Article Intel Recommends Disabling Hyper-Threading as it Reveals New Spectre Attack

Not unless you have a Whiskey Lake CPU, which is only on laptops, Atom, or Knights Landing based CPUs.
Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
 

jeremyj_83

Commendable
Aug 23, 2017
1,218
134
1,740
97
Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
Affected Processors

Virtually all of Intel’s chips starting with the Nehalem architecture (launched in 2008, 11 years ago) and newer, with the exception of the Whiskey Lake (ULT refresh), Whiskey Lake (desktop), as well as the Atom and Knights architectures, are affected by the MDS vulnerabilities.

Coffee Lake and Coffee Lake R are NOT in those lines. Whiskey Lake is an 8th & 9th gen CPU same as Coffee Lake and Coffee Lake R. This is where things are confusing as Intel decided to have things based on different cores all in the same generation line.
 
May 14, 2019
3
1
15
0
There's an error in the article:
The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.

From https://mdsattacks.com/
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
 

gggplaya

Distinguished
Jan 27, 2011
766
26
19,020
1
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
 
Reactions: alextheblue

jeremyj_83

Commendable
Aug 23, 2017
1,218
134
1,740
97
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
While someone could put malicious code on your computer that would follow through with this vulnerability, an individual is far less likely to be affected than AWS, Azure, etc... For your cloud providers you now have to double your hosts since your vCPUs are cut in half.
 
Reactions: TJ Hooker
May 14, 2019
3
1
15
0
AMD is effected too...

Anyhow the new Intel CPU's are fine starting with the 8th Generation CPU's.
From the https://mdsattacks.com/ website:
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Please stop spreading misinformation.
 
Reactions: alextheblue

hotaru251

Reputable
Oct 30, 2014
357
10
4,865
37
"just disable HT" - intel

"gonna give me a refund for difference between my cpu and its lower version since im losing the benefit of purchasing a cpu to use HT?" - me


for real thoguh I wont turn it off and i will avoid the "patches" as i'd rather use my cpu at full power.

Unless your a business/creator/data storage there is no real issue as you can easily make a backup and then just wipe pc if/when you get hit w/o losing much except a few hours to get it all restored.


Hoping Intel gets rid of HT tbh thoguh as its proving it is a massively damaging vulnerability.
 
May 14, 2019
3
1
15
0
It's pretty much across the board according to Microsoft.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

So more updates will be coming.
From your link:
This advisory addresses the following vulnerabilities:
  • CVE-2017-5753 - Bounds check bypass
  • CVE-2017-5715 - Branch target injection
  • CVE-2017-5754 - Rogue data cache load
These CVEs do not match the ones on the MDS website:
The following is the fine-grained vulnerability classification adopted by Intel, together with their CVSS score (their rating of the severity of the bug):
CVE-2018-12126: "Microarchitectural Store Buffer Data Sampling (MSBDS)" (CVSS score 6.5: Medium). See the Fallout paper for more information.
CVE-2018-12127: "Microarchitectural Load Port Data Sampling (MLPDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2018-12130: "Microarchitectural Fill Buffer Data Sampling (MFBDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2019-11091: "Microarchitectural Data Sampling Uncacheable Memory (MDSUM)" (CVSS score 3.8: Low). See the RIDL paper for more information.
And are thus not relevant.
 
No its not. That is from January 2018 regarding spectre and meltdown.

If you're going to try and cite information it is best if you actually read it before linking it.

Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.

Should be some Windows updates coming soon.

Can always check your system to make sure:

https://www.grc.com/inspectre.htm
 
Last edited:

Rogue Leader

Titan
Moderator
Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.
Yes thats the correct link, updated April 9th. And still again has nothing to do with this current exploit. Its all info from 2018 Regarding Spectre and Meltdown

The April 2019 Update was this specifically:

To provide protection against the Spectre Variant 2 (CVE-2017-5175) and Meltdown (CVE-2017-5754) vulnerabilities for systems running VIA processors, Microsoft has released the following security updates: 1. Security update 4493472 (monthly rollup) or 4493448 (security only) for Windows 7, Windows Server 2008 R2, or Windows Server 2008 R2 for x64-based Systems (Server Core installation) - see https://support.microsoft.com/en-us/help/4493472/ or https://support.microsoft.com/en-us/help/4493448/ for more information. 2. Security update 4493446 (monthly rollup) for Windows RT 8.1; Security update 4493446 (monthly rollup) or 4493467 (security only) for Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 R2 (Server Core installation) - see https://support.microsoft.com/en-us/help/4493446/ or https://support.microsoft.com/en-us/help/4493467/ for more information. 3. Cumulative update 4493464 for Windows 10 Version 1803 or Windows Server, version 1803 (Server Core Installation) - see https://support.microsoft.com/en-us/help/4493464/ for more information. Please note that these updates are for VIA processors only. For further Windows Client (IT Pro) guidance, see https://support.microsoft.com/en-us/help/4073119/. For Windows Server guidance, see https://support.microsoft.com/en-us/help/4072698/.

So no, stop with the misinformartion please. This was easy enough to find by just scrolling.
 
Reactions: alextheblue

sonichedgehog360

Distinguished
Dec 11, 2008
11
2
18,515
0
AMD – In 2019, we’re bringing you 32 threads to Ryzen and 128 threads to EPYC. Intel – Remember those 16 threads we gave you on desktop? Now, they’re only 8.

Note: To clarify, only Whiskey Lake and a meager handful of others have the necessary hardware mitigations. Coffee Lake, while it is technically 8th Gen, does not. So the i9-9900K, which is a Coffee Lake-based product, is most definitely susceptible to this form of attack.
 
Reactions: Finstar and svan71

svan71

Distinguished
Dec 31, 2007
245
1
18,765
29
Hey this ain't so bad I'll just drop an 8th or 9th gen chip in my 1151 socket z270. Oh wait Intel decided to require a new motherboard / chipset with the exact same socket for me to do that. I'm sure it was just yet another mistake / oversight on their part that causes me to spend even more money.
 
Reactions: artk2219

ASK THE COMMUNITY