Major Intel CPU Hardware Vulnerability Found

[Zyll Goliat]

I also did quite a lot of benchmarking today and can't really see any noticeable differences. All results are within margin of error.

Ohh sure I don´t think this will impact ordinary users,however it might be different with the Servers and VM......anyway I am always skeptical with any win update

 

[Sasqui]

People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more ROFL

History tends to repeat itself. Intel has been here before.

 

[FYFI13]

People were panicking without even knowing what was really happening LOL

Can't blame them, some "journalists" did really good job at turning it into a big thing. I can bet if this patch was pushed through WU silently, regular (heck, even advanced) users wouldn't even know what happened.

Ohh sure I don´t think this will impact ordinary users,however it might be different with the Servers and VM......anyway I am always skeptical with any win update

After i finished all benchmarking, i wiped my spare SSD and installed this patch on all PC's at home. I see no reasons for home users to not install this patch. Everything works just as it did before.

 

[TheoneandonlyMrK]

People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more ROFL

It's also a security issue, the performance of crysis isn't the only issue.

 

[R0H1T]

People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more ROFL

If you care about your privacy or security, even in the cloud, then meltdown should scare the heck out of you! This so so much worse that the 5 fps lost during gaming!

 

[FireFox]

then meltdown should scare the heck out of you!

It doesn't scare me at all.

As long as i can i will avoid installing any updates

 

[Bill_Bright]

It doesn't scare me at all.

Me either. What scares me is the poor and unethical reporting by some bloggers and tech sites and their highly exaggerated, blown way out of proportion claims. And what scares me is readers who automatically believed those exaggerated reports, or worse, parrot those reports without doing their homework.

Was the bug bad? Sure. Was it exploited? There's no evidence of that. Microsoft has already released a patch. Has it degraded everyone's performance by 30% as claimed by those headline seeking bloggers and [cough cough, choke choke] "journalists" in the IT press. No.

 

[FireFox]

Wise words

 

[trparky]

And we have some benchmarks from a reputable reviewer on YouTube, Steve from Hardware Unboxed who's associated with TechSpot.com.



TLDW (Too long, didn't watch)

Gaming benchmarks appear to be all within a margin of error according to Steve's benchmarks after the emergency Windows 10 patch. VeraCrypt and 7ZIP compression/decompression also show no signs of significant reduction in performance after the patch and all differences seem to be within a margin of error. The only thing that seems a bit worrying is the significant reduction (23%) in 4K Random Read Speeds on systems with SSDs so there is going to be a reduction in raw disk I/O performance.

 

[Bill_Bright]

I even heard on Headline News this morning all those affected processors will have to be replaced!

 

[RejZoR]

Replaced how? What fixed CPU am I suppose to place in my LGA2011v3 socket? But if I have to replace whole platform, i'ts going to be AMD even if Intel fixes everything.

What even is fixed with the above mentioned (tested) update exactly?

 

[R-T-B]

Has it degraded everyone's performance by 30% as claimed by those headline seeking bloggers and [cough cough, choke choke] "journalists" in the IT press. No.

No one sensible should've been claiming anything but a 30% "IO penalty," which is quite different than an across the board "penalty."

I agree, the panic was unneccesary outside of people who are possibly datacenter admins (who rightly should apply this patch right away), but you know what sells news in most parts of the world unfortunately.

I pride myself on being the exception to that rule, even if my articles sometimes "miss out" because of it.

 

[Bill_Bright]

Replaced how? What fixed CPU am I suppose to place in my LGA2011v3 socket?

Exactly! LOL

Bad reporting!

No one sensible should've been claiming...

Sensible being the operative word. Actually, nobody should be claiming anything without empirical evidence through actual testing. And common sense should tell everyone not to believe (and especially not repeat) such claims without seeing proof of such testing.

but you know what sells news in most parts of the world unfortunately.

Yeah. Sensationalized headlines. Especially if they make popular person, place or thing, look bad.

 

[cucker tarlson]

Everybody just keep your pants on. So far there seems to be no performance penalty on desktop computers. 4K random read decrease - I'm certainly not seeing that on my rig, it's actualy 5% faster. We'll have to see how the situation unfolds but at this point there's really not much to worry about for us, desktop users, let alone to change your CPU and crap your pants.

 

[FireFox]

He is just panicking, poor thing lol

 

[R-T-B]

The performance penalty everyone is worrying about is honestly the least of my concerns.

I'm more worried about the impacts this will have in the cloud where inevitably not every admin will apply patches, and thus your once secure data will be leaked somewhere.

 

[cucker tarlson]

I've heard of the cloud but still don't know what it is. I defy anyone to tell me to worry about anything.
Oh I know, my savegames are on a cloud. Now I'm getting an ATARI.

 

[Regeneration]

Most overrated security flaw ever. One must have access to the victim's PC to exploit it. There are a lot better local exploits than this. This is only a problem for host providers. The workaround seems to be worst than the vulnerability itself.

Call me if you find something like Windows NT/2K/XP DCOM vulnerability.

 

[RejZoR]

Everybody just keep your pants on. So far there seems to be no performance penalty on desktop computers. 4K random read decrease - I'm certainly not seeing that on my rig, it's actualy 5% faster. We'll have to see how the situation unfolds but at this point there's really not much to worry about for us, desktop users, let alone to change your CPU and crap your pants.

Yeah, but what is actually being fixed by the update in Windows? Just the Meltdown flaw since the other two are allegedly unfixable?

 

[rtwjunkie]

Well according to this little write up, the temp fix will involve code to IE11 and Edge, and will slow things a bit (imperceptibly to normal users), with a 5-20ms delay built in.

I know the info was already put out, I was just adding for sake of the tiny delay, which is not much of a slowdown at all.

http://news.softpedia.com/news/wind...meltdown-spectre-on-version-1703-519219.shtml

 

[biffzinker]

Applied the Windows patch last night from the Microsoft Catalog after @xkm1948 post in the other thread for KB4056892.

Also Ryu Connor over at the Techreport Forums posted:

https://support.microsoft.com/en-us/hel ... -kb4056891

Looks like the Microsoft Patch won't deploy unless your AV software is updated and adds a RegKey saying it's okay.

Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.
Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”​

Going by the other link in his post: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Thought I'd check if protections were enabled by the patch, this what I got in Powershell using the module SpeculationControl.
Good thing my Haswell CPU has PCID to lessen the performance impact?

 

[jaggerwild]

GURU of 3D did a bunch of tests, showed little if any impact. Makes me laugh all the pissing n moaning that went on.

 

[biffzinker]

Well according to this little write up, the temp fix will involve code to IE11 and Edge, and will slow things a bit (imperceptibly to normal users), with a 5-20ms delay built in.
http://news.softpedia.com/news/wind...meltdown-spectre-on-version-1703-519219.shtml

Also this from Microsoft: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

Mozilla Security Blog - Mitigations landing for new class of timing attack

 

[Fluffmeister]

And we have some benchmarks from a reputable reviewer on YouTube, Steve from Hardware Unboxed who's associated with TechSpot.com.



TLDW (Too long, didn't watch)

Gaming benchmarks appear to be all within a margin of error according to Steve's benchmarks after the emergency Windows 10 patch. VeraCrypt and 7ZIP compression/decompression also show no signs of significant reduction in performance after the patch and all differences seem to be within a margin of error. The only thing that seems a bit worrying is the significant reduction (23%) in 4K Random Read Speeds on systems with SSDs so there is going to be a reduction in raw disk I/O performance.

Here is the article up on TechSpot itself for those interested:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/

 

[Bill_Bright]

Windows antivirus patch compatibility