I read about this yesterday but was too busy to get around to posting. Some sad humour. Bleeping Computer: Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs Tom's Hardware: Intel's Incomplete Documentation Leads To Insecure Debugging Interface (Updated) This relates to CVE-2018-8897: Mitre CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897 Microsoft Security TechCenter: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897
Neowin: Spectre variant 2 mitigation now available for the Windows 10 April 2018 Update Microsoft Support: KB4100347: Intel microcode updates Windows Update Catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4100347 For those with supported CPUs but can't update the BIOS for their motherboards. Refer to the support page for supported CPUs, of course.
"And the hits keep on coming." This news started rolling out in the last few days. Mitre CVE: CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4 C|net: Google, Microsoft find another Spectre, Meltdown flaw Bleeping Computer: Google and Microsoft Reveal New Spectre Attack MacRumors: Intel Discloses New 'Variant 4' Spectre-Like Vulnerability From the MacRumors article: Edit: This may or may not be related to a previously disclosed newer vulnerability. I'm losing track at this point.
The mitigation added in the firmware update will be defaulted to off. Yes, when enabled it WILL hurt performance. Again. When the mitigation is turned off there is no hit.
Also from the MacRumors article: In essence, if you already have prior Meltdown & Spectre mitigations via BIOS updates and OS updates then it is addressed... mostly. According to Intel. However, they are going to release a full mitigation but since it'll hand everyone yet another performance hit they are making it optional... for now until the other shoe drops.
Ars Technica: New speculative-execution vulnerability strikes AMD, ARM, and Intel At least it's not just Intel. Nonetheless, this is getting old.
@DrinkLyeAndDie after Intel and others have completed their analysis of the hardware issues do you think we will be required to get a new computer or will replacement boards be available? Thanks for your vigilance and reporting on this saga.
Required? Definitely not. With the bios updates (microcode patches) and the ones in the OS itself your adequately protected. Intel is working on a revised CPU architecture that will have hardwired protection. Just don't know if that's going to be in the 8th gen Core i processors or the 9th. Sent from my Nexus 6P with Tapatalk
This is actually a complicated answer. It's not simply a yes or no question. It depends on the application of the system in question and how dangerous having the vulnerability is on the system. Is it a business machine (ie banking) or simply a home user? Who has more to lose and what will the repercussions be? I doubt it will happen for numerous reasons but I'd love to see re-designs that protect against such vulnerabilities that would still fit the same socket and be usable in existing motherboards. IOW, I'd like to see a new protected LGA 1151 CPU that can actually be used in my Z170 motherboard. I am currently running a Skylake 6700K which the Z170 is targeted at but if I wanted I could run a Kaby Lake 7700K which is also LGA 1151 but I can't run a Coffee Lake 8700K which is also LGA 1151. I seriously doubt that any redesigns even if they are LGA 1151 will work in older motherboards like the Z170. Thanks, Intel. If I am wrong then I'll be happy and amazed but, wow, will I be shocked. It's the right thing to do but since when does that matter?
Haven't seen this discussed elsewhere but I found it interesting. This relates to the AMD Epyc processors. The Register: Researchers crack open AMD's server VM encryption
Lenovo now have a web page about upcoming variant 4 and variant 3a mitigation for their PCs. https://support.lenovo.com/gb/en/product_security/ps500167
Built intel8700k did some 4k tests. Thru-put is 920mb/s read and write on 2 500g blue wd ssd m2 n raid 0. So these patches have no effect on my max hero x and Intel 8700k chip. Glad I went Intel. Fast pc for 4k ripping. I'm in heaven now
Phoronix: CVE-2018-3665: Lazy State Save/Restore As The Latest CPU Speculative Execution Issue The Register: Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune The Hacker News: New 'Lazy FP State Restore' Vulnerability Found in All Modern Intel CPUs Mitre CVE: CVE-2018-3665 Bleeping Computer: New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs
Interesting reading. This could definitely make for a brighter future in chip design. arXiv - Cornell University Library: SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation The Register: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix
This has been talked about for a few days... Ars Technica: Hyperthreading under scrutiny with new TLBleed crypto key leak
Yet your user name commands us to commit suicide in one of the most horrific ways possible. Just seemed ironic.