XPS 8700, Windows 10 Professional, 64 bit, version 1709.  Avast Premier, Malwarebytes 3 Premium, all software up to date.

Laptop: Dell Inspiron 5537, Windows 10 Home, 64 bit, version 1703 (1709 has not yet been offered to this machine).  Avast Premier, Malwarebytes 3 Premium, all software up to date.

Both machines on a home network (Desktop via Ethernet cable, Laptop via WiFi) behind a Linksys EA2700 router.  Laptop is also used "on the road" and as such logs in automatically, via WiFi, to the office networks of a very few water agencies when I work there.  It is never used on any public network.

 

After Windows updates last night and (for laptop only) this afternoon, Desktop shows Cumulative Update KB 4056892 for 1709, Laptop shows Cumulative Update KB 4056891 for 1703

 

Am I correct in understanding that these "hotfix" updates include Microsoft's software patches intended to block the Meltdown and Spectre vulnerabilities?

 

If so, what other preventive steps are appropriate here?  BIOS/UEFI updates?  Patches to other software?  What else?

 

To the best of my recollection, the firmware on these computers has not been touched since they were new.  The desktop originally had Windows 7 Pro installed, and was upgraded directly to Win 10.  The laptop originally had Windows 8 installed, and was upgraded first to 8.1 and from there to Win 10.  Both machines have been kept fully updated at all times.


Edited by britechguy, 13 January 2018 - 05:20 PM.
Moved to General Security - Not Windows 10 Specific, per se


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:51 PM

Posted 10 January 2018 - 08:42 PM

If you wish to know the exact purpose(s) for any given Microsoft patch see the Microsoft Update Catalog and search on the KB number without any space between the 'B' and the digit sequence.

 

I know that Microsoft has pushed out the Spectre & Meltdown OS Patches for Intel processor systems and some AMD processor based systems and I believe the numbers you give are those patches.

 

You will need to check the support pages for your machines at the manufacturer's website to see when they release BIOS updates.  Only a very select few have done so as of today.  I'm expecting the BIOS updates to roll out over a period of weeks.

 

By the way, given the length of time that 1709 has been out you would not be acting prematurely in going to the Microsoft Windows 10 Download Page and using the Update Now button to trigger the Update Assistant for your machine still running version 1703.


Edited by britechguy, 10 January 2018 - 08:45 PM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#3 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 12 January 2018 - 12:26 AM

Looking at those patches it seems they are indeed the ones purporting to "mitigate" the Spectre and Meltdown vulnerabilities.  From your more recent post on this same subject I gather I will still need to update BIOS/UEFI when those patches become available.   I do understand the necessity of "going by the book" when updating the firmware.  I've done it before, on other machines.

 

I took the laptop to Settings/Windows Update; it said the 1709 update was available so that machine is now busy downloading the update.  Judging by the rate of progress that is going to take a few hours so I will probably have to let the update run overnight.  I have meetings beginning at 8 so can't stay up all night watching <G>.  I hope it will then, without further prompting, install the KB4056892 patch.



#4 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 13 January 2018 - 04:00 PM

Update to preceding: the Windows update ran to completion and the laptop is now running Version 1709.  There is, however, no sign of the KB4056892 patch.  The upgrade to 1709 seems to have wiped out all records of previous "hotfixes" and the ONLY one that Speccy now shows is "Feature Update to Windows 10, Version 1709" with no KB number, installed 1/12/2018.

 

Then I just now restarted it again and though it did not display the usual "updating" announcements, Speccy now shows three more hotfixes installed 1/13/2018.  Those are

 

Update for Windows 10 Version 1709 for x64-based Systems (KB4041994)

Update for Windows 10 Version 1709 for x64-based Systems (KB4058043)

2018-01 Security Update for Adobe Flash Player for x64-based Systems (KB4056887)

 

Note that before upgrading the laptop to Version 1709, Speccy did show successful installation of 2018-01 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4056891).  That seems to be the update that contained the Spectre/Meltdown patches.

 

I suppose I could find out more by wading through "Update History".



#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:51 PM

Posted 13 January 2018 - 05:18 PM

When you do a Version update all update history from the previous Version is purged because all of the fixes that are a part of a previous Version are already rolled in to the latest Version (at least up to the date of installation, anyway).

 

I don't know if one, the other, or both of your machines may be AMD processor based, but if either one is the OS update related to Spectre and Meltdown has been temporarily suspended until the issues it was causing with some machines are resolved.

 

There's no way any machine is going to have this particular patch omitted, but when, exactly, it will be applied can vary depending on a number of factors.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#6 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 14 January 2018 - 12:12 PM

Re: purging of update history, that makes sense.

 

Both machines have Intel processors.  The desktop has Intel Core i7-4790 CPU @ 3.60GHz, 4 cores, 8 threads.  The laptop has Intel Core i7-4500U CPU @ 1.80 GHz, 2 cores, 4 threads.  Both are Haswell 22nm technology.

 

It looks to me as if both machines are already patched at the software level, and I just have to wait for a BIOS/UEFI update from Dell.  Is there anything else I should be doing?  Apart, that is, from a critical review of my backup procedures?



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:51 PM

Posted 14 January 2018 - 03:06 PM

I can't think of anything else one can do.   We're all at the mercy of the OS patches and BIOS/UEFI updates at this point.   Applying each, respectively, as soon as is reasonably possible is the best one can do, period.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#8 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 14 January 2018 - 03:48 PM

Given the complexity of the things we are dealing with here, I suppose this kind of event is not surprising, and nobody should be considered "to blame" for it.  Perfection is an unrealistic expectation.  Is there any indication as to whether anyone has exploited these vulnerabilities?  My understanding is that we would have a hard time knowing.  Now that everybody knows about them, I suppose somebody is bound to try to see what they can do.  Would we still have a hard time knowing?

 

Scramble time for those designing the next generation of chip architecture, I dare say.



#9 waveofsecurity

waveofsecurity

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 15 January 2018 - 05:48 PM

Don't worry as for me it is a hype/

 

Let me describe my opinion.

What hackers use and why?

To introduce you to my sight i want to tell what hackers use and why. So

  • Malware – used to steal password, use computer system power ( computational or network channel ), steal bank informations and etc.
  • Remote Exploits – used to deliver malware to target systems. While there exists primitive social engineering techniques ( such as fake Flash plugin update, you know ) there are also exploits. It is a code that uses vulnerability in software to execute a code, read information and everything that can help hackers to install their malware.
  • Local exploits – this is a type of code that exploits several vulnerabilities in local services. To run it – hacker must have access to the system. It include privilege escalation vulns., write-what-where and… Meltdown.

Before today, the all exploits abused software. Before today. Know it is a first exploit in hardware – Meltdown. Yes, it is a security breach. Yes, it is the exploit. But wait… it is not a problem!

The hype

Okey, let me describe why it is a hype. So, let’s abstract from IT. Let’s see marketing.

The all vulns have ID – CVE ID. It is the most sophisticated way to describe a vulnerability. Meltdown also has it: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754. But… it also has a logo and website.

Wait… what? Website of vulnerability? Let us see: meltdownattack.com. Wow, it has also a logo! So, just a security error in architecture has a logo, website and more. It is a marketing. But who needs it? I don’t know.

Let us see the PoC asm code provided in white-papper:

; rcx = kernel address
; rbx = probe array
retry:
mov al, byte [rcx]
shl rax, 0xc
jz retry
mov rbx, qword [rbx + rax]

Ok then.
1) This is a very huge address space. It is very hard to find a password, or a key. It has not identifiers that it is a sensitive information. You need to create prediction system to parse memory dump ( that dumped very long, with a speed in 50 kb/s it will dump hours ). So the problem – to locate needed information in the dump. No one will solve it, it is a very hard problem of forensics…
2) It can enumerate virtual addresses only in malicious process. So, it can access the shared memory in kernel, but not all user-memory mapped to kernel! Just in windows, for example, to share kernel memory with a process you must attach to the target process.  So well, we not even sure information in the memory now. So what a problem? Really, it’s not.
So what exactly it is?

Yes, it is security vulnerability. But to exploit it in the wild attackers must have to solve more sophisticated problems. I emphasize that to exploit it – you need to find solutions for more hard problems than information disclosure. Attackers who have RCE in browser, that used by exploit kits, never wouldn’t use it. They will install a malware. If it has not rights to run, they will use LPE exploits. It is the more easy than introduce meltdown to working solution.

So it is not a security problem. It is a hype.

 

 

Got it from my blog securitywave.wordpress.com :)



#10 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 16 January 2018 - 02:55 PM

OK, I guess I asked for that <G>.

 

In the meantime I've been looking at the firmware upgrades now or soon being offered by manufacturers.  My desktop is a Dell XPS 8700 and that is conspicuously absent among the systems for which Dell is offering or will offer firmware updates.  XPS 8900 yes, 8700 no.  I haven't yet fine-combed the Intel offerings for that particular CPU.  Does this really mean I have to consider adding my current, not very old and still eminently functional desktop machine to the row of obsolete ones already on my shelf?  Or am I missing something?  Or is this really, as waveofsecurity suggests, a tempest in a Haswell teapot?



#11 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 18 January 2018 - 09:10 PM

Wonders never cease.  I got home today after a gruelling day in the water business, and found on my desktop computer a notification from Dell, a BIOS upgrade to mitigate the Meltdown/Spectre vulnerability, no less.  Click "Install".  That produced a "bad command line" warning, and a moment later a report that the BIOS upgrade was successfully installed.  I was so bemused (after more than 5 hours behind the wheel) I didn't properly note down the old or the new BIOS versions, though both were cited in the notification (in the notification panel at right of the screen).

 

Question arising, is there some way to interrogate the system and find out what actually did or didn't happen?  I can't believe I went ahead and installed the thing without at least making notes!

 

Whatever happened, happened very quickly and did NOT reboot the machine.  Is that even possible?

 

I have never tinkered with the BIOS/UEFI on this machine.  A far cry from  the old days when I was building computers for other people and routinely customizing the CMOS settings etc.



#12 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 18 January 2018 - 09:37 PM

Computer restarted with no difficulty (took slightly longer than usual to boot, displayed "please wait" for a couple of minutes or so).  Scans with Avast Premier and with Malwarebytes 3 did not find anything threatening.

 

Yesterday I did spend quite a bit of time trying to make contact with Dell to see if they had a BIOS/UEFI patch for Meltdown/Spectre.  I might or might not have succeeded in opening a ticket.  Perhaps this was a response?  Very strange it seems to me.



#13 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 18 January 2018 - 11:25 PM

Hmm.  It seems the BIOS currently on that desktop is Dell, Inc. A08, 4/16/2014.  So whatever that "notification" was about, it was phony.  Can't believe I fell for it.  How to check for possible damage, beyond Avast Premier and Malwarebytes 3, neither of which found anything remarkable?

 

No more time to spend on this now.  Possibly on Saturday.  If I understand correctly, Dell has not yet provided an upgrade for the XPS 8700   This machine has a manufacture date of 8/19/2014.  Already obsolete?



#14 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:51 PM

Posted 19 January 2018 - 10:20 AM

Well, the latest version of BIOS shown on the XPS 8700 Support Page is A11 from 2015, so there has been an update since your machine shipped but it's certainly not meant to address Spectre or Meltdown.

 

If they release one it will land on the support page in place of A11.

 

Since the i5 processor is still being sold in one of its guises I wouldn't call this machine obsolete yet.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#15 saluqi

saluqi
  • Topic Starter

  • Members
  • 644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:06:51 PM

Posted 19 January 2018 - 06:33 PM

I am wondering why I could not find that support page?  Anyway, thanks for locating it!  I suppose the thing to do is wait and see if Dell is going to release a BIOS update.

 

The processor in the subject machine is Intel Core i7-4790 CPU @ 3.60GHz.  So far the machine has been perfectly serviceable for all the things I've wanted to do with it.  Most of my everyday work is not computation-intensive.

 

I am still a bit worried about having fallen for the fake BIOS update (if that was really what it was) that I stumbled into yesterday.  Perhaps the warning about a "malformed command line" or whatever it was, actually did prevent anything from happening.  I'm just wondering if there is any more scanning I can or should do to make sure nothing is going on that shouldn't?  The ESET online scanner maybe?  Avast Premier and Malwarebytes 3 didn't find anything.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users