Friday, November 5th 2021

Intel Disables DirectX 12 API Loading on Haswell Processors

Intel's fourth-generation Core processors, codenamed Haswell, are subject to new security exploits. According to the company, a vulnerability exists inside the graphics controller of 4th generation Haswell processors, happening once the DirectX 12 API loading occurs. To fix the problem, Intel has found that disabling this API results in a fix. Starting with Intel graphics driver 15.40.44.5107 applications that run exclusively on DirectX 12 API no longer work with the following Intel Graphics Controllers: Intel Iris Pro Graphics 5200/5100, HD Graphics 5000/4600/4400/4200, and Intel Pentium and Celeron Processors with Intel HD Graphics based on 4th Generation Intel Core.

"A potential security vulnerability in Intel Graphics may allow escalation of privilege on 4th Generation Intel Core processors. Intel has released a software update to mitigate this potential vulnerability. In order to mitigate the vulnerability, DirectX 12 capabilities were deprecated." says the Intel page. If a user with a Haswell processor has a specific need to run the DirectX 12 application, they can downgrade their graphics driver to version 15.40.42.5063 or older.
Source: Intel
Add your own comment

71 Comments on Intel Disables DirectX 12 API Loading on Haswell Processors

#26
lexluthermiester
ExcuseMeWtfLet's hope there are no such vulnerabilities in ADL, that would mean some disabling too, and would eat away at performance gains of 12 series...
It's very doubtful. Haswell was of a time before the all the speculation & side channel type vulnerabilities. Alderlake has been engineered to remove that kind of attack as a possibility.
Posted on Reply
#27
AugeK
In my personal opinion this comes very handy to Intel as now all pc based on these processors can't run Windows 11.
AFAIK DX12 is a prerequisite to win11...
Posted on Reply
#28
lexluthermiester
AugeKIn my personal opinion this comes very handy to Intel as now all pc based on these processors can't run Windows 11.
AFAIK DX12 is a prerequisite to win11...
TPM & SecureBoot can be bypassed and DX12 is only being disabled on the Haswell IGP. This has no effect on dedicated GPU's from NVidia & AMD running on Haswell CPU's.

So let's not over-reach or over-react people.
Posted on Reply
#29
Aretak
lexluthermiesterAs an Emulation enthusiast, I can tell you that no emulators need DX12. There are a few that can use it, but such is just fluff.
You seem pretty clueless for an "enthusiast", but then I know you're just running damage control. I'd enjoy seeing you try to weasel word an explanation for how Xenia doesn't need DX12, given it's the only maintained backend it has.
Posted on Reply
#30
freeagent
I upgraded from an x5690 to a 3770K in 2017. Literally a few months after that they started rolling out spectre/meltdown patches as well as updating microcode a few times. I watched the GFlops melt away. Hopefully we don’t have to go through that again.
AretakYou seem pretty clueless for an "enthusiast", but then I know you're just a fanboy running damage control. I'd enjoy seeing you try to weasel word an explanation for how Xenia doesn't need DX12, given it's the only maintained backend it has.
That’s a little harsh don’t you think? Be nice.
Posted on Reply
#31
Jism
LabRat 891Don't get me wrong, I'm not sure this is consequential for many. However, removing a 'marketed feature' rather than 'fixing' it, just because it is an old (but not EOL, mind you) product may invite legal action. They're probably counting on the fact there are near 0 'damages' from retroactively removing these products' DX12 capability.
But they are suggesting to downgrade drivers. Dont get it why they simply dont fix it.
Posted on Reply
#32
lexluthermiester
AretakI'd enjoy seeing you try to weasel word an explanation for how Xenia doesn't need DX12, given it's the only maintained backend it has.
Read, LEARN.
github.com/xenia-project/xenia/wiki/Quickstart#system-requirements

Minimum:

  • OS: Windows 7+ x64 (Linux/macOS not nativelysupported)
    • Windows <10 support is limited. Don't expect anything to work.
    • Runs on Linux with Wine using Vulkan.
  • CPU: 64-bit x86 processor with AVX(2) support
  • GPU: Direct3D 12-compatible or Vulkan-compatible GPU from this list
    • You can check with GPU-Z
    • Direct3D 12 will only work on Windows 10 due to D3D12on7 and vkd3d not being supported.
    • GPUs without ROV (rasterizer-ordered view) / fragment shader interlocksupport will perform worse and possibly have more graphical issues. Integrated GPUs will also generally provide frame rates too low for comfortable playing.
      • AMD GPUs also fall under this due to Xenia triggering driver bugs causing crashes.
  • RAM: 4GB
  • 2017/2019 x64 Visual C++ Redistributable
You were saying what now?
Posted on Reply
#33
Ahhzz
Read, LEARN.
and post with deliberation, intelligence, and respect. Or you won't. This is directed to all.
Posted on Reply
#34
mechtech
I think most individuals with these probably have dedicated graphics so it's a moot point for them.

For large corps that probably have 1000's of machines with these running the IGP, then I don't know.
Posted on Reply
#35
lexluthermiester
mechtechFor large corps that probably have 1000's of machines with these running the IGP, then I don't know.
Yeah, but those companies are not playing games on the Haswell IGPs either so it's still a moot point.
Posted on Reply
#36
mechtech
lexluthermiesterYeah, but those companies are not playing games on the Haswell IGPs either so it's still a moot point.
What about solitaire ;) :D
Posted on Reply
#38
lexluthermiester
FlankerCorrect me if I'm wrong, looks like haswell gpu doesn't support vulkan on windows. No idea how many people this will actually affect though
Intel Graphics Technology - Wikipedia
Good find! Didn't know that. Still, the point was that the loss of DX12 on Haswell isn't really a problem as anyone wanting to run DX12 enabled programs will be using a dedicated GPU and not the Haswell IGP as performance from that IGP is lack-luster at best. And the above comments about emulation are a perfect example, Xenia is not an emulator that would run well(if at all) on Haswell IGP. No one is going to do it, so the comment from Aretak was not based on merit or factual information.
Posted on Reply
#39
TheinsanegamerN
AretakYou seem pretty clueless for an "enthusiast", but then I know you're just a fanboy running damage control. I'd enjoy seeing you try to weasel word an explanation for how Xenia doesn't need DX12, given it's the only maintained backend it has.
Can you please show people using haswel''s integrated GPU to run emulated xbox 360 games, of which the intel chip was uanble to play the native ports at anything approaching playable settings?

zero emulators that are actually PLAYABLE on the haswell GPU need DX12, and anything else will need more GPU power then haswell provides. Even the GT 1030 is a huge jump upwards. Most videos on youtube of Xenia show the use of a RTX 2060, and it is not always able to maintain even 30 FPS.
Posted on Reply
#40
LabRat 891
lexluthermiesterYes, it is. How else would you suggest they deal with the problem? Do you really expect Intel to reegineer a CPU series that is many generations old? No, and no one should expect them too. As stated above, the Haswell IGP is incapable of running DX12 titles at playable quality so disabling the API is an entirely valid and acceptable solution to the security problems at play.
Haswell was brought out of EOL during this 'shortage'. Therefore, for business and industry, at least some of these CPUs are still sold and supported some places.

Intel has just set the precedent that they can and will remove and disable Active product features. That is the disturbing part.
I don't expect them to reengineer a product, but I would've expected them to provide microcode updates and workarounds.

What this implies, is Intel can continue to 'play fast and loose' with security, and simply start disabling those exploitable features post-purchase. Imagine a small-med business that has invested tens of thousands of dollars in Xeons or Xe products, and Intel several years later just decides to disable a key feature 'in the name of security', while the product is still Active.
Posted on Reply
#41
Tigger
I'm the only one
LabRat 891Haswell was brought out of EOL during this 'shortage'. Therefore, for business and industry, at least some of these CPUs are still sold and supported some places.

Intel has just set the precedent that they can and will remove and disable Active product features. That is the disturbing part.
I don't expect them to reengineer a product, but I would've expected them to provide microcode updates and workarounds.

What this implies, is Intel can continue to 'play fast and loose' with security, and simply start disabling those exploitable features post-purchase. Imagine a small-med business that has invested tens of thousands of dollars in Xeons or Xe products, and Intel several years later just decides to disable a key feature 'in the name of security', while the product is still Active.
The main point is several years, when i'd be inclined to say whatever.
Posted on Reply
#42
Vya Domus
lexluthermiesterYes, it is. How else would you suggest they deal with the problem? Do you really expect Intel to reegineer a CPU series that is many generations old? No, and no one should expect them too. As stated above, the Haswell IGP is incapable of running DX12 titles at playable quality so disabling the API is an entirely valid and acceptable solution to the security problems at play.
A "fix", implies there was something wrong with the product and the issue was now fixed, restoring any functionality that was affected. Disabling a feature can be describes as anything but a fix, if anything the product is now even more broken since it's missing a functionality that it had before.

Of course you can't actually play DX12 titles properly on these iGPUs anyway and no one is going to cry their eyes out for this but it's still pretty ridiculous to call something a "fix" when it clearly isn't.
Posted on Reply
#43
AlwaysHope
Gotta thank the hackers who found these exploits, in an ironic way they are doing ALL of us a service. :rolleyes:
Posted on Reply
#44
TheoneandonlyMrK
Hopefully they don't regress later models with this thing they just found out about?!
Posted on Reply
#45
lexluthermiester
LabRat 891Haswell was brought out of EOL during this 'shortage'.
Oh, how so?(I'm calling BS on this because it's total nonsense.)
Vya DomusA "fix", implies there was something wrong with the product and the issue was now fixed, restoring any functionality that was affected. Disabling a feature can be describes as anything but a fix, if anything the product is now even more broken since it's missing a functionality that it had before.

Of course you can't actually play DX12 titles properly on these iGPUs anyway and no one is going to cry their eyes out for this but it's still pretty ridiculous to call something a "fix" when it clearly isn't.
Once again, Intel can NOT be expected to re-engineer a product that is EOL and many generations old. If disabling the software API which is being used as the attack vector is the only viable option, it IS a valid solution.

Just because that solution does not meet the satisfaction of a few people who fail to properly understand the problem does not make it any less a valid solution.
Posted on Reply
#46
AlwaysHope
lexluthermiesterOnce again, Intel can NOT be expected to re-engineer a product that is EOL and many generations old. If disabling the software API which is being used as the attack vector is the only viable option, it IS a valid solution.

Just because that solution does not meet the satisfaction of a few people who fail to properly understand problem does not make it any less a valid solution.
One of the best comments on here to put the whole issue into perspective.
Posted on Reply
#47
Mussels
Freshwater Moderator
Intel discovers PC's have greater security if you don't turn them on, suggests disconnecting power supplies
Posted on Reply
#48
Vya Domus
lexluthermiesterOh, how so?(I'm calling BS on this because it's total nonsense.)


Once again, Intel can NOT be expected to re-engineer a product that is EOL and many generations old. If disabling the software API which is being used as the attack vector is the only viable option, it IS a valid solution.

Just because that solution does not meet the satisfaction of a few people who fail to properly understand the problem does not make it any less a valid solution.
Not. A. Fix.

End of story, you can argue all you want.
Posted on Reply
#49
AusWolf
After extensive research, I've found that removing your CPU from your motherboard results in a fix against all vulnerabilities. Malicious code cannot run on a CPU that's not present.
lexluthermiesterYes, it is. How else would you suggest they deal with the problem? Do you really expect Intel to reegineer a CPU series that is many generations old? No, and no one should expect them too. As stated above, the Haswell IGP is incapable of running DX12 titles at playable quality so disabling the API is an entirely valid and acceptable solution to the security problems at play.
I have to disagree with that one. The term "fix" means making something that's broken work again. You wouldn't fix a leaking toilet by permanently disconnecting it from your water supply, would you?
Posted on Reply
#50
InhaleOblivion
Thankfully the last Intel 4 series build I have, has been retrofitted to my sons' Roblox/Fortnite system. The most intensive game they play on it is Destiny 2 and Warframe. Appreciate the heads up that the upcoming 12 series has the exact same bug.
Posted on Reply
Add your own comment