Major Intel CPU Hardware Vulnerability Found

[biffzinker]

I mean it looks like Gigabyte currently shows 134 boards for the 1155 socket alone! That's more than a few dozen already. The 1150 has almost as many and the 1150 has 143! And the 775 socket has 195!That's 600 boards just for those 4 sockets.

If the major motherboard brands didn't have so many variations of the same chipset/socket but instead had been more sensible with their product catalog for past/future boards it wouldn't of been such a huge time sink issuing firmware updates.

 

[Bill_Bright]

If the major motherboard brands didn't have so many variations of the same chipset/socket but instead had been more sensible with their product catalog for past/future boards it wouldn't of been such a huge time sink issuing firmware updates.

I agree but they would not make so many models and variations of models if us consumers didn't demand them.

 

[TheoneandonlyMrK]

I don't think it is strange. It makes sense to me - from a business decision. Gigabyte is a hardware maker. No doubt their programming staff is not very big. So their limited resources must be concentrated on those Gigabytes platforms that are currently in design, development or in production stages. It would be bad business to sell brand new products that are flawed leaving the factory.
I don't think you appreciate the complexity of the task.

It is not like calling up the source code, edit a couple lines, compile and save the code and be good to go.

And re-tooling a high-tech processor manufacturing plant is a major, extremely complex process too.

Plus it is not just CPU makers involved but countless partners and competing OEMs who all must make a coordinated effort to develop, test and distribute fixes.

I am not blaming everything on bad journalism and FUD. But I sure am blaming bad journalism and their FUD for exaggerating the threat and stirring up and creating unrealistic expectations in people who don't really understand or appreciate the problem, or how to correct it.

It seems you and your fellow believers are just mad because you and the public were not made aware of this issue sooner. Well, anyone who's worked in security for any length of time knows and appreciates there are many things the public (which includes the badguys) does not need to know about. But that does not mean there are not many dedicated people working behind the scenes to protect us. That is exactly why Intel, AMD, Google Microsoft and others all agreed to keep the details under wraps.

But that does not mean I don't put any blame on Intel as you also seem to believe. The flaw is in Intel chips. Chips they designed and manufactured. That's on them. And their PR department (probably with the help of their shyster... err... I mean legal department) blew it by downplaying the problem when it first went public.

But the fact remains related flaws are found in competing processors too. Intel did not force those flaws on AMD or ARM processors. But as is typical, the one with the deepest pockets gets the most wrath. That, and the unrealistic expectations and blown out of proportion threats are what I am defending against.

Apple has indicated that all iPhones, iPads and modern Mac devices are affected by Meltdown. Where's the wrath against them?

Is the threat serious? Of course. I have never denied that. But is it unlikely any of us reading this thread has, or ever will be compromised by a badguy exploiting it.

Its not a flaw ,its a f^ck$p in forward thinking yes but not a flaw ,it works just as intended , and despite being knowledgable you seam to keep getting the details wrong NO EXPLOIT HAS BEEN SHOWN on AMD systems its just a potential attack vector they accepted they are vulnerable to thats a big difference, significantly many flaws have been exposed and demonstrated on intel hardware directly relating to their ass hat workings and spectre /meltdown and the follow up patching they have done.

also you keep saying this is overblown way WAY before its ended , like it cant get worse from here, dreamy.

 

[NdMk2o1o]

Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?

 

[lexluthermiester]

Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?

AFAIK, the Spectre patches are causing the reboots and BSOD's. The Meltdown patch seems to work fine.

 

[biffzinker]

Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?

Microsoft's patch isn't the issue. The microcode update from Intel the motherboard brands have been including in BIOS updates for Spectre is causing the reboot issue.

https://www.techpowerup.com/forums/...t-reboot-issues-post-security-patches.240905/

 

[TheoneandonlyMrK]

Microsoft's patch isn't the issue. The microcode update from Intel the motherboard brands have been including in BIOS updates for Spectre is causing the reboot issue.

https://www.techpowerup.com/forums/...t-reboot-issues-post-security-patches.240905/

Id accept that if I had not fixed three pcs for no boot after patching , there's unreported issues im sure too , my own pc has had a few hangs it did not have pre patch, and in general is not the same, odd lagy moments etc and start menu becoming as responsive as me 8am Monday's.

 

[lexluthermiester]

Id accept that if I had not fixed three pcs for no boot after patching , there's unreported issues im sure too , my own pc has had a few hangs it did not have pre patch, and in general is not the same, odd lagy moments etc and start menu becoming as responsive as me 8am Monday's.

I'll be honest, haven't patched my main systems. Only tested on one and then reverted it back after reading about the problems. The reasons for this is that no one is in possession of the full effects of these vulnerabilities. They are seemingly so difficult to exploit that the chances of a successful go are very remote. Even success with Meltdown is dubious at best. Anyone with a good computing ethic and secure-minded methodologies is not going to be a viable target for attackers anyway.

 

[johnspack]

Slowly pushing it to linux:

 

[londiste]

Its not a flaw ,its a f^ck$p in forward thinking yes but not a flaw ,it works just as intended , and despite being knowledgable you seam to keep getting the details wrong NO EXPLOIT HAS BEEN SHOWN on AMD systems its just a potential attack vector they accepted they are vulnerable to thats a big difference, significantly many flaws have been exposed and demonstrated on intel hardware directly relating to their ass hat workings and spectre /meltdown and the follow up patching they have done.

I do not know about that second part.
From Spectre paper: https://spectreattack.com/spectre.pdf

Experiments were performed on multiple x86 processor architectures, including Intel Ivy Bridge (i7-3630QM), Intel Haswell (i7-4650U), Intel Skylake (unspecified Xeon on Google Cloud), and AMD Ryzen. The Spectre vulnerability was observed on all of these CPUs

 

[TheoneandonlyMrK]

I do not know about that second part.
From Spectre paper: https://spectreattack.com/spectre.pdf

How's about you read your pdf , it confirmed what I said Amd are deamed susceptible but HAVE NOT had it shown as presently doable unlike intel.

 

[_JP_]

So its a big undertaking that really cuts directly into their bottom line with zero chance of recouping even a penny for those efforts.

This is a kudos before profit moment for manufacturers.
It is their responsibility and moral obligation to do so. Investment recoup should not be a consideration as much as market share loss due to bad behaviour on support for their consumers.
However I agree, spanning 600-odd boards for gigabyte alone is indeed a big undertaking...ASUS, I think, has even more

 

[Bill_Bright]

It is their responsibility and moral obligation to do so. Investment recoup should not be a consideration as much as market share loss due to bad behaviour on support for their consumers.

I agree and I note they are addressing the issue. They are not shirking their obligations here. I note they (Gigabyte) already released a BIOS update for my Z170 board 2 weeks ago. And that board has been out of production for nearly 2 years.

That said, not sure holding the motherboard makers responsible for a fault, flaw, bug, mistake (or whatever you want to call it ) they did not create is fair. But I applaud them for stepping up to help correct the problem.

you seam to keep getting the details wrong
also you keep saying this is overblown way WAY before its ended , like it cant get worse from here, dreamy.

It is way overblown and your comment just illustrated that!

And it is you who keep getting the details wrong as it is apparent you don't know the difference between an "exploit" and a "vulnerability". Exploits attack or take advantage of vulnerabilities. Vulnerabilities are flaws, bugs, intentional openings, weaknesses (or whatever you wish to call them) that have the potential to be exploited. And I will say it again, there is no evidence any of these vulnerabilities have been exploited out in the real world.

Therefore, it is people like you, theoneandolymrk, who are blowing this WAY out of proportion with your false claims "it can't get worse from here". It can get much worse if the bad guys learn how to "exploit" this vulnerability and create the necessary malicious code and distribution method to deliver it. But again, that has not happened so please stop with your FUD!

 

[trickson]

I agree and I note they are addressing the issue. They are not shirking their obligations here. I note they (Gigabyte) already released a BIOS update for my Z170 board 2 weeks ago. And that board has been out of production for nearly 2 years.

That said, not sure holding the motherboard makers responsible for a fault, flaw, bug, mistake (or whatever you want to call it ) they did not create is fair. But I applaud them for stepping up to help correct the problem.


It is way overblown and your comment just illustrated that!

And it is you who keep getting the details wrong as it is apparent you don't know the difference between an "exploit" and a "vulnerability". Exploits attack or take advantage of vulnerabilities. Vulnerabilities are flaws, bugs, intentional openings, weaknesses (or whatever you wish to call them) that have the potential to be exploited. And I will say it again, there is no evidence any of these vulnerabilities have been exploited.

Therefore, it is people like you, theoneandolymrk, who are blowing this WAY out of proportion with your false claims "it can't get worse from here". It can get much worse if the bad guys learn how to "exploit" this vulnerability and create the necessary malicious code and distribution method to deliver it. But again, that has not happened so please stop with your FUD!

I am going to agree with you here.
One thing is fact, No one has been affected by this vulnerability or bug. Till then as long as AMD and Intel know about it and are on top of it with BIOS fixes and the such then this is all totally blown out of proportion.
More than likely a PR stunt or a need to generate some News in the Tech industry and turn the focus off the rising RAM and Video card prices due to product manipulation by the big Chip makers!
This is NON-Sequitur, moot, nothing burger. SQUAT!

 

[Bill_Bright]

More than likely a PR stunt or a need to generate some News in the Tech industry

It's a PR stunt and a desire to attract attention for the wannabe journalists trying to get noticed, and for the lemmings who just parrot what they read. That's how falsehoods and exaggerations go "viral".

It is also opportunistic bashings by haters - people who just love to throw shade on others and blow issues WAY out of proportion to make others look bad and themselves good.

turn the focus off the rising RAM and Video card prices

Neither Intel or AMD make RAM so I don't believe it has anything to do with that. And AMD makes graphics cards, so that would just be drawing attention back on themselves.

 

[TheoneandonlyMrK]

It's a PR stunt and a desire to attract attention for the wannabe journalists trying to get noticed, and for the lemmings who just parrot what they read. That's how falsehoods and exaggerations go "viral".

It is also opportunistic bashings by haters - people who just love to throw shade on others and blow issues WAY out of proportion to make others look bad and themselves good.


Neither Intel or AMD make RAM so I don't believe it has anything to do with that. And AMD makes graphics cards, so that would just be drawing attention back on themselves.

You two might not have been affected but I actually have, as i said three fixed pcs since meltdown and Spectre.
One new laptop bought to replace non booter that i know of(my bro is admittedly an ass ,i told him so too).
If the shit didn't need patching because we're all safe then why are all these companies Even bothering.

Cut out the labeling we are not all as asured as you by intels meanderings on the topic sorry but given the botched patching debarkle that followed some have earned the right in lost hours, to say what they feel.

If intel could sit on a flaw knowingly for month's legitimately and reasonably not saying anything , then wtf do you suppose is the timeline for the likes of russia ,china gchq and your Nsa to own up to using said exploits, the Nsa shelves were getting bare after being raided, who knows, sure as shit not you.

Note I didn't start this thread or the drama so stop with the singling out but whatever trevor.

Im no hater and im not the one gaurding this thread and taking on all Comer's big or small soley on intels side regardless but then I've no share's to protect eh.

@trickson I heartily dissagree with your slant on the matter but i remember you well enough to just leave it at that.

 

[Bill_Bright]

So let me get this straight. You are claiming that you have already fixed 3 PCs that somehow, a hacker was able get past all security on those systems, install heretofore unknown malicious code needed to exploit those vulnerabilities on those computers without being detected, then exploit those vulnerabilities and run-off with the data, again without being detected? Is that really what you are claiming?

If that is what you are claiming, then it would appear you are the first in the world and you need to write a paper and become rich and famous.

While meltdown is relatively easy for "a hacker" to exploit, the hacker must still have some how gained access to the machine. How was that possible since Windows, all the major browsers and most antimalware solutions released patches almost immediately, if not before!

Spectre, on the other hand, affects more systems, but is extremely hard to execute and requires an extensive level of knowledge about the target processor. And again, requires the hacker to first gain access to the system to execute his malicious javascript code.

If the shit didn't need patching because we're all safe then why are all these companies Even bothering.

See this is more of the FUD. Nobody said they didn't need patching or that we're all safe. This is you twisting things around.

****

For everybody else, Steve Gibson released a nice little program called InSpectre to see if your computer is safe from these threats.

 

[TheoneandonlyMrK]

So let me get this straight. You are claiming that you have already fixed 3 PCs that somehow, a hacker was able get past all security on those systems, install heretofore unknown malicious code needed to exploit those vulnerabilities on those computers without being detected, then exploit those vulnerabilities and run-off with the data, again without being detected? Is that really what you are claiming?

If that is what you are claiming, then it would appear you are the first in the world and you need to write a paper and become rich and famous.

While meltdown is relatively easy for "a hacker" to exploit, the hacker must still have some how gained access to the machine. How was that possible since Windows, all the major browsers and most antimalware solutions released patches almost immediately, if not before!

Spectre, on the other hand, affects more systems, but is extremely hard to execute and requires an extensive level of knowledge about the target processor. And again, requires the hacker to first gain access to the system to execute his malicious javascript code.
See this is more of the FUD. Nobody said they didn't need patching or that we're all safe. This is you twisting things around.

****

For everybody else, Steve Gibson released a nice little program called InSpectre to see if your computer is safe from these threats.

Not at alll.

Unknown glitches while updating or updated windows 10 , and two were Amd systems hence why im not heavily blaming intel, but im not polishing their ass either.

The affected are on mass already due to the random reboot bs , that's without any direct use on any system if the exploits.

That's already ,despite your heady nonsense, now if they get addapted ,worked on and weaponised.

Which im fairly certain a few are going to be trying to do ie find the loophole in retpoline or some mad deviant of the original issues.

Your move mr calm , hype those comments like you have my others i might yet get famous.
You have misunderstood my meaning a few times so far but understand this, im not hyping it , the vulnerability is none existent at the minute I fully agree ,im not agrieved either, it is what it is.
But I think the total handling of it by All concerned was very poor , worse offenders being intel And Microsoft, though Amd didnt shine either they have done more then apple and arm to quell fears and issues but nonetheless no-one handled it well.

 

[Bill_Bright]

Not at alll.

Unknown glitches while updating or updated windows 10 , and two were Amd systems hence why im not heavily blaming intel, but im not polishing their ass either.

So in the end, now you are saying these 3 computers were NOT exploited through the Meltdown or Spectre vulnerabilities even though you just said in your previous post #367 above,

You two might not have been affected but I actually have

So the truth is, the problems with these three machines is there were "unknown issues" caused [maybe] by a Windows Update, and not the CPU vulnerabilities as you tried to make us believe they were.

So in other words, more FUD, falsehoods, overblown and exaggerated claims, and unwarranted opportunistic bashings.

You were blaming Intel when in reality it was a Microsoft patch and 2 of the machines were AMD. And no you weren't polishing their a$$, instead you were trying to tarnish it further with false claims! I remind you that you also accused us claiming no patches were needed because we're all safe - clearly not true. And you claimed the problem can't get any worse when in fact, it could have been much worse. The bad guys could have found the problem first and released a zero-day exploit before the white-hats, Intel, AMD, motherboard makers, or Microsoft were even aware a problem existed. But again, that did not happen.

Common sense needs to return back to this tread now.

1. Are the "vulnerabilities" serious? Yes! Very serious!
2. But have they been "exploited"? There is no evidence they have.
3. Are they easy to exploit? NO! While Meltdown is easier than Spectre, a badguy will have to gain access with his malicious code to the system first - not an easy task. And for the more serious Spectre, the bad guy would have to have extensive knowledge of the system, and specific targeted CPU, before able to glean any data.
4. Are there patches/fixes? Yes! And most have already been deployed. Operating systems have been updated. Browsers have been updated. Security programs have been updated. And many BIOS firmware updates have been made available.

im not hyping it , the vulnerability is none existent at the minute I fully agree ,im not agrieved either, it is what it is.
But I think the total handling of it by All concerned was very poor , worse offenders being intel And Microsoft, though Amd didnt shine either they have done more then apple and arm to quell fears and issues but nonetheless no-one handled it well.

But you are hyping it and twisting it and exaggerating it. And the "vulnerabilities" DO exist right now! The CPUs have not be replaced. It is "exploits" that are nonexistent, as far as anyone knows at this point in time.

As far as how it is all being handled, I say stop trying to point fingers and place blame while the ship is still taking on water and listing! Help others get their systems updated. Wait for all the facts to come in, until "after-action" reports are done, and the "permanent" fixes are in place. Then go back and learn what was done right and what was done wrong and build an action plan for next time.

And PLEASE stop posting FUD and get back to the facts. And for everyone else, clearly you can't believe everything you read. Do your homework. Make sure your system and security are updated. And don't be "click-happy" on unsolicited links, downloads, attachments and popups - the exact same advise and recommendations for every day security precautions.

 

[trickson]

You two might not have been affected but I actually have, as i said three fixed pcs since meltdown and Spectre.
One new laptop bought to replace non booter that i know of(my bro is admittedly an ass ,i told him so too).
If the shit didn't need patching because we're all safe then why are all these companies Even bothering.

Cut out the labeling we are not all as asured as you by intels meanderings on the topic sorry but given the botched patching debarkle that followed some have earned the right in lost hours, to say what they feel.

If intel could sit on a flaw knowingly for month's legitimately and reasonably not saying anything , then wtf do you suppose is the timeline for the likes of russia ,china gchq and your Nsa to own up to using said exploits, the Nsa shelves were getting bare after being raided, who knows, sure as shit not you.

Note I didn't start this thread or the drama so stop with the singling out but whatever trevor.

Im no hater and im not the one gaurding this thread and taking on all Comer's big or small soley on intels side regardless but then I've no share's to protect eh.

@trickson I heartily dissagree with your slant on the matter but i remember you well enough to just leave it at that.

SO wait YOU have been affected by this 2 times? WTF? Can you prove it? ( I'm not meaning to flame you )
If you have irrefutable evidence that your system was hacked or that your system fell victim to this "BUG" then you have a case. If this is just your going by what you seen and can't prove it then I have to question motives.
So are you saying I am wrong? Okay then Prove it.
I still think it is just pure trumped up tech news for PR. This bug has been in every CPU and EVERY system in the WORLD yet YOU are the only one hit the hardest? I have heard about this bug way back when it was called a bug! they ( AMD & Intel ) used to put out patches for the CPU's all the time it was never any big deal everyone would just install the patch all is good, even if you didn't patch it was still fine.

PROF! That is the key. Just having some test in a lab under lab and controlled condition to try to exploit the bug isn't prof either!
REAL WORLD and REAL PROF is king! Just like the old adage goes :
SCREEN SHOT OR IT DIDN'T HAPPEN!

And GO!

 

[Bill_Bright]

SO wait YOU have been affected by this 2 times? WTF?

Define what you mean by "this". Note he clarified and later said he got "Unknown glitches while updating or updated windows 10". While the updates may be to address the Meltdown and Spectre issues, that does not mean Meltdown or Spectre caused those "unknown glitches".

 

[TheoneandonlyMrK]

It's like speaking to a wall, re read last post, in short

If there was no security issues.

There wouldn't be patches or updates.

Then these updates would not have f#£@ed three pcs i know of and had to fix.

I can't write that any simpler .


And ill get back to your bullshit later bill when i can quote what I choose.


Oh and sorry no screanies were taken when i fresh installed a sandy bridge pc ,or the others but wtf would you expect to see if something wont boot to Os and declares there's no bootable drive.

 

[cadaveca]

You guys are hilarious. You're wasting your time with BIOS updates. There is no properly working BIOS updates yet.

I'll post what Intel said on Monday...:

We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.

It's now Friday, and no updates have come yet, so this microcode isn't ready yet. So anyone thinking they are flashing a BIOS that is going to fix this properly is mistaken.

https://newsroom.intel.com/news/roo...-updated-guidance-for-customers-and-partners/

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.

Like, just... stop. Intel tells you "stop deployment", and ya'all are still thinking you got working BIOSes? Was that BIOS dated after the 22nd, and did that date of the Microcode show as being published just a couple of days earlier? If not, you just broke your system.


Congrats.

 

[Bill_Bright]

It's now Friday, and no updates have come yet, so this microcode isn't ready yet. So anyone thinking they are flashing a BIOS that is going to fix this properly is mistaken.

I don't feel any BIOS patch will ever "fix" the problem because the problem is hard coded into the design of the processors. Patches may mitigate or even totally negate the vulnerabilities. But is a permanent patch a "fix"? I don't believe so in this case because it does not return everything back to "good as new" - or preferably better than new.

Since it is impossible to recall and replace every Apple iPhone and iPad, every affected Intel and AMD processor, etc. the only way to fix this properly is to fix (rewrite) the code going forward. That is, in newly designed/hard coded processors coming off the line.

If there was no security issues.

There wouldn't be patches or updates.

Then these updates would not have f#£@ed three pcs i know of and had to fix.

I can't write that any simpler .

I am not and never have denied Intel deserves some culpability in this - in all of this. But it is not Intel's fault Microsoft rushed a poorly designed and inadequately tested patch out the door that broke some AMD machines! Yet that is exactly where you want to put all of the blame.

I have also repeatedly said the problem is serious, even "very serious". It is just not the FUD or end of the world or "can't get worse from here" scenario as previous suggested.

I see no reason to discuss these side issues further. So I won't.

 

[trickson]