Tuesday, January 9th 2018

Microsoft Halts Meltdown-Spectre Patches to AMD PCs as Some Turn Unbootable

by
btarunr
 Discuss (51 Comments)
Microsoft late-Monday halted Meltdown and Spectre security patches to machines running AMD processors, as complaints of machines turning unbootable piled up. Apparently the latest KB4056892 (2018-01) Cumulative Update causes machines with AMD processors (well, chipsets) to refuse to boot. Microsoft has halted distributing patches to PCs running AMD processors, and issued a statement on the matter. In this statement, Microsoft blames AMD for not supplying its engineers with the right documentation to develop their patches (while absolving itself of any blame for not testing its patches on actual AMD-powered machines before releasing them).

"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," said Microsoft in its statement. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown," it added. Microsoft is working with AMD to re-develop, test, and release security updates, on the double.

Update (09/01): AMD responded to this story, its statement posted verbatim is as follows.

AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.
Source: The Verge

Related News

Add your own comment

51 Comments on Microsoft Halts Meltdown-Spectre Patches to AMD PCs as Some Turn Unbootable

#26
_JP_
JismIt would be a different story if that patch would bin applied by CPU micro code or BIOS fix, not Software / OS fix.
Manufacturers are actively releasing BIOS/UEFI updates to mitigate the known CVEs, for systems in their support's timeframe. Check for updates on your manufacturer's website.
Posted on Reply
#27
I No
JismThat people actually believe, that a 'patch' will solve this thing, lol. Patch will be overwritten and your system is back to being vulnerable again. It takes some time for hackers to develop a serious exploit.


You sure? If a hacker would succesfully write his own patch to disable that patch, then that CPU goes back to doing normal thing again, making it vulnerable. He is right. The scale of Meltdown is easily underestimated. Every intel CPU is vulnerable. It would be a different story if that patch would bin applied by CPU micro code or BIOS fix, not Software / OS fix.
The mitigation for Meltdown has the following parts : OS Updates and BIOS firmware (ASUS were among the first ones to roll out the BIOS update that INCLUDES the mitigation). Meltdown IS mitigated thus far. Techspot even has a benchmark on it. At this point this is turning to be a contest between which is worse Specter or Meltdown ... and it shouldn't be the case since BOTH are serious vulnerabilities that are being mitigated until a possible fix will be out with tech companies working around the damn clock to find a fix that will not impact performance. Stop acting like nobody is working on the matter and furthermore stop spreading FUD.
Posted on Reply
#28
PLAfiller
Manu_PTIf you have no problems by using a CPU at that constant risk, that´s up to you. I refuse to.
I don't think this is right. I literary assembled my PC a few months ago. And probably use it for 5-7 years or so. Like millions of people that are not super tech savvy/ on a budget. Are you suggesting all of us should just sell, or whatever our current systems and switch right away with substantial cost taken on our account? This makes no sense to me. Problem is being solved and with adequate user behavior lots of dangers can be avoided.
Posted on Reply
#29
Captain_Tom
The Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...
Posted on Reply
#30
ssdpro
_JP_]please update the image to reflect that the issue happens on older chipsets and/or add more information, Ryzen seems not to be affected so far. As it stands, it is vague and creates FUD around which AMD products this is being affected, with reports so far pointing to K8-era hardware. It is enough that this is already happening with Intel CPUs..
AMD already confirmed their CPUs are vulnerable to variant 1 and variant 2. The internet trolls like to say AMD isn't vulnerable to variant 2 since AMD says "there is near zero risk". Near is not "no". All of this is near zero for all CPUs. RyZen is AMD's current product and this is their problem (bricking PCs). And yes, Intel sucks. Just being fair.
Posted on Reply
#31
64K
Captain_TomThe Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...
I think MS has shifted the burden of QA and testing from themselves to their customers. Pretty damn lazy of them and what happened here is a result of that mindset.
Posted on Reply
#32
Jism
Captain_TomThe Window Updates over the past year have been a complete nightmare for me. Doesn't matter if it's an AMD or Intel system.... At least one of my PC's breaks every major update.

The worst part is I cannot even decide I don't want a machine-breaking update! God we need an alternative to Windows so bad right now...
Install W7 X64. And use it for another 2 years untill support ends up. By that time, linux and Wine is getting so accepted that you should be able to create an alternative OS easily. It's the same i'm doing. You cant tell how many computers every month get bricked due to failed updates.
Posted on Reply
#33
Captain_Tom
64KI think MS has shifted the burden of QA and testing from themselves to their customers. Pretty damn lazy of them and what happened here is a result of that mindset.
I am sure that is part of it. But then if that's the way MS wants to do things... Why are they making the updates mandatory?!


If they thoroughly tested each update themselves, then I would understand (a little) why they want to force updates for security reasons. But that is clearly not true if they released this update without testing it on AMD systems! LOL what is this amateur hour?
Posted on Reply
#34
_JP_
ssdproAMD already confirmed their CPUs are vulnerable to variant 1 and variant 2. The internet trolls like to say AMD isn't vulnerable to variant 2 since AMD says "there is near zero risk". Near is not "no". All of this is near zero for all CPUs. RyZen is AMD's current product and this is their problem (bricking PCs). And yes, Intel sucks. Just being fair.
This news article and my reply refer to Microsoft's patch and it's effect on older AMD processors/chipset, NOT the vunlnerabilty of AMD's line-up to Spectre I and II. That aspect wasn't in evidence here and has not been discussed. Please, don't create confusion over this.
Posted on Reply
#35
Captain_Tom
JismInstall W7 X64. And use it for another 2 years untill support ends up. By that time, linux and Wine is getting so accepted that you should be able to create an alternative OS easily. It's the same i'm doing. You cant tell how many computers every month get bricked due to failed updates.
I am sorry I had to stop myself from laughing myself out of my chair. Look I want Linux to be a viable alternative just as much as you, but it ISN'T. It isn't even close!


P.S. Let me go boot up my SteamOS system. That should be well supported after 5 years right? Oh wait...
Posted on Reply
#36
DeathtoGnomes
if m$ is pointing fingers at anyone, intel paid them to point at AMD. #conspiracytheories
Posted on Reply
#37
ssdpro
_JP_Please, don't create confusion over this.
I am not sure what is confusing? This article is about a MS patch and its effect on AMD processors. That same update applied to Intel processors without issue. The variable is AMD which is why the AMD pic was used. This isn't confusing stuff.
Posted on Reply
#38
Casecutter
DeathtoGnomesif m$ is pointing fingers at anyone, intel paid them to point at AMD. #conspiracytheories
This... while btarunr continues to propagate the two (Intel/MS) as "holier-than-thou" and bashes AMD and their resent CPU product, when it appears it's not!
Posted on Reply
#39
ssdpro
CasecutterThis... while btarunr continues to propagate the two (Intel/MS) as "holier-than-thou" and bashes AMD and their resent CPU product, when it appears it's not!
I have no idea what is so confusing to people here or if this is trolling or marketing stuff. This article has nothing to do with Intel. The problem is an MS update applied on some systems running AMD processors. AMD has even acknowledged it. See the update to the first post/story. I really don't think there is some massive Techpowerup/btarunr/Intel conspiracy here. The update applied to both Intel and AMD systems. Intel systems had no problem reports. AMD systems did. Same patch, different hardware. The variable was AMD hence the pic and title.
Posted on Reply
#41
Casecutter
ssdproI have no idea what is so confusing to people here or if this is trolling or marketing stuff. This article has nothing to do with Intel. The problem is an MS update applied on some systems running AMD processors. AMD has even acknowledged it. See the update to the first post/story. I really don't think there is some massive Techpowerup/btarunr/Intel conspiracy here. The update applied to both Intel and AMD systems. Intel systems had no problem reports. AMD systems did. Same patch, different hardware. The variable was AMD hence the pic and title.
"issue with some older generation processors"
But, honestly is it effecting Ryzen and why doesn't btarunr change the picture he's implicating Ryzen is part of this... it's not!
Posted on Reply
#42
MarcusTaz
JB_GamerWhy the Ryzen image???

btarunr - pls remove it!!!
Agreed!
Posted on Reply
#43
Red_Machine
I think I'm a victim of this as well, despite having an Intel CPU. My PC wouldn't boot this morning and I had to do startup repair; I saw this news and went to check my recently installed updates, and this particular update was pending install. So I'm thinking that startup repair rolled it back and it's going to fuck up again. I'll have to wait and see.
Posted on Reply
#44
Manu_PT
londisteWhat the patch does is tell CPU to clean out the valuable information from a place where hacker can access before the hacker gets to the point where he can access it.
When that information is not there, the CPU is not going to be able to read it.
No, it cannot.
What are you going back to, one of the Atoms? :)
For Meltdown, AMD and most of ARMs seem to be unaffected. For Spectre, here is a list:
forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128
1- No it doesn´t clean anything. It just stops the CPU from using that space to put information easily accessible for it to perform tasks quicker. If the patch was only about cleaning, it would do nothing because before the hacker could have that information in 1 milisecond. This is why CPUs will be a bit slower in some tasks, because it is not operating as it was suppose to, is not because of cleaning, that would have no performance hit at all.

2- Spectre is not nearly as dangerous as Meltdown. It is harder to fix, wich doesn´t mean is as bad. There are websites with more dangerous threats than spectre itself, and in AMD case, it only gets really affected by 1 of its variants.

3- Meltdown is considered the worst security flaw ever in history, for a reason.

You guys are protecting intel to death. Meltdown is not an issue that you can solve with a patch. you will be installing new patches forever as long as you use intel Cpus, because this war will never end. When the flaws are on the hardware itself any patch can lose its effect in days. You will see.
Posted on Reply
#45
londiste
Patches do not stop CPU from using caches. It will make sure these are cleaned out as much as possible in certain situations where getting stuff from cache maliciously is possible. Performance hit comes from both the process of clearing and because cached information has to be reloaded from RAM which is very slow.

Well, if you want to be technically correct, KAISER makes sure (better than before) that user memory space is separate from kernel memory space but on microarchitecture level clearing caches should be the end result.

Would you like to explain why it is not an issue that can be solved with a patch?
Posted on Reply
#46
wiyosaya
I somewhat hate to say this, but M$ had been pushing broken Windows 10 updates before the creator's update - at least for me. Most every update broke something I used, and in searching for solutions, I found that there were others experiencing the same problems. So, it in the least does not surprise me that they pushed yet another broken update. For me, the resolution to this was to turn off updates on my 10 pro pcs, and disable the windows update service on my 10 home pc. That way, I am in control of my updates, and the only way that I update is to do an image backup right before updating so if M$ has borked something, I have a way back to a working system.

That said, M$ really needs to learn regression testing and quality control, IMO.
Posted on Reply
#47
londiste
Manu_PTMeltdown is not an issue that you can solve with a patch.
Meltdown paper seems to disagree with you:
Meltdown paperThe KAISER patch by Gruss et al. [8] implements a stronger isolation between kernel and user space. KAISER does not map any kernel memory in the user space, except for some parts required by the x86 architecture (e.g., interrupt handlers). Thus, there is no valid mapping to either kernel memory or physical memory (via the direct-physical map) in the user space, and such addresses can therefore not be resolved. Consequently, Meltdown cannot leak any kernel or physical memory except for the few memory locations which have to be mapped in user space.
We verified that KAISER indeed prevents Meltdown, and there is no leakage of any kernel or physical memory.
Furthermore, if KASLR is active, and the few remaining memory locations are randomized, finding these memory locations is not trivial due to their small size of several kilobytes.
You are technically correct that it does not fix the issue, it is a mitigation measure. However, it does effectively mitigate the problem to the degree where it is not feasible to use the vulnerability. The paper describes the situation further:
Meltdown paperAs hardware is not as easy to patch, there is a need for software workarounds until new hardware can be deployed. Gruss et al. [8] proposed KAISER, a kernel modification to not have the kernel mapped in the user space. This modification was intended to prevent side-channel attacks breaking KASLR [13, 9, 17]. However, it also prevents Meltdown, as it ensures that there is no valid mapping to kernel space or physical memory available in user space. KAISER will be available in the upcoming releases of the Linux kernel under the name kernel page-table isolation (KPTI) [25]. The patch will also be backported to older Linux kernel versions. A similar patch was also introduced in Microsoft Windows 10 Build 17035 [15]. Also, Mac OS X and iOS have similar features [22].

Although KAISER provides basic protection against Meltdown, it still has some limitations. Due to the design of the x86 architecture, several privileged memory locations are required to be mapped in user space [8]. This leaves a residual attack surface for Meltdown, i.e. , these memory locations can still be read from user space. Even though these memory locations do not contain any secrets, such as credentials, they might still contain pointers. Leaking one pointer can be enough to again break KASLR, as the randomization can be calculated from the pointer value.

Still, KAISER is the best short-time solution currently available and should therefore be deployed on all systems immediately. Even with Meltdown, KAISER can avoid having any kernel pointers on memory locations that are mapped in the user space which would leak information about the randomized offsets. This would require trampoline locations for every kernel pointer, i.e., the interrupt handler would not call into kernel code directly, but through a trampoline function. The trampoline function must only be mapped in the kernel. It must be randomized with a different offset than the remaining kernel. Consequently, an attacker can only leak pointers to the trampoline code, but not the randomized offsets of the remaining kernel. Such trampoline code is required for every kernel memory that still has to be mapped in user space and contains kernel addresses. This approach is a trade-off between performance and security which has to be assessed in future work.
Posted on Reply
#48
ensabrenoir
Told you......Intel will not go alone into the cold dark night........

Posted on Reply
#49
laszlo
londisteMeltdown paper seems to disagree with you:


You are technically correct that it does not fix the issue, it is a mitigation measure. However, it does effectively mitigate the problem to the degree where it is not feasible to use the vulnerability. The paper describes the situation further:
what @Manu_PT try to explain is that current patch will become useless once the hackers(nsa) will manage to undo is effects and use the vulnerability again ... so we may have an endless release of patches(if hackers successful attack is discovered..) .... patching the previous patch without success as a soft patch can't fix a cpu architecture design which has a flaw (feature)...
Posted on Reply
#50
londiste
laszlowhat @Manu_PT try to explain is that current patch will become useless once the hackers(nsa) will manage to undo is effects and use the vulnerability again ... so we may have an endless release of patches(if hackers successful attack is discovered..) .... patching the previous patch without success as a soft patch can't fix a cpu architecture design which has a flaw (feature)...
That patch is in the operating system kernel. If an attacker can modify that to undo the effects, they have no need to use Meltdown in the first place.
Posted on Reply
Add your own comment
Apr 25th, 2024 06:41 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts