Security

meltdown-and-spectre-exploitsSource: GURU3D

As Intel finalizes them, Microsoft started distributing Microcode updates for the Spectre variant 2, the updates now have a reach from the latest Coffee Lake processors, Kaby Lake (Core iX-7xxx and iX-8xxxU), Intel Skylake (Core iX-6xxx) up-to-now even Sandy Bridge (Core iX-2xxx).

Put short, these patches will make your PC safer, even without a mandatory firmware update. To be able to retrieve the patches, you must have Windows 10 installed with build 1607/1703 or 1709. If you are on Windows 7 or 8.1, you’ll need to wait until your motherboard manufacturers if and will release a firmware update to patch the vulnerabilities.

Read on…

Security | Donster | |

amd-ryzenfall-masterkey-fallout-chimeraSource: The Hacker News

Security researchers have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD’s Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems.

All these vulnerabilities lie in the secure part of the AMD’s Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC.

The unpatched vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors.

Discovered by the team of researchers at Israel-based CTS-Labs, newly disclosed vulnerabilities defeat AMD’s Secure Encrypted Virtualization (SEV) technology and could allow attackers to bypass Microsoft Windows Credential Guard to steal network credentials.

Read on…

Security | Donster | |

meltdown-and-spectre-exploitsSource: TechPowerUp!

The Spectre/Meltdown road is long and pocked with lawsuits and security holes as it is, and Microsoft is one of the players that’s trying to put the asphalt back to tip-top, Autobahn-worth shape. The company has already improved users’ security to the Meltdown and Spectre exploits on its OS side; however, hardware patches, and specifically BIOS-editing ones are much harder to deploy and distribute by the PC chain. That may be one of the reasons why Microsoft is now again stepping up with software-based mitigations for Intel-based systems, specifically.

Click here for more information.

Security | Donster | |

meltdown-and-spectre-exploitsSource: TechPowerUp!

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel’s CPUs to the exploits known as Spectre and Meltdown.

While that’s good news, Intel’s patching odyssey still isn’t over, by any means. According to Intel’s documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that’s two other architectures that still remain vulnerable. Of course, this discussion of who’s vulnerable and isn’t really can’t be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel’s patch validation and distribution through manufacturers to end users’ systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.

Security | Donster | |

meltdown-and-spectre-exploitsBy Navin Shenoy @ Intel

Over the past several weeks, we’ve been developing and validating updated microcode solutions to protect Intel customers against the security exploits disclosed by Google Project Zero. This effort has included extensive testing by customers and industry partners to ensure the updated versions are ready for production. On behalf of all of Intel, I thank each and every one of our customers and partners for their hard work and partnership throughout this process.

Based on these efforts, we have now released production microcode updates to our OEM customers and partners for Kaby Lake- and Coffee Lake-based platforms, plus additional Skylake-based platforms. This represents our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. It also includes our recently announced Intel® Xeon® Scalable and Intel® Xeon® D processors for data center systems.

The new microcode will be made available in most cases through OEM firmware updates. I continue to encourage people to always keep their systems up-to-date. There is also a comprehensive schedule and current status for planned microcode updates available online.

Read on…

Security | Donster | |

meltdown-and-spectre-exploitsWe’ve gathered a bit more info regarding the Meltdown security exploit, which primarily affects Intel’s CPUs, but also has been confirmed to affect some ARM CPU designs. Also the Spectre exploit that every high-performance processor ever made – Intel, AMD, ARM, and POWER – is thought to be vulnerable to. Check out the links below for the latest news pertaining to the Meltdown and Spectre exploits.

Security | Donster | |

meltdown-and-spectre-exploits

We’ve gathered a bit more info regarding the Meltdown security exploit, which primarily affects Intel’s CPUs, but also has been confirmed to affect some ARM CPU designs. Also the Spectre exploit that every high-performance processor ever made – Intel, AMD, ARM, and POWER – is thought to be vulnerable to. Check out the links below for the latest news pertaining to the Meltdown and Spectre exploits.

Security | Donster | |

meltdown-and-spectre-exploitsSource: TechPowerUp!

Microsoft late-Monday halted Meltdown and Spectre security patches to machines running AMD processors, as complaints of machines turning unbootable piled up. Apparently the latest KB4056892 (2018-01) Cumulative Update causes machines with AMD processors (well, chipsets) to refuse to boot. Microsoft has halted distributing patches to PCs running AMD processors, and issued a statement on the matter. In this statement, Microsoft blames AMD for not supplying its engineers with the right documentation to develop their patches (while absolving itself of any blame for not testing its patches on actual AMD-powered machines before releasing them).

Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates,” said Microsoft in its statement. “After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown,” it added. Microsoft is working with AMD to re-develop, test, and release security updates, on the double.

Update (09/01): AMD responded to this story, its statement posted verbatim is as follows.

AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.

Security | Donster | |

meltdown-and-spectre-exploitsWe have a bit more information in regards to the Meltdown security exploit which primarily affects Intel’s CPUs, but also has been confirmed to affect some ARM CPU designs. Also the Spectre exploit that every high-performance processor ever made – Intel, AMD, ARM, and POWER – is thought to be vulnerable to. Intel has begun issuing updates for all types of Intel-based computer systems, and Microsoft has issued patches via Windows Update (Windows 10 only). Also there are a few news stories about when and if Intel knew of these security issues for an extended period of time.

Security | Donster | |

meltdown-and-spectre-exploitsWhat To Know About New Exploits That Affect Virtually All CPUs

By Ryan Smith @ AnandTech

Security researchers working for Google’s Project Zero group, along with other research groups and academic institutions, have discovered a series of far-ranging security risks involving speculative execution. Speculative execution is one of the cornerstones of high-performance execution on modern CPUs, and is found in essentially all CPU designs more performance than an embedded microcontroller. As a result, essentially every last high-performance CPU on the market or that has been produced in the last couple of decades is vulnerable to one or more of a few different exploit scenarios.

Read on…

Security | Donster | |