Meltdown & Spectre potpourri

Discussion in 'General Chat' started by DrinkLyeAndDie, Jan 4, 2018.

  1. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Microsoft Support: January 3, 2018—KB4056892 (OS Build 16299.192) (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892)

    Meltdown is not specifically mentioned but it would fall under the security updates for the Windows Kernel.

    Windows Central: Microsoft pushing out emergency fix for newly disclosed processor exploit

    NOTE: Both listing indicate workarounds for an issue during install. Make sure to read them.

    Microsoft pushed out the update on January 3rd but it still was not available to me as of an hour ago. Some AV programs are apparently not compatible which will lead to a very ugly BSOD if the patch is installed. Windows update checks for compatibility before offering the update. Since I was not seeing the update available via WU I checked my ESET and Malwarebytes info to make sure both were compatible. They were.

    ESET: https://forum.eset.com/topic/14256-eset-product-compatibility-with-meltdown-fix/

    Malwarebytes: https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/

    I checked to see if both were up-to-date on my system. Both were. I decided to reboot and after doing so the update became available and installed without issue. Now to see if I take any performance hits over time.

    NOTE: I recommend making sure your AV software is compatible. If it shows up in WU then it should be. Just don't blindly try to force it to install if it doesn't show up in WU.
     
    Last edited: Jan 4, 2018
    whatever_gong82, marlowe and RedFox 1 like this.
  2. antipodes

    antipodes Well-Known Member

    @DrinkLyeAndDie Thanks for your update advice. I see that you are using Malwarebytes and ESET do you experience any compatability problems using both these programmes?
     
  3. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    I've never run into an issue using ESET & Malwarebytes at the same time and ESET does check for possibly problematic third-party products when it installs and has never said anything negative about Malwarebytes.
     
    RedFox 1 likes this.
  4. RedFox 1

    RedFox 1 Super Moderator

    Thanks DLAD, very good post.
     
  5. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    (y)
     
    RedFox 1 likes this.
  6. RedFox 1

    RedFox 1 Super Moderator

  7. jmone

    jmone Well-Known Member

    My patch went fine though ASUS Ui Suite thew an error about not being able to address memory (it's now uninstalled)
     
  8. RedFox 1

    RedFox 1 Super Moderator

    Mine did the same thing.
     
  9. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    RedFox 1 likes this.
  10. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    I don't have that installed. Definitely something I am sure ASUS will be hearing about... loudly... from users.

    Thus far I haven't noticed anything other than my Plex server database seemingly vanishing. I had to manually initiate a database update and then everything reappeared.
     
    RedFox 1 likes this.
  11. FurryGuy

    FurryGuy Well-Known Member

    Interesting info.

    Just this moment I checked my Windows update log and it hasn't done anything since 16 December 2017. Certainly not this screw-up.

    The update log indicates it checked for updates less than an hour ago and found no updates.
     
  12. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Tom's Hardware: Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia

    Good read, in general. Enterprises will definitely have some issues and it'll be interesting to watch how it all plays out.

    The initial reports were cataclysmic with doom and gloom and how performance was going to be destroyed, period, and AMD had absolutely zero exposure. Well, all of those statements aren't entirely accurate. Due to the early leak of information on all of this we have seen updates moved up. As more time passes we'll get to see a better picture of everything and likely more logical and well thought out analysis rather than click-bait with fireworks.

    NOTE: I am not downplaying the severity of the situation. I'm merely saying that with time and better analysis and level-headed people actually dealing in facts we're going to see how things are really going to play out based on real-world data rather than speculation. I'm unsure how the whole NDA situation is working since the updates weren't supposed to drop until next week. As such many people may still be unable to discuss things.
     
    Last edited: Jan 5, 2018
    whatever_gong82 likes this.
  13. antipodes

    antipodes Well-Known Member

    @DrinkLyeAndDie Thanks I asked because when I had a problem with Malwarebytes their technician suggested I make some exclusions for ESET but the problem resolved itself before I could do that.Otherwise my experience has been the same as yours.
     
    DrinkLyeAndDie likes this.
  14. FurryGuy

    FurryGuy Well-Known Member

    "Y2K! We're all gonna DIE!"

    Yes, there is cause for concern, the initial over-the-top hysterics don't help the situation.

    Neither does this:

    Major chip flaws affect billions of devices

     
    DrinkLyeAndDie likes this.
  15. FurryGuy

    FurryGuy Well-Known Member

    If anyone wants to do a manual update they can get the file(s) at Microsoft Update Catalog.

    There are Cumulative and Delta updates available.
     
  16. RedFox 1

    RedFox 1 Super Moderator

    Yup, its a small update too, only about 16mbs
     
  17. FurryGuy

    FurryGuy Well-Known Member

    I chose the Cumulative update patch, a bit bigger at 600+MB.
     
    RedFox 1 likes this.
  18. RedFox 1

    RedFox 1 Super Moderator

    Is it this one?
     

    Attached Files:

  19. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Included in the cumulative update were updates for IE & Edge to mitigate the vulnerabilities.

    Mozilla pushed out Firefox 57.0.4 yesterday, as well, which I assume was their response although I believe all versions of 57.0 have been targeting closing the holes. Google is pushing Chrome 64.0 on January 23rd.

    Dealing with all of this is going to involve a multi-faceted concerted and coordinated response.

    Yet another good read:

    Gizmodo: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843
     
    Last edited: Jan 5, 2018
    whatever_gong82 likes this.
  20. RedFox 1

    RedFox 1 Super Moderator

    I updated all my computers in the shop and notified all others that have rigs I built to update immeditely, although I am pretty sure they knew about it before I did, I was not aware of this until you told me about it yesterday.
     
    DrinkLyeAndDie likes this.