• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Foreshadow, this is another CPU vulnerability thing..

lexluthermiester

lexluthermiester

Joined
Jul 5, 2013
Messages
30,553 (7.07/day)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615

Put short, this is the fifth major vulnerability found in Intel CPU's and is very likely to affect at least some other CPU lines.

Details in the video below;

EDIT;
Having read into this further, there is indeed a great potential that AMD's CPU lines may be affected as well as most ARM SOC's, though that is just speculation on my part.
 
Last edited:
Last edited:
MrGenius said:
Wait...what? This is just part of the group of vulnerabilities described as the L1 Terminal Fault. Which was already publicly disclosed and addressed with patches in Cumulative Updates.
Click to expand...
There have been no patches for this vulnerability. Microsoft's responses did not indicate patches being actively deployed, indicating that there are none for this vulnerability. Given that the problem is still being investigated this is not surprising.

Look like TPU's on the case;
https://www.techpowerup.com/246795/...ility-affects-intel-processors-mitigation-out
 
Last edited:
lexluthermiester said:
There have been no patches for this vulnerability. Microsoft's responses did not indicate patches being actively deployed, indicating that there are none for this vulnerability. Given that the problem is still being investigated this is not surprising.
Click to expand...
Dude...the loop...you are outside of it. Trust me. Patches deployed. Mitigation techniques divulged.

Microsoft said:
Microsoft is aware of a new speculative execution side channel vulnerability known as L1 Terminal Fault (L1TF) which has been assigned multiple CVEs as noted in the following table.

CVE / Name / Applicability
CVE-2018-3615 / L1 Terminal Fault / Intel® Software Guard Extensions (SGX)
CVE-2018-3620 / L1 Terminal Fault / Operating System (OS), System Management Mode (SMM)
CVE-2018-3646 / L1 Terminal Fault / Virtual Machine Manager (VMM)

Microsoft has released several updates to help mitigate this vulnerability. To get all available protections, firmware (microcode) and software updates are required.

Recommended Actions

  1. The best protection is to keep your computers up to date. You can do this by taking advantage of automatic updates.
Click to expand...
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018

If there have been no patches for this vulnerability...then how did my OS get the software patch for it(as in the L1 Terminal Fault) with the latest Windows 10 Cumulative Update?
L1TF patched 2.png


Intel said:
The microcode updates we released earlier this year, when coupled with operating system and hypervisor software updates released by our industry partners starting today, ensure consumers, IT professionals, and cloud service providers, have access to the protections they need.
Click to expand...
Quoted verbatim from the vid found here:
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
 
Last edited:
lexluthermiester said:
Sorry folks. To be fair I made this post before seeing TPU's article. Also hadn't read that far into things yet.
Click to expand...

No need to apologize: i just think it's better for the focus of this topic's discussion to be in a single thread, instead of in multiple threads.

When i saw this topic, i thought it was another, different one. Besides, i too made a topic about this very flaw, which i then reported, for the exact same reason.
 
You must log in or register to reply here.
Back
Top