Major Intel CPU Hardware Vulnerability Found

[Knoxx29]

The sense of the Video?

 

[biffzinker]

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

 

[Blo3der-Kuh]

View attachment 95560
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?

 

[biffzinker]

Or is it possible to load microcode through windows updates?

Yes it is possible, I'm curious myself if that's what will happen though. It's either Asus or Intel my bets on Intel unless Asus but doubt that'll happen.

 

[Deleted member 163934]

In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?

https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions

Even if the mb manufactures doesn't bother to update the microcode and microsoft doesn't bother to update the microcode loaded by windows you can still use a newer microcode in windows following the stuff in the link above, but we still need Intel to release a microcode update (the latest https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File is from 11/17/2017).

Keep in mind that if you decide to use the method described in the link above you do it on your own risk.

(I saw no problems on my Haswell cpu while using the method described in the link above to update the microcode, but well this is just my case.)

Note 1 : On boot the bios will load the old microcode, the stuff from the above link is basicaly a driver that will load a newer microcode (as long as it's available) in Windows (it has to be loaded every time Windows starts because it doesn't changes the microcode in your bios).
Note 2: From what I tested with this stuff I know it also works with AMD k10 cpus but it doesn't work with AMD k8 cpu (similar with linux, didn't bothered to read the amd k8 family cpu errata, maybe the k8 microcode update procedure is bugged or well there is no such procedure to begin with).

In Linux you can update the cpu microcode from Drivers Manager (or whatever the name for this things is in your distro). It's actually easier in Linux .

 

[biffzinker]

From Intel: We have begun providing software and firmware updates to mitigate these exploits. End users and systems administrators should check with their operating system vendors and system manufacturers, and apply any updates as soon as they are available.

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

Thanks for the tip off @thedukesd1, method appears to still work.


Short summary from Google for anyone interested in the highlights.

Speculative Execution and the Three Methods of Attack
In addition, to follow up on yesterday’s post, today we’re providing a summary of speculative execution and how each of the three variants work.In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions. It is possible for this speculative execution to have side effects which are not restored when the CPU state is unwound, and can lead to information disclosure.Project Zero discussed three variants of speculative execution attack. There is no single fix for all three attack variants; each requires protection independently.

• Variant 1 (CVE-2017-5753), “bounds check bypass.” This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis.
• Variant 2 (CVE-2017-5715), “branch target injection”. This variant may either be fixed by a CPU microcode update from the CPU vendor, or by applying a software mitigation technique called “Retpoline” to binaries where concern about information leakage is present. This mitigation may be applied to the operating system kernel, system programs and libraries, and individual software programs, as needed.
• Variant 3 (CVE-2017-5754), “rogue data cache load.” This may require patching the system’s operating system. For Linux there is a patchset called KPTI (Kernel Page Table Isolation) that helps mitigate Variant 3. Other operating systems may implement similar protections - check with your vendor for specifics.

More details about mitigations for the CPU Speculative Execution issue

 

[IceScreamer]

Many Journalist and Reviewers are just playing the Nostradamus's Game. Lol

Does anyone has the time to tell if this whole thing affect Intel's future CPU's?

From what I've understood, yes, the future CPU's will be affected, unless Intel makes changes on the architecture level. The problem requires some changes on the bottom level of the arch.

 

[Vya Domus]

From what I've understood, yes, the future CPU's will be affected, unless Intel makes changes on the architecture level. The problem requires some changes on the bottom level of the arch.

It's not really down to the particular architecture they employ. That's just the nature of modern superscalar CPUs , stuff is executed in parallel as the CPU looks back and forth through the instructions it's supposed to run. There is no hardware fix to speak of as it is nearly impossible to know when not to do that outside of a couple known situations , which is basically what the software fix is about.

 

[biffzinker]

which is basically what the software fix is about.

Speaking of software fixes I found Google's "Retpoline" was a interesting read.

Executive Summary
“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.
The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.
(If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)

Retpoline: a software construct for preventing branch-target-injection

 

[IceScreamer]

It's not really down to the particular architecture they employ. That's just the nature of modern superscalar CPUs , stuff is executed in parallel as the CPU looks back and forth through the instructions it's supposed to run. There is no hardware fix to speak of as it is nearly impossible to know when not to do that outside of a couple known situations , which is basically what the software fix is about.

Yea I figured the issue is not a specific part, rather the way things are done. Tho the answer still stands, things (probably) won't get fixed with the following release.

 

[HTC]

Bill, I like you, but you really don't understand this one. This vulnerability, if allowed unchecked, is akin to being locked in a cage in a house with money, with the keys to cage in hand.

If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine... Yes, undetected, from within your own VM. In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked. That's how bad this is unpatched, and there is no exaggeration there.

In many ways, this is worse than heartbleed. It will depend on how fast cloud providers deploy the fix how much damage is done, though. That's the determining factor.

The performance penalty is exagerated. The security implications are not. Nor is the call of it being a "signifigant redesign of OS kernels." After reading they basically ripped out the shared symbol file wholehog (a mainstay since the 90s) I'm actually inclined to agree with the media: That's the biggest redesign in some time.

Has anyone considered that this problem may have been discovered quite some time ago by X or Y hacker and, obviously, he / she kept quiet about it and has, since then, been able to take advantage of it for his / her nefarious purposes? As such, how do we know if this problem hasn't already caused any damage? For all we know, that Equifax data breach problem could have been done using these exploits, no? And this is assuming these exploits were found by just one hacker and that he / she didn't "share" with any "colleague".

 

[R0H1T]

Has anyone considered that this problem may have been discovered quite some time ago by X or Y hacker and, obviously, he / she kept quiet about it and has, since then, been able to take advantage of it for his / her nefarious purposes? As such, how do we know if this problem hasn't already caused any damage? For all we know, that Equifax data breach problem could have been done using these exploits, no? And this is assuming these exploits were found by just one hacker and that he / she didn't "share" with any "colleague".

Yes & there's also speculation that this was a CIA/NSA induced bug (meltdown) but we have no credible way to know anything more apart from the two flaws disclosed by project zero & four PoC.

 

[Vya Domus]

Yes & there's also speculation that this was a CIA/NSA induced bug (meltdown)

Probably the Illuminati too. Or are they the same ?

 

[R0H1T]

Probably the Illuminati too. Or are they the same ?

Sorry I don't follow Illuminati, there's no such thing in my part of the world.
Corrupt govt agencies though, are part & parcel of our lives.

 

[Vya Domus]

That was supposed to be sarcastic.

The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security. Seriously , give others some love too.

 

[R0H1T]

That was supposed to be sarcastic.

The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security. Seriously , give others some love too.

Yeah I figured but personally don't follow conspiracy theories outside of my geography. The Snowden revelations though have me skeptical of an imminent big brother threat ~ Personal data of a billion Indians sold online for £6, report claims

 

[Vya Domus]

There is no doubt there are concerns with regards to security and privacy but slapping an NSA tag on every single things seems unnecessary.

 

[R0H1T]

There is no doubt there are concerns with regards to security and privacy but slapping an NSA tag on every single things seems unnecessary.

You probably missed the sarcastic part then, this isn't my theory - it's all over the net, I don't subscribe to it bit I won't rule it out either.
The point is govt agencies, much like corporations, won't accept anything until they absolutely have to.

 

[LocoDiceGR]

in simple words the average user is F**.

 

[EarthDog]

in simple words the average user is F**.

LOL, no.

 

[Easy Rhino]

The knee jerk reaction to this story was totally overblown.

 

[EarthDog]

That's funny, I JUST posted something to that effect a minute ago in one of the 5 threads going.. thanks TPU news.

 

[Knoxx29]

The update is out, ask @P4-630 - already made post about getting the update through Windows Update eariler.

No new updates for me.

In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?

At least Asus has released a new Bios update for my Board but i wont install it

 

[EarthDog]

I have it as well.. did you check the history and see if it already installed?

 

[lexluthermiester]

The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security.

True, but this set of problems has NSA methodologies written all over it. While I'm not directly blaming them, it would not be at all surprising.

At least Asus has released a new Bios update for my Board but i wont install it

Why not? Are you waiting for a possibly better version?