CPU Security Flaw: All You Need To Know About Spectre And Meltdown

[Guest]

Read here for all the latest information—vulnerabilities, patches, fixes, and more—on the recently discovered major security flaws in CPUs from Intel, AMD, and ARM.

CPU Security Flaw: All You Need To Know About Spectre And Meltdown : Read more

 

[matthew_258]

afraid to hit the links... I do not want a virus :

 

[martin-barker]

I wish they would stop grouping them like that Trying to Protect Intells Reputation how much are Tom Hardware being paid by Intel to do this Meltdown is an Intel Major problem Spectre is an All CPU problem but not been Exploited yet.

Stop grouping them to protect Intell they are different exploits and Intel's Meltdown is a Major Security Flaw in all there Chips.

 

[Myrmidonas]

[quotemsg=20562452,0,2489916]afraid to hit the links... I do not want a virus :[/quotemsg]

You shouldn't even be here reading this in the first place then.

 

[aidynphoenix]

I call BS current processors are so powerful that most consumers don't require anything faster than a dual core pentium. I am not denying the backdoor. But I think the backdoor was intentional. The fix of slowing down the processors to fix the issue benefits them from a sales perspective.

 

[samopa]

"Processors are so powerful that most consumers don't require anything faster than a dual core pentium."

Says who ? I have 4 x 22 Core processor with 512 GB DDR4 RAM using 8 x 1.6 TB SSD NVMe, and I still need 3 days (3 x 24 hours) to run my one time TVAR analysis on Human Brain activity.

Beauty is in the eye of the beholder. If you don't need that computing power, don't say that everybody else don't need either.

 

[aidynphoenix]

[quotemsg=20571182,0,1909532]"Processors are so powerful that most consumers don't require anything faster than a dual core pentium."

Says who ? I have 4 x 22 Core processor with 512 GB DDR4 RAM using 8 x 1.6 TB SSD NVMe, and I still need 3 days (3 x 24 hours) to run my one time TVAR analysis on Human Brain activity.

Beauty is in the eye of the beholder. If you don't need that computing power, don't say that everybody else don't need either.[/quotemsg]

like i said... "most consumers"

 

[rgd1101]

MERGED QUESTION
Question from marksavio : "ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method"

[quotemsg=20567223,0,2621607]ASUS is aware that the current Intel® microcode version might be subject to recently identified security vulnerabilities. We are diligently working to update ASUS motherboards that support 6th, 7th or 8th Generation Intel Core™ processors or Intel Core X-series processors for X99 and X299 platforms*.
We recommend customers update their systems by downloading and applying the latest BIOS, as soon as the relevant revision becomes available. We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

For detailed information of the security issues, please visit the Intel Security Center.[/quotemsg]

 

[wcrockett]

MERGED QUESTION
Question from wcrockett : "Meltdown Security, AMD Upgrade"

A good friend of mine does highly confidential work, and is very concerned about Meltdown, because of her computers have Intel CPU's. Is the danger of using an Intel processor worth switching to AMD?

 

[wcrockett]

MERGED QUESTION
Question from wcrockett : "Meltdown Security, AMD Upgrade"

[quotemsg=20572812,0,2197894]A good friend of mine does highly confidential work, and is very concerned about Meltdown, because of her computers have Intel CPU's. Is the danger of using an Intel processor worth switching to AMD? [/quotemsg]

[quotemsg=20572835,0,98691]It effects both Intel and AMD so it won't make any difference.

Windows update already has a path and Bios updates will be coming.[/quotemsg]

[quotemsg=20572835,0,98691]It effects both Intel and AMD so it won't make any difference.

Windows update already has a path and Bios updates will be coming.[/quotemsg]

Spectre affects both, but meltdown doesn't affect AMD. The patches are also only band-aids, not true fixes.

 

[rgd1101]

don't start a new thread.

 

[rgd1101]

MERGED QUESTION
Question from marksavio : "Nvidia 390.65 release : added Freestyle & eGPU w/ Spectre Security Update"

[quotemsg=20574067,0,2621607]Driver version 390.65 has been released. It's now available on NVIDIA Driver Download page!
Please post any discussion about this driver here. Also, I highly recommend using DDU to wipe the current driver prior to installing the latest driver if you have any issues after installation.
New feature and fixes in driver 390.65

Game Ready - Provides the optimal gaming experience for Fortnite, including support for ShadowPlay Highlights in Battle Royale mode..

Gaming Technology - Adds support for NVIDIA Freestyle which lets you apply post-processing filters to your games while you play.

Security Update - This driver add security updates to driver components (CVE-2017-5753)

Computer systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. For more information on this issue, see the NVIDIA GPU security updates for speculative side channel Security Bulletin posted on the NVIDIA Product Security page

New Features - eGPU - Added pop-up balloon to alert the user if an eGPU has been connected or disconnected.[/quotemsg]

 

[mikeynavy1976]

This issue seems, or will be, a different level of concern to different people. If benchmarks are the sole measurement of computer satisfaction, to include a few percent difference, then yes, these fixes are, or will be, a disappointment. Business, that relies on storage performance, appears to be the real group affected. Personally, my desktop build is overkill for what I use it for, but I built it to be flexible (some minor gaming but mostly productivity), somewhat futureproof, and because a powerful machine makes even simple tasks faster and more responsive. I've installed both the Windows update and yesterday's ASUS BIOS update (for i7-7700k w/ PRIME Z270-A) and, without running any benchmarks, I don't notice a single difference in performance except for a few minutes for the system to stabilize after update installation (especially for the Windows update). The same is true for my Dell XPS 13 that has received both BIOS and Windows updates. Some groups are rightfully concerned but your general home user probably shouldn't be. The media circus surrounding this bug will generate a lot of frivolous legal activity (and precedent that every computer vulnerability, regardless of when known, should result in class action lawsuit) that only makes lawyers rich...and eventually passed to consumers in terms of prices. I've experienced more noticeable impacts and inconveniences in the past from non-media interest Windows, driver, or BIOS updates.

 

[jankerson]

Installed the Updates and patches etc, on the GTX 1080 also.

I have noticed ZERO difference in before and after, and yes I ran a bunch of tests.

But experiences may vary, my system specs are in my sig.

 

[Dunlop0078]

MERGED QUESTION
Question from Durwesh Naeem : "are the spectre and meltdown patches out on windows 10 ?"

[quotemsg=20580390,0,1832702]are the spectre and meltdown patches out yet ? because yesterday there was a windows update [/quotemsg]

Yes. Should be a BIOS update for your board and an intel ME driver update as well, this can be found on your mobo manufacturers website.

After that is installed you can check if you have the proper protections in place by running a few commands in powershell, refer to the guide below if you want to check.

https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

 

[johnnycanadian]

[quotemsg=20571182,0,1909532]"Processors are so powerful that most consumers don't require anything faster than a dual core pentium."

Says who ? I have 4 x 22 Core processor with 512 GB DDR4 RAM using 8 x 1.6 TB SSD NVMe, and I still need 3 days (3 x 24 hours) to run my one time TVAR analysis on Human Brain activity.[/quotemsg]

Yup. I had a limited budget (<$6k CapEx) to build something that could run high-density, high pressure corrosion-based vortex heat signature analysis at ~2cm:1px resolution over a one-square-mile area, and run it within a single business day. My 1950X / 128GB RAM (which gets punched into VM within seconds) / 1080ti can barely handle 10cm:1px in ~6 hours, not counting time spent flying & raw image downloading. As such, I'm hat-in-hand to the fellow who holds the pursestrings for a Titan V or two. CUDA's a hell of a drug, but trying to explain OpenCV SIFT & SURF object & texture detection with reasonable probability is like reading Brain Clegg to an asparagus.

 

[johnwkuntz]

http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html

Sure makes me glad my last 2 builds were AMD

 

[Durwesh Naeem]

i have an asus x99 flaghship top of the line board, but still waiting for the new bios ... apparently i got this link for the necessary microsoft downloads https://www.catalog.update.microsoft.com/Search.aspx?q=kb4056892 , should i download and install these security patches before or after the bios and chipset update ? truth be told i do not know which of the files to download

 

[thuck777]

I am not willing to sacrifice the kind of performance noted for my Windows 7 laptop running a Sandy Bridge i7 CPU. That is stupid, especially given that there really is NO threat. Now that so many systems are going to be updated, there is little reason for any scumbags to try to exploit these vulnerabilities, IMO. From my perspective, the cure is far worse than the disease, especially on older hardware / OS combinations. It just is not worth it. So, I believe Microsoft should make a way to have these patches be OPTIONAL and AVOIDABLE and UNINSTALLABLE. This is crap!

 

[corndog1836]

anyone have info on devils canyon(4790k) released in Q2, 2014.... I have an ASUS MAXIMUS VII FORMULA Z97 MOBO. see rig in sig, which was also introduced at that time..... have since emailed ASUS on this issue and have gotten scripted answers. i have installed this update on January 3, 2018—KB4056892 (OS Build 16299.192). Applies to: Windows 10 version 1709 . Is this all I can do?

 

[ko888]

[quotemsg=20594933,0,358984]anyone have info on devils canyon(4790k) released in Q2, 2014.... I have an ASUS MAXIMUS VII FORMULA Z97 MOBO. see rig in sig, which was also introduced at that time..... have since emailed ASUS on this issue and have gotten scripted answers. i have installed this update on January 3, 2018—KB4056892 (OS Build 16299.192). Applies to: Windows 10 version 1709 . Is this all I can do?[/quotemsg]

The latest news from Intel reported that some Broadwell and Haswell CPU systems would sometimes spontaneously reboot after the microcode update was used.

ASUS has made no mention of a microcode fix for the Spectre vulnerability for Haswell/Broadwell and earlier motherboards.

 

[jankerson]

Nobody has yet as far as I know.

 

[corndog1836]

[quotemsg=20599539,0,217811][quotemsg=20594933,0,358984]anyone have info on devils canyon(4790k) released in Q2, 2014.... I have an ASUS MAXIMUS VII FORMULA Z97 MOBO. see rig in sig, which was also introduced at that time..... have since emailed ASUS on this issue and have gotten scripted answers. i have installed this update on January 3, 2018—KB4056892 (OS Build 16299.192). Applies to: Windows 10 version 1709 . Is this all I can do?[/quotemsg]

The latest news from Intel reported that some Broadwell and Haswell CPU systems would sometimes spontaneously reboot after the microcode update was used.

ASUS has made no mention of a microcode fix for the Spectre vulnerability for Haswell/Broadwell and earlier motherboards.[/quotemsg]

#######this was the latest reply########


Thank you for contacting ASUS product support. My name is Medard M and it is my pleasure to continue where you left off.

I appreciate you taking the time to update me. I want to assure you that we will continue to assist you in gaining a resolution.

At this time, our product engineers are working hard to provide BIOS updates for all ASUS motherboards to have a fix on the issue. We don't have the definite date for the BIOS update release and we recommend you to check our Latest News section for latest updates and releases. I apologize for the inconvenience.

https://www.asus.com/us/News/

Feel free to reach out to me for any other concerns I may be able to address for you. Thank you for choosing ASUS. Your case number is:N180181288.

 

[jamesm007]

Yep, test each, report the truth.

 

[WyomingKnott]

Why are we so surprised and outraged that devices that derive from a base that was never designed with security in mind are not perfectly free of security flaws? If the market demands unbreachable security, perhaps chipmakers will start designing security-based architectures and in five or ten years we can have hardware without security flaws.

My personal opinion, at this point, is that the reaction to this revelation is way overblown.