Monday, July 2nd 2018

Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures

Intel today released the latest round of CPU micro-code updates for its processors, which expand support for Intel processor microarchitectures ranging all the way back to 1st generation Core "Westmere," and "Lynnfield," and including "Sandy Bridge" and "Ivy Bridge" along the way, at various stages of roll-out (beta, pre-production, and production). This update probably features hardening against "Spectre" variant 4, and perhaps even RSRR (rogue system register read) variant 3A, chronicled in CVE-2018-3640.
Source: Intel
Add your own comment

39 Comments on Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures

#1
Ferrum Master
First were Bloomfield/Gainestown, only then die shrinks - Westmere/Gulftown.
Posted on Reply
#3
Caring1
"back to 1st generation Core "Westmere," and "Lynnfield,"

Ferrum Master
First were Bloomfield/Gainestown, only then die shrinks - Westmere/Gulftown.
It doesn't say all First Gen.
Posted on Reply
#4
ExV6k
I actually just finished uninstalling the Spectre microcode update from Microsoft (KB4100347). FIgured out it was causing some constant stuttering on The Witcher 3 and Fortnite (i5 2500) on some very specific areas of the games. It affected these two games only, as far as I know.
Posted on Reply
#5
Jism
ExV6k
I actually just finished uninstalling the Spectre microcode update from Microsoft (KB4100347). FIgured out it was causing some constant stuttering on The Witcher 3 and Fortnite (i5 2500) on some very specific areas of the games. It affected these two games only, as far as I know.
You know spectre can be exploited as well by simply following a website?

I wonder after all the patches from Intel, how much real performance is left compared to AMD hardware.

For enterprise these patches impact some serious numbers.
Posted on Reply
#6
Caring1
ExV6k
I actually just finished uninstalling the Spectre microcode update from Microsoft (KB4100347). FIgured out it was causing some constant stuttering on The Witcher 3 and Fortnite (i5 2500) on some very specific areas of the games. It affected these two games only, as far as I know.
I'm glad your games run better, no need to worry about being a host for the virus and passing it to countless others that think the mitigation is a waste of time …. :rolleyes:
Posted on Reply
#7
mad1394
Caring1
I'm glad your games run better, no need to worry about being a host for the virus and passing it to countless others that think the mitigation is a waste of time …. :rolleyes:
Are you really confusing vaccination with a microcode update ? What are you even talking about ?
I am stil waiting to hear about actual real world application of these "flaws". So far its all nerds complaining about bios updates.
Posted on Reply
#8
ExV6k
Caring1
I'm glad your games run better, no need to worry about being a host for the virus and passing it to countless others that think the mitigation is a waste of time …. :rolleyes:
Nice try, troll. Except Spectre is nothing like a virus, it doesn't "spread" out. Do your homework.
Posted on Reply
#9
close
mad1394
Are you really confusing vaccination with a microcode update ? What are you even talking about ?
I am stil waiting to hear about actual real world application of these "flaws". So far its all nerds complaining about bios updates.
Pretty sure at the end of all that waiting there will be the invariable pointing of fingers at anything but yourself. And I've seen this 1000 times.

Then again people have been known to save their credentials on internet cafe computers because it was too much of a bother to enter them 2-3 times. Why would a stuttering game be any different?

But you're right, this should not be confused with vaccination. That's a whole different ballgame with different stakes.
Posted on Reply
#10
dogsbody
Caring1
I'm glad your games run better, no need to worry about being a host for the virus and passing it to countless others that think the mitigation is a waste of time …. :rolleyes:
Forums should employ some kind of IQ test as an additional entry barrier. A minimum score of 60 should be the requirement to confine the likes of you outside.
Posted on Reply
#11
Octopuss
My PC still has Ivy Bridge CPU in it. I am not going to "upgrade" to this, mainly because noone else but my wife has physical access to my PC, so Spectre and friends can bite my shiny metal ass, and also because I don't need to lower performance. Not on relatively old system at least.
Posted on Reply
#12
piloponth
I was worried after Haswell microcode update, that my mobo manufacturer will not release updated BIOS. I was right, but after submitting a feedback form on a product page (Asus Z97M-PLUS) with serial number of the motherboard, I received email with BIOS binary with updated microcode.

Only bad thing that they didn't updated official BIOS on the product page. So please, bombard you mobo manufacturer with requests for updated BIOS.

Posted on Reply
#13
Caring1
dogsbody
Forums should employ some kind of IQ test as an additional entry barrier. A minimum score of 60 should be the requirement to confine the likes of you outside.
This forum should have a filter to weed out trolls such as yourself, only your 2nd post and nothing about the topic. Reported!
Even your "system specs" is trolling.
Posted on Reply
#14
Static~Charge
Caring1
I'm glad your games run better, no need to worry about being a host for the virus and passing it to countless others that think the mitigation is a waste of time …. :rolleyes:
Spectre is not a virus, nor is it a host for viruses:

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
https://meltdownattack.com/
https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html

Get your facts straight. :shadedshu:
Posted on Reply
#15
R-T-B
Static~Charge
Spectre is not a virus, nor is it a host for viruses:

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
https://meltdownattack.com/
https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html

Get your facts straight. :shadedshu:
Thanks.

Sadly, as much as I agree with one of the low quality posts about us needing to filter better, an IQ test would kill us (I mean, have you ever taken one?), and is biased to certain groups besides... What we are doing now is fine.
Posted on Reply
#16
nemesis.ie
I've taken one (admittedly in around 1983) and I'd pass the low quality post's criteria based on it. ;)
Posted on Reply
#17
R-T-B
nemesis.ie
I've taken one (admittedly in around 1983) and I'd pass the low quality post's criteria based on it. ;)
So,

Can you honestly say you'd take another one, just to post here?

I'll answer for you (and keep in mind I love it here):

Fuck no.
Posted on Reply
#18
nemesis.ie
No, not at all. That was kind of my point, I've had no interest in over 30 years of doing it again and only did it as it was a free program bundled with a ZX Spectrum or something.

It also doesn't test any kind of practical knowledge. "Common sense is unfortunately not very common" comes to mind. :)
Posted on Reply
#19
Aquinus
Resident Wat-man
I know that it was proven that spectre was a valid exploit but, the simple fact on how it works makes it really hard to actually use for malicious intent. Exposing 1,400 to 2,000 bytes a second (unmitigated,) bit by bit and not all at once, only makes it useful if you know where something is and know that it's not changing or being moved somewhere else. On top of that, the machine also has to be compromised and it needs to be in a sufficiently low level language to exploit how the instructions get compiled, so basically C is your only real option. You also need to know exactly where the data you want is. There have been proof of concepts showing how restricted memory can be accessed but, have there been any proof on concepts actually trying to get secure data rather than bytes set by the developer in the PoC environment? Memory tends to change in an active system quite a bit. Pages get moved, swapped out and in, and actively changed by whatever is going on. Where and when are two very huge factors when trying to exploit spectre.

So, this exploit has been known for a while now, right? Has any malicious software actually been identified as trying to use this exploit and being successful at it? Is it even feasible? I know it can be done but, is it realistic?
Posted on Reply
#20
Caring1
Static~Charge
Spectre is not a virus, nor is it a host for viruses:

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
https://meltdownattack.com/
https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html

Get your facts straight. :shadedshu:
Pedantic aren't WE!
Virus may have been the wrong term (semantics) but the fact remains (IF) stolen data is used that contains usernames/ passwords etc, it can be used to gain control of systems.
If an IQ test were implemented, quite a few members should fail based on their lack of ability to read between the lines and lack of lateral thinking.
Posted on Reply
#21
AlwaysHope
Nice of Intel to do this, now I could get my old 1156 platforms a rejuvenation.
Posted on Reply
#22
jigar2speed
ExV6k
Except Spectre is nothing like a virus, it doesn't "spread" out.
I agree, anyway you could have used inspectre application which enables you to disable spectre patch whenever you wish and re-enable it when using the internet or doing other stuff.
Posted on Reply
#23
R-T-B
Caring1
If an IQ test were implemented, quite a few members should fail based on their lack of ability to read between the lines and lack of lateral thinking.
We'd also probably have about 2 users and I for one wouldn't be one of them.
Posted on Reply
#24
Frick
Fishfaced Nincompoop
IQ tests test your ability to take IQ tests, in my experience.
Posted on Reply
#25
Mindweaver
Moderato®™
ExV6k
Nice try, troll. Except Spectre is nothing like a virus, it doesn't "spread" out. Do your homework.
Let's not call people names. If you can't get your point across without calling members names then move along.

@Everyone - Get along or move along. Also, stop derailing the thread and stay on topic.
Posted on Reply
Add your own comment