• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Major Intel CPU Hardware Vulnerability Found

Status
Not open for further replies.
Joined
Jun 28, 2016
Messages
3,595 (1.88/day)
No spreading FUD, please.
Meltdown was discovered independently by Jann Horn from Google's Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology, as well as Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology.[19] The same research teams that discovered Meltdown also discovered a related CPU security vulnerability now called Spectre
Not what I meant.
Project Zero was the first to discover and inform CPU makers about these problems (which they did in June). The issue wasn't made public to give CPU manufacturers time to fix it.
However, it leaked some time before the planned patch launch date.
There's a good article about this situation:
https://arstechnica.com/gadgets/201...el-apple-microsoft-others-are-doing-about-it/
"It's true that AMD didn't actually reveal the details of the flaw before the embargo was up, but one of the company's developers came very close. Just after Christmas, an AMD developer contributed a Linux patch that excluded AMD chips from the Meltdown mitigation. In the note with that patch, the developer wrote, "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
(...)
For a company operating under an embargo, with many different players attempting to synchronize and coordinate their updates, patches, whitepapers, and other information, this was a deeply unhelpful act."

The patch note is from Dec 26. I've seen some forum discussions about it on 27-28 already.
 
Joined
Mar 10, 2010
Messages
9,204 (2.18/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 32Gb in four sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Silicon power qlc nvmex3 in raid 0/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd
Display(s) Samsung UAE28"850R 4k freesync.
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Not what I meant.
Project Zero was the first to discover and inform CPU makers about these problems (which they did in June). The issue wasn't made public to give CPU manufacturers time to fix it.
However, it leaked some time before the planned patch launch date.
There's a good article about this situation:
https://arstechnica.com/gadgets/201...el-apple-microsoft-others-are-doing-about-it/
"It's true that AMD didn't actually reveal the details of the flaw before the embargo was up, but one of the company's developers came very close. Just after Christmas, an AMD developer contributed a Linux patch that excluded AMD chips from the Meltdown mitigation. In the note with that patch, the developer wrote, "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
(...)
For a company operating under an embargo, with many different players attempting to synchronize and coordinate their updates, patches, whitepapers, and other information, this was a deeply unhelpful act."

The patch note is from Dec 26. I've seen some forum discussions about it on 27-28 already.
Still trying to run up your intel share portfolio i see.
 
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
but I believe Microsoft is trying to shake some guilt off over the mess done
Why should Microsoft have any guilt? It's a processor problem. Microsoft does not make Intel, AMD or ARM processors. The flaw is in processors designed by Intel, AMD and ARM. Not Microsoft.

Three different processor manufacturing companies making CPUs designed to run various operating systems and who gets the blame and is expected to accept guilt? Microsoft. :kookoo: :rolleyes:

I don't get why some just have to blame Microsoft for every and anything that goes wrong, or even might go wrong. There are plenty of screwed up things Microsoft has actually done that deserves our scorn, why do some feel it necessary to pour gas on the fire? These clear biases and down right hatred makes no sense. But worse, it spreads unwarranted, misdirected fear and loathing and misinformation. :banghead:

In another thread where the mods thankfully shutdown, you have folks calling Microsoft "immoral", "greedy", "morons", "foul", "sneaky", "blatantly dishonest" "dbags" because they have a program that offers Windows 10 for free to "people with disabilities" - but not to able-bodied people. :rolleyes: And just because Microsoft is such an evil company, it is okay for able-bodied people to grab those free licenses intended for people with disabilities too. Who's being greedy?

Microsoft can't catch a break even when they are trying to do something good.

For decades Microsoft have been blamed for the security mess we are in when it was the bad guys who put us here and the anti-malware industry who failed to stop them - after they (Norton, McAfee, CA, TrendMicro, and the others) cried and whined to Congress and the EU it was their job to do so. But who got blamed? Microsoft.

Now you want to blame Microsoft for a flaw in microprocessors made by other companies? They did not require those processor makers to put that vulnerability in there! They are just trying to mitigate the severity for now because it is easier at the software level than it is at the hardware level where the real and permanent fix must occur.

Do you blame MacOS and Linux too? Are they guilty? Why not? Those system are affected too!

If Microsoft is not perfect in everything they do, someone will find fault and bash them relentlessly, then others will blindly follow. Who out there is perfect?

Gee whiz. Bash where bashing is due and I will defend your right to do so with vigor. But senselessly bash the innocent and I will defend them (regardless their past sins) with the same vigor!

And speaking of those in the security industry, where have they been for the last 23 years? Huh? Where? This flaw apparently affects some Intel processors manufactured since 1995! Why was it not discovered until just recently? And you want to blame Microsoft?

Pure FUD and biased MS bashing! :kookoo: :mad: :( The problem is serious enough without MS biases and MS bashing rumormongering based on falsehoods.

Why is there even all this effort to place blame? Does that solve anything? Especially on a problem that goes back 23 years?
 
Joined
Apr 16, 2010
Messages
3,303 (0.79/day)
Location
Portugal
System Name Dust gatherer (ol' Dale-y)
Processor AMD Ryzen 7 1700
Motherboard MSI X370 Gaming Plus
Cooling Noctua NH-C12P SE14 + NM-AM4 + NF-P14r
Memory 2x 8GB G.Skill Trident Z (F4-3200C16D-16GTZB)(Hynix)
Video Card(s) Sapphire Pulse AMD Radeon RX 5500 XT 8GiB
Storage HyperX Savage 240GB + KC300 240GB + 750EVO 500GB
Display(s) LG Flatron W2361V 23'' FHD (RN a 24'' IPS HP oldie)
Case NOX Blaze w/random fans and no aRrGeeBee
Audio Device(s) Creative SoundBlasterX AE-5 + GigaWorks t40 series II
Power Supply Corsair TX650M
Mouse Microsoft Comfort Mouse 4500
Keyboard Logitech Media Keyboard (PS/2)
Software Windows 10 x86-64 (1909)
Benchmark Scores Needs a reinstall...but it used to play a game or two in TV resolution from time to time, in 2019
Bill...like calm down for a minute.
I wrote that as purely my opinion. I didn't try to set it in stone.
To me, developers writing code, releasing it, stating "MUST USE" and then, if shit hits the fan go all "wasn't me", just doesn't sound responsible.
Pointing all the blame to the hardware manufacturer for products that have existed since 2006 and have survived 4 supported OS iterarions on Windows alone (XP, Vista, 7 and 8.1) isn't...well, reasonable, to me.
 
Last edited:
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
I don't care why you wrote it. You are entitled to your opinion and I will defend your right to express it - where appropriate. But in a technical discussion, it should be based on fact, not biases and misinformation.
Pointing all the blame to the hardware manufacturer for products that have existed since 2006 and have survived 4 supported OS iterarions on Windows alone (XP, Vista, 7 and 8.1) isn't...well, reasonable, to me.
It is not the job of OS developers to reverse engineer processors (devices with billions of transistor gates and millions of instruction sets) looking for obscure security flaws. It is the job of the hardware manufacturers and those security organizations who have put themselves in the position of detecting such flaws.

I said my piece. Now please stop spreading more FUD and stick with the facts. There are plenty of real and true facts to place real and deserving blame where it belongs - since placing blame seems to be your goal here.
 
Joined
Mar 10, 2010
Messages
9,204 (2.18/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 32Gb in four sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Silicon power qlc nvmex3 in raid 0/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd
Display(s) Samsung UAE28"850R 4k freesync.
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
I don't care why you wrote it. You are entitled to your opinion and I will defend your right to express it - where appropriate. But in a technical discussion, it should be based on fact, not biases and misinformation.
It is not the job of OS developers to reverse engineer processors (devices with billions of transistor gates and millions of instruction sets) looking for obscure security flaws. It is the job of the hardware manufacturers and those security organizations who have put themselves in the position of detecting such flaws.

I said my piece. Now please stop spreading more FUD and stick with the facts. There are plenty of real and true facts to place real and deserving blame where it belongs - since placing blame seems to be your goal here.
Playing fair Bill, the mucks being thrown quite widely on this one and everyone's deserved of a bit of it , they do all talk after all, and the continuing emergant cockups are just adding fuel to a few fires.
I don't think we're going to be passed this for a bit.
 
Joined
Mar 6, 2017
Messages
2,295 (1.38/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) Gigabyte GeForce RTX3060 12GB (https://www.techpowerup.com/gpuz/details/d6y4u)
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and HP 2311x (DVI/HDMI)
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Gee whiz. Bash where bashing is due and I will defend your right to do so with vigor. But senselessly bash the innocent and I will defend them (regardless their past sins) with the same vigor!
The same can be said about Apple, the Apple hate train is just as packed as the Microsoft hate train is. I swear that hating on both Microsoft and Apple have become some sort of e-sport, the "in" or "cool" thing to do just because everyone else is doing it. Oh, since everyone else is doing it I don't want to feel left out so give me that ticket to board the hate train! All aboard the hate train! Next stop is Microsoft... get your pitchforks and torches ready, it's going to be a real hoot!

Edit
You see, I'm not a fanboy in any sense of the word. I will defend a company when the need arises and I will bash them with the same amount of vigor when that need arises. People are blaming Microsoft for this crap when you really should be blaming Intel. As @Bill_Bright said, how long has this been an issue? More than a decade! But oh no, we can't blame Intel... we're going to blame Microsoft who had no part in it other than trying to patch the systems against Intel's screw-up. If it weren't for Intel's screw-up we would not be in this mess to begin with!!! Put the blame where the blame is due... at Intel's feet.
 
Last edited:
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
The same can be said about Apple, the Apple hate train is just as packed as the Microsoft hate train is.
That's very true. But the numbers are much smaller so they don't get the same level of attention or make near as much noise.
they do all talk after all
And that's a good thing. I don't think there is any evidence of hiding (except from the general public - and therefore the bad guys) or worse, any signs of a cover up. What I see is Microsoft, ASUS, Gigabyte and others trying to be proactive and releasing patches and updates as quickly as possible And that's a good thing.
 
Joined
Mar 10, 2010
Messages
9,204 (2.18/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 32Gb in four sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Silicon power qlc nvmex3 in raid 0/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd
Display(s) Samsung UAE28"850R 4k freesync.
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
That's very true. But the numbers are much smaller so they don't get the same level of attention or make near as much noise.
And that's a good thing. I don't think there is any evidence of hiding (except from the general public - and therefore the bad guys) or worse, any signs of a cover up. What I see is Microsoft, ASUS, Gigabyte and others trying to be proactive and releasing patches and updates as quickly as possible And that's a good thing.
True i do however think it's not going to pan out for some , my phones now on the ropes because of this(zenphone2) it shouldn't be as it's still a good and viable phone but it won't receive Any fix and for that im angry at many companies ,intel asus Google, pile of nobs just chasing now cash.
Then there's the millions of motherboards and devices that wont get a patch ,any asus mobo over two years gets dropped clean off the update lists , and it's likely the same with some others so if a OS patch , firmware patch and mobo bios are all requirements of a fix some are definitely SOL.
That some would be millions , this needs much more clarity on what Is required to mitigate it per system type etc.

I sure as shit wont be seen defending asus intel or ms or Google on meltdown and spectre.
They're all complicit with implementing features that have proved to have been made too insecure by design, that's all of them to blame equally.
Though i get defending an unbalanced blame post:).
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
32,228 (6.20/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
I have to, but I believe Microsoft is trying to shake some guilt off over the mess done, so that the line of fire remains aimed at CPU makers.
Ryzen was a completely different situation. New tech being released vs. early support being pushed within NDA period.
Conspiracies against AMD? please...

Microsoft was providing the patch for every system, issue arised on older AMD processors/chipsets. Microsoft has since halted patching for AMD-detected systems.

Just to be on safe side we should be aware of Patches for Intel, make sure they dont show up on AMD Winupdate lists by having those KBs listed that should be intel only for fixing them.
 
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
Then there's the millions of motherboards and devices that wont get a patch ,any asus mobo over two years gets dropped clean off the update lists , and it's likely the same with some others
True, but the vast majority of those boards will not likely be exposed to the exploits those flaws might imposed. Are they running multiple VM environments on a system with public access where a bad guy with access to one VM accesses data in memory used by another VM? That's a pretty specific scenario that doesn't apply to many home users.
 
Joined
Mar 10, 2010
Messages
9,204 (2.18/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 32Gb in four sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Silicon power qlc nvmex3 in raid 0/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd
Display(s) Samsung UAE28"850R 4k freesync.
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
True, but the vast majority of those boards will not likely be exposed to the exploits those flaws might imposed. Are they running multiple VM environments on a system with public access where a bad guy with access to one VM accesses data in memory used by another VM? That's a pretty specific scenario that doesn't apply to many home users.
Agreed but that's with the risk potential as is , an attack vector can be expanded upon over time.
Hopefully you are right about this still in six or twelve months.
But i do think more clarity is required by OEMs as to what they will and wont be required to do and what is or isn't updated personally, hopefully that comes with time.
 
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
But i do think more clarity is required by OEMs as to what they will and wont be required to do and what is or isn't updated personally, hopefully that comes with time.
This fix will not be cheap. OEMs with deeper pockets will be better able to absorb the expense. So I suspect ASUS, Gigabyte, MSI and some of the other big name boards will be more supportive - especially if it only takes a BIOS firmware update.

Lessor known brand owners may be out of look sooner.

That said, not sure the OEMs will be "required" to do anything.

More clarity all around is required. But in order to keep valuable information from the bad guys, it may not be that forthcoming. Like it or not, that is probably the best policy too.
 
Joined
Sep 17, 2014
Messages
15,308 (5.97/day)
Location
The Washing Machine
Processor i7 8700k 4.6Ghz @ 1.24V
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Gigabyte G34QWC (3440x1440)
Case Fractal Design Define C TG
Audio Device(s) Situational :)
Power Supply EVGA G2 750W
Mouse Logitech G502 Protheus Spectrum
Keyboard Lenovo Thinkpad Trackpoint II (Best K/B ever... <3)
Software W10 x64
I have to side with @Bill_Bright here, I think the industry is doing a pretty good job at providing and fixing quality product, and a 'blame game' has no place here.

That being said, this is not purely a 'technical discussion' (lets be fair, there is little for us to figure out here), and it still is interesting to see how different companies react to this in different ways. It shows a certain company culture, and once you can discern that, you get a pretty solid feel for how companies are likely to act. I think @notb commenting on how AMD communicates to and within the industry is a very good example of that, and another really good example was the first press release Intel sent out where it explicitly mentioned other companies and made it a core piece of that text. Every company right now is completely out of their comfort zone, out of their 'managed PR'. We get to see things as they are from very close by right now. You just need to read between the lines.

The problem is mostly with the reader, not the writer. We all need to let go of the idea that every comment directed at whichever company automatically labels one as a fanboy. If we can do that, we can be a community of like-minded individuals that look at the industry and form opinion about it. And perhaps discover some things along the way.
 
Joined
Jul 25, 2006
Messages
8,955 (1.62/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
another really good example was the first press release Intel sent out where it explicitly mentioned other companies and made it a core piece of that text.
Not to drive this off on yet another OT tangent, I wonder how much of that first press release was dictated by company shysters... err... lawyers trying to mitigate liability issues?

''The first thing we do, let's kill all the lawyers''. William Shakespeare, Henry VI, Part 1. 1591.
 
Joined
Mar 23, 2016
Messages
4,829 (2.40/day)
Processor Ryzen 7 3800X
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory PNY Anarchy-X XLR8 Red DDR4-3200 16GB kit & PNY Anarchy-X XLR8 Red DDR4-2666 16GB kit
Video Card(s) MSI GeForce RTX 2060 GAMING Z 6G
Storage Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s) Samsung SyncMaster C27H711
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v21H1
New Intel Microcode Update from Intel for Linux: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t

Release notes don't say much as usual...
The microcode update provides hardware support for "branch target injection." Windows patch is showing this after I used the VMware driver. For whatever reason though Windows doesn't want to enable that part of the patch even if I force it by registry key.
Untitled.png

Reverting to the November microcode update
Untitled.png
 
Last edited:
D

Deleted member 163934

Guest
The microcode update provides hardware support for "branch target injection." Windows patch is showing this after I used the VMware driver. For whatever reason though Windows doesn't want to enable that part of the patch even if I force it by registry key.
View attachment 95713

Reverting to the November microcode update
View attachment 95716

Same here.
I suspect that Windows is checking before the new microcode is loaded by vmware driver and because the check fails it doesn't enable it.
Microsoft might actually have to provide the microcode update via WU for older cpu because I doubt all mb manufacturer will release bios updates for mb that aren't sold for years. Some do but there are others that just don't really bother to update the bios even when there are obvious problems with it...
 
Joined
Aug 18, 2017
Messages
330 (0.22/day)
I suspect that Windows is checking before the new microcode is loaded by vmware driver and because the check fails it doesn't enable it.
Yup, exactly.
It's interesting why microsoft simply does not push new microcodes into the system. They had no problem previously doing that and accidentally hurting G3258 OC on cheap mobos :rolleyes:
Updating microcode should be also doable with some simple pre-os utility, that would just update the microcode - somehow similar to how diy egpu setup works.
It would be a much less invasive alternative to bios modding :)

Anyway, updating microcode was easy. I also disabled ME - just because I can :D
z97 fixed.png
 
Joined
Oct 2, 2004
Messages
13,791 (2.22/day)
Easy to use tool to check for Spectre/Meltdown vulnerability:
https://www.ashampoo.com/en/usd/pin/1304/security-software/Ashampoo-Spectre-Meltdown-CPU-Checker

It's just odd that it's still showing AMD system as "Vulnerable" for Spectre. MS only distributed patches for Meltdown so far? The system also had BIOS updated which addresses this vulnerability (dated December 2017). CPU is AMD A9-9420 APU (Stoney Ridge).

Use this command in PowerShell afterwards because Ashampoo for some dumb reason doesn't set it back after the test:
Set-ExecutionPolicy -ExecutionPolicy Default -Scope CurrentUser
 
Last edited:
Joined
Mar 23, 2016
Messages
4,829 (2.40/day)
Processor Ryzen 7 3800X
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory PNY Anarchy-X XLR8 Red DDR4-3200 16GB kit & PNY Anarchy-X XLR8 Red DDR4-2666 16GB kit
Video Card(s) MSI GeForce RTX 2060 GAMING Z 6G
Storage Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s) Samsung SyncMaster C27H711
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v21H1
An Update on AMD Processor Security 1/11/2018

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.
At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.
  • Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
    • We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
    • Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
    • Linux vendors are also rolling out patches across AMD products now.
  • GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    • While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
    • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
    • Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
  • GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
    • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.
Mark Papermaster,
Senior Vice President and Chief Technology Officer

Source: An Update on AMD Processor Security 1/11/2018

It's just odd that it's still showing AMD system as "Vulnerable" for Spectre.
Probably because AMD's processors are vulnerable to Spectre going by their latest update they just posted.


Update from Intel on the performance impact of a patched system with Skylake up to Coffeelake if anyone missed yesterdays update.

Jan. 10 Performance Data Results

Today we are sharing data on several 6th, 7th and 8th Generation Intel® Core™ processor platforms using Windows* 10. We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms.

The performance impact of the mitigation on 8th generation platforms (Kaby Lake, Coffee Lake) with SSDs is small. Across a variety of workloads, including office productivity and media creation as represented in the SYSMark2014SE benchmark, the expected impact is less than 6 percent. In certain cases, some users may see a more noticeable impact. For instance, users who use web applications that involve complex JavaScript operations may see a somewhat higher impact (up to 10 percent based on our initial measurements). Workloads that are graphics-intensive like gaming or compute-intensive like financial analysis see minimal impact.

Our measurements of the impact on the 7th Gen Kaby Lake-H performance mobile platform are similar to the 8th generation platforms (approximately 7 percent on the SYSMark2014SE benchmark).

For the 6th generation Skylake-S platform, our measurements show the performance impact is slightly higher, but generally in line with the observations on 8th and 7th generation platforms (approximately 8 percent on the SYSMark2014SE benchmark). We have also measured performance on the same platform with Windows 7, a common configuration in the installed base, especially in office environments. The observed impact is small (approximately 6 percent on the SYSMark2014SE benchmark). Observed impact is even lower on systems with HDDs.

As we collect more information across the broad range of usages and Intel platforms, we will make it available. Within the next week, we intend to offer a representative set of data for mobile and desktop platforms that were launched within the past five years. For those Intel customers who are worried about performance impacts, you should know that we will work on creative solutions with our industry partners to reduce those performance impacts wherever possible.

Untitled.png
Source: Intel Security Issue Update: Initial Performance Data Results for Client Systems
 
Last edited:
Joined
Jun 28, 2016
Messages
3,595 (1.88/day)
  • GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
    • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
It took them a week to go from "Zero AMD vulnerability due to AMD architecture differences." to "we believe we're not susceptible, because we've included countermeasures ".
Also, they still didn't show any sign they've actually analyzed the problem or replicated Project Zero's results. I'd expect an extensive publication by now - ARM and Intel gave them a week ago...

Seriously, this is not how you win enterprise clients. Even if the patches slow down Intel by 30% and don't touch AMD at all (unlikely), companies will just buy more Xeons...
 
Joined
Nov 9, 2010
Messages
5,194 (1.31/day)
Processor Intel i7 950 @ 3.2GHz
Motherboard ASUS P6X58D-E
Cooling Corsair H50 push/pull
Memory Kingston HyperX 1600 8GB
Video Card(s) Sapphire HD 7970 OC
Storage Plextor M5P 128GB/WD Black 2x1TB,1x6TB/Seagate 1TB
Display(s) Panasonic TC-L32U3
Case Antec DF-85
Audio Device(s) Yamaha RX-V371 AVR
Power Supply XFX 850w Black Edition
Mouse Logitech G402
Keyboard Logitech K120
Software W10 Pro 64 bit
Never mind AMD's response, what's their excuse for not knowing, or at least claiming to not know this was going to be a problem when designing the chips? How is it when this kind of thing comes out, only Intel gets accused of cleverly hiding the truth? AMD may make a lot of bone headed marketing decisions, but it's not like their design guys are total imbeciles. I'm sure they must have seen this vulnerability, especially since server farms and the cloud have been around so long. It's mostly those corporations that use them and their many customers that deserve at least an honest answer. Most of us mere individual PC users aren't going to be affected by it at all in comparison.

For the record, I'm not saying Intel doesn't have dirt on their hands, I'm saying both of them do. I look at this stuff with the same bad taste in my mouth I get from US politics lately. They both sling muck at each other, and feign innocence, while the customers are caught in the middle. This is also kind of like how bank derivatives got out of control. Many saw it as a potential financial crisis coming, but too many were just pretending it would iron itself out. There's a lot to be said for preventative maintenance when it comes to design time. I hope both sides have learned their lesson from this.
 
Last edited:

johnspack

Here For Good!
Joined
Oct 6, 2007
Messages
5,673 (1.11/day)
Location
Nelson B.C. Canada
System Name Blacknet
Processor E5-2697v2 Xeon
Motherboard Asus P9X79 Pro
Cooling Noctua NH-D14/7case fans
Memory 32gb Gskill 1866 Cas9
Video Card(s) EVGA FTW GTX 980 Ti ACX 2.0+
Storage Toshiba 3TB, x300 Toshiba 5TB, 2x EVO 850 250GB, 2x EVO 860 500GB, LG 14x Blu-Ray Rewriter
Display(s) 24" LG 24GL600F 144HZ, 23" Asus VZ239H IPS
Case Antec 1200
Audio Device(s) Asus Xonar MKII+ AKG Q701 Studio Monitors
Power Supply XFX XTR 750 Gold
Mouse Logitech G900 Chaos Spectrum
Keyboard Ducky One 2 RGB
Software Kubuntu 21.04
Benchmark Scores It's linux baby!
Yep, here it comes, let's see what it does to my vms..... diddly squad so far, whee!
 
Last edited:
Joined
Mar 23, 2016
Messages
4,829 (2.40/day)
Processor Ryzen 7 3800X
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory PNY Anarchy-X XLR8 Red DDR4-3200 16GB kit & PNY Anarchy-X XLR8 Red DDR4-2666 16GB kit
Video Card(s) MSI GeForce RTX 2060 GAMING Z 6G
Storage Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s) Samsung SyncMaster C27H711
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v21H1
Yep, here it comes, let's see what it does to my vms..... diddly squad so far, whee!
Since your chip is Sandybridge maybe skip out on the microcode update for Spectre but patch for Meltdown? I'm considering going that direction myself.
 
Status
Not open for further replies.
Top