Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anyway to patch Spectre/meltdown without apply microsoft updates?


  • Please log in to reply
5 replies to this topic

#1 websmr

websmr

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 09 April 2018 - 06:33 AM

Hi guys!

 

Let me put you into situation, we are a company and we have hundreds of desktop computers.

 

We did the patch soon as we could in the desktop and notebook and they give no problems (little less performance but no stability problems)

 

We tried to update the workstations but as we install the updates Solidworks start giving errors and closes, so we did unistall it.

 

All of our machines have Windows 7 x64 installed with english language.

 

I have been looking for the problem with solidworks but for what I saw, the only recommended mitigation is unistall the patches.

 

Is there any manual mitigation that we can apply to the workstations? It's impossible for users to work with the patches installed but we wouldn't like to let the workstation without patch.

 

Thanks in advance!


Edited by hamluis, 09 April 2018 - 07:40 AM.
Moved from Win 7 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:21 PM

Posted 09 April 2018 - 08:24 AM

In order for the computer to be fully protected from meltdown both a OS patch and a CPU microcode update needs to be applied. If the CPU is an older one intel stated they will not update the firmware.

 

https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

 

OS and browser updates only partially mitigate Meltdown and Spectre. Organizations need to be prepared for UEFI firmware and BIOS updates, as well. When and whether updates will be pushed out will vary from vendor to vendor, adding another layer of complexity and uncertainty to patching. In some cases, admins may have to proactively check for updates from their PC makers periodically over the next few days or weeks.

 

 

If the computers are segregated and do not have internet access I don't think there is much to worry about. 



#3 websmr

websmr
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 10 April 2018 - 07:50 AM

Hi Jhon thanks for the fast reply.

 

The CPU we use are Haswell so they have an update.

 

We wanted to do the software patch before the BIOS patch but now I think about it...will the workstations be protected only witch BIOS update? Or do they need to be both patches installed?.

 

All computers have internet access and segregate then is not an option unfortunately.

 

thanks for the help!



#4 JohnC_21

JohnC_21

  • Members
  • 24,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:21 PM

Posted 10 April 2018 - 02:07 PM

You need both the OS and the firmware patch for complete protection. Also Browser updates.

 

https://stopad.io/blog/meltdown-spectre-patches

 

In this article, we will maintain an updated list of security patches and updates for mitigating CPU flaws on affected devices and operating systems. Before we proceed with the list of security updates, it is worth to outline few key points about the peculiarities of these vulnerabilities. This will also clarify why patching and security updates may be required on various levels—starting from microcode updates for CPUs to operating system (OS) patches and, finally, browser enhancements.

Edited by JohnC_21, 10 April 2018 - 02:07 PM.


#5 Jaycan

Jaycan

  • Members
  • 461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 10 April 2018 - 08:01 PM

Hi,
You need to find Windows 7 SP1 64 bits - Download (Microsoft Link) and make sure that you apply all Important Updates from M/soft..
There are several that any Windows 7.1 x 64 will need, to operate correctly..

This may be one of the reasons that your old systems are now slowing down.
I would not trust a business system that is now only running Windows 7, without all Important Updates installed.

Are you thinking of updating your systems to at least Windows 8.1 or even Windows 9 soon ?



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#6 websmr

websmr
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 11 April 2018 - 04:35 AM

Hi Jaycan, thanks for the reply.

 

We have all the computers with SP1 installed by default, we update the computers within a few months to ensure there's no stability problems with the updates, there are a lot of computers with different configurations and we have to test every configuration.

 

We will move the OS to Windows 10 in 2021 (really more for political issue than technical) , we already testing the applications with it.

 

I'll check to install all the updates since the last update before install the patch to check if it work, thanks for the idea.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users