Security

meltdown-and-spectre-exploitsSource: TechPowerUp!

Microsoft late-Monday halted Meltdown and Spectre security patches to machines running AMD processors, as complaints of machines turning unbootable piled up. Apparently the latest KB4056892 (2018-01) Cumulative Update causes machines with AMD processors (well, chipsets) to refuse to boot. Microsoft has halted distributing patches to PCs running AMD processors, and issued a statement on the matter. In this statement, Microsoft blames AMD for not supplying its engineers with the right documentation to develop their patches (while absolving itself of any blame for not testing its patches on actual AMD-powered machines before releasing them).

Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates,” said Microsoft in its statement. “After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown,” it added. Microsoft is working with AMD to re-develop, test, and release security updates, on the double.

Update (09/01): AMD responded to this story, its statement posted verbatim is as follows.

AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.

Security | Donster | |

meltdown-and-spectre-exploitsWe have a bit more information in regards to the Meltdown security exploit which primarily affects Intel’s CPUs, but also has been confirmed to affect some ARM CPU designs. Also the Spectre exploit that every high-performance processor ever made – Intel, AMD, ARM, and POWER – is thought to be vulnerable to. Intel has begun issuing updates for all types of Intel-based computer systems, and Microsoft has issued patches via Windows Update (Windows 10 only). Also there are a few news stories about when and if Intel knew of these security issues for an extended period of time.

Security | Donster | |

meltdown-and-spectre-exploitsWhat To Know About New Exploits That Affect Virtually All CPUs

By Ryan Smith @ AnandTech

Security researchers working for Google’s Project Zero group, along with other research groups and academic institutions, have discovered a series of far-ranging security risks involving speculative execution. Speculative execution is one of the cornerstones of high-performance execution on modern CPUs, and is found in essentially all CPU designs more performance than an embedded microcontroller. As a result, essentially every last high-performance CPU on the market or that has been produced in the last couple of decades is vulnerable to one or more of a few different exploit scenarios.

Read on…

Security | Donster | |