Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Security Windows

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs (theverge.com) 129

An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft's plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won't automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.
This discussion has been archived. No new comments can be posted.

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs

Comments Filter:
  • by JoeyRox ( 2711699 ) on Thursday January 04, 2018 @11:28AM (#55862337)
    Due to the performance impact of this workaround it should have an option to disable it like Linux is providing. An alternate, more refined approach would be to selectively enable the kernel page-table isolation on a per-process basis, based on either user configuration or an automatic trust determination such as whether the app is signed by a trusted certificate source (ie, downloaded, unsigned apps would run with page isolation enabled).
    • by Miamicanes ( 730264 ) on Thursday January 04, 2018 @02:27PM (#55863661)

      Since the most likely result of the vulnerability to desktop users is being able to defeat kernel-enforced DRM and Windows licensing, it's no surprise Microsoft would push this out as a mandatory update of the highest priority.

      • When has Microsoft ever provided kernel level security bypasses?

      • Good idea. I took this as a cue to download the latest rollups. With one exception, my Win7 machines are offline, so they don't need to be "fixed".

        I'll still keep my old downloads, though. Microsoft has already been caught updating old KB updates without issuing notices or new version numbers, so I wouldn't be surprised if anything DRM related is applied retroactively to the existing downloads.

    • Thats actually a great idea
  • by mastagee ( 26015 ) on Thursday January 04, 2018 @11:30AM (#55862353)
    to Meltdown. . . which is the only thing PTI will help with. Seems like an unnecessary performance penalty to push on AMD users. Most likely down for simplicity/consistency on Microsoft's side for kernel code management.
    • But is it applied? Meaning, the code fix is in the kernel, but will it only enable it if the CPUID reports back as an Intel, and disabling if AMD?

      • by HiThere ( 15173 )

        I believe that's true of the Linux patch. Do you have any reason to believe it's true of the MSWind patch?

    • by Mashiki ( 184564 )

      Seems like an unnecessary performance penalty to push on AMD users. Most likely down for simplicity/consistency on Microsoft's side for kernel code management.

      Doesn't seem to have any impact at all on my AMD machine, though I'm seeing around a 5-13% drop in performance with my Intel machine. Both are running the current version of Win10, I'm sure there's going to be a lot of screeching on gaming forums later today when people suddenly start having serious performance issues, especially since Intel holds around 80-90% of the gaming marketshare according to steam. [steampowered.com] My development machine that's in slow ring right now hasn't seen a patch pushed out yet, probably wo

      • by Mashiki ( 184564 )

        Yeah and ignore that impact bit. Since it appears that it was a force nvidia driver update, that decided to install itself despite telling it never to update the driver. What a fucking shitshow on that one.

      • Apparently, the slow down is substantial for 5th gen Intel CPUs and older. 6th - 8th gen CPUs performance hit should be negligible. That said, Microsoft it saying that BIOS/Firmware updates should be applied from your vendor so as to obtain new microcode. Exactly how all this ties together is known to me at this point, but I'm guessing the microcode update is for further optimization of the 6th-8th gen units post security patch installation.

  • What? (Score:5, Insightful)

    by UPZ ( 947916 ) on Thursday January 04, 2018 @11:37AM (#55862427)
    "that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets"

    Anyone just barely reading the headlines knows that the big does NOT affect AMD processors. Where have you been living lately "msmash"?
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Read more than the headlines.

      There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

      • by Anonymous Coward

        There is no fix for either of the bugs. Page Table Isolation (PTI) mitigates the bug that allows kernel memory to be read from user mode, which has only been shown on Intel CPUs. That's the one with the reported slowdowns up to 30% depending on the type of workload (basically how much it uses syscalls).
        The other bug is present in all modern CPUs and the only way around it is to prevent certain code patterns from being run. This will require modifications to JIT compilers, mostly, because that's how untruste

      • Read more than the headlines.

        There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

        Spectre cannot be patched, but it cannot be exploited, either (as far as we know).

        Meltdown, meanwhile, is seriously dangerous because it is very easy to use, even with just a malicious webpage!

        • by Anonymous Coward

          You should be more careful with "cannot be exploited" comments. All three bugs have been exploited on actual hardware. You might think that a process reading some of its own memory through a convoluted exploit of a CPU behavior isn't a problem. But we run untrusted code all the time. We allow it, because we assume that it cannot read all in-process memory. That's what Javascript in a web browser is. Your browser holds secrets in memory that must be kept hidden from scripts. If a script is translated into ma

    • Re:What? (Score:4, Informative)

      by Anonymous Coward on Thursday January 04, 2018 @11:54AM (#55862543)

      That's what comes from just barely reading the headlines. There are 2 classes of bugs (Spectre, Meltdown) and 3 exploits (Spectre-1, Spectre-2, and Meltdown-1). AMD and ARM are resistant to only to Meltdown. They are susceptible to Spectre.
      Meltdown goes back to Core2, Spectre goes back down to Pentium Pro. Many other processors are likely vulnerable to Spectre, any CPU that does speculative execution may be vulnerable. Mainframes have been doing this since the 60's IIRC.

    • Re:What? (Score:5, Informative)

      by blind biker ( 1066130 ) on Thursday January 04, 2018 @12:47PM (#55862893) Journal

      There seem to be Intel sockpuppets flooding technical forums, making the false equivalence between Meltdown (affects only Intel) and Spectre (affects all CPUs), whereas Meltdown is a clearly exploitable and in fact the exploit was demonstrated in a fucking browser running a Javascript. There is no known way to exploit Spectre. Spectre does not cross userspace-kernelspace.

      • I'd mod you up if I had mod points. I've noticed plenty of unusually worded Intel-AMD equivocation comments across a variety of tech forums since this broke and it doesn't smell right for "Intel fanboys," it just smells like shilling.
  • This was yesterday! (Score:2, Informative)

    by Guyle ( 79593 )
    The date of TFA was January 3rd. The verbage in the article saying "today" was referring to January 3rd. The patches for Windows 10 rolled out already. I installed mine last night.
    • by Guyle ( 79593 )
      Ah, wait, summary says (Wednesday) in parentheses. Confusing AF.
      • by tsqr ( 808554 )

        Thursday is Wednesday. Thursday has always been Wednesday. Thursday will always be Wednesday.

        Odd. I must have missed that when I read 1984.

    • by EvilSS ( 557649 )
      What, are you new here? This is /., being only a day behind is being 3 days ahead here. It probably was Wednesday when the story was submitted. Feel lucky you aren't reading this on Sunday!
      • by Guyle ( 79593 )
        Damn! No, I didn't even think to do a before/after to see what the exact impact was. >:( I'll do that on my other machines before updating though, I have both an Intel and an AMD desktop to test.
        • Thanks :). I'm dying to know what the hit's going to be. Right now it's all kind of up in the air. I do a bunch of virtualization. My bro does even more with an entire computer lab devoted to it.

          If it hits Virtualization but not gaming expect to see a ton of cheap CPUs on ebay as companies are forced to dump them. If that happens I can probably get back to square one for about $300 bucks by upgrading my i5s to i7s.
  • I was planning on playing games at exactly 17:00 EST today! My gaming session is totally ruuinned! /Stewie

    • by dstyle5 ( 702493 )
      It came out yesterday, so you can install at your leisure before 17:00 EST today! :) I just installed it, so far I can still login and check my email. And /.
  • Anyone care to comment on the performance hit after the patch? Is it obvious, measureable?

    • by Anonymous Coward

      Win10 Ent 1709, i5 4cores 2.6GHz. You can feel it. Tasks that usually reported 0-0.1% now show 1-4%. Before average CPU consumption was below 10% now varies between 20 and 40%.
      Subjective perception of the system performance is better than numbers show, but noticeable.

  • All Windows updates have failed on my machine since 2015 or so, and I have tried every assistant, hot fix and third party assistant on earth trying to fix this issue.
    • by bspus ( 3656995 )

      At the very least you should have been able to download the latest version 1703, burn the iso or make a bootable stick and reinstall, while keeping all apps and settings. It generally works, I've been updating this way for years

      It still doesn't explain you you even got to this weird position where nothing works update-wise and it is the first time I hear of such a serious disability.

      Is it a brand name laptop like dell or HP perhaps, where OS updating only works through their own specialized application?

    • by dstyle5 ( 702493 )
      Could you have malware that is preventing the updates from being installed? Pretty sure I've heard of this happening in older versions of Windows. I would do a clean install.
      • Sure, I could have malware that no existing anitivirus is able to detect. Clean install is out of question, though, because that would mean having to manually install hundreds of VST audio plugins, each with its own shitty proprietary DRM. I'm buying a new machine within the next few weeks anyway - or at least that was the plan. Now with these bugs, I'm wondering whether waiting even longer might not be worth it. I'd expect there will be updates to the current chip families soon? Maybe I should wait. :/
    • by sgage ( 109086 )

      Have you tried Sysnative.com? I had a serious and convoluted f-up with Windows Update, made worse no doubt by trying various incantations posted around the net by people who really don't know what they're talking about. The folks at Sysnative basically assign you a case worker who gives you things to try and troubleshooting procedures to report back, in a systematic manner. I was incredulous when, after a long and complicated exchange of procedures, the darn thing worked! And for free! (I sent them a few bu

  • by Archtech ( 159117 ) on Thursday January 04, 2018 @12:18PM (#55862707)

    I have run Windows Update several times today, but five minutes ago it was still telling me that there are no updates for my computer. (Windows 7 SP1, i7-940).

    And I am running MSE, not any "third party" anti-virus.

    This is normal behaviour. For many years Windows updates have not appeared here in the UK until at least 24 hours after the USA.

    • Apologies. After posting the parent I went back and read the last line of TFA.

      Apparently, those of us running Windows 7 in the UK are now second-class citizens in two different ways: geography and version.

    • by antdude ( 79039 )

      I got nothing in my old 64-bit W7 HPE SP1 Intel desktop PC.

      • Are you running a non-Microsoft AV package? If so you might need to install the appropriate update for it.

    • All done now. When I started my PC this morning Windows Update offered me the patch, and installed it quickly.

  • Seriously, this is an escalation flaw on Windows and it's a "priority patch"?!!!

    I don't really care how many processors the "same bug" might affect, how can any version of Windows come close to saying that the most humble executable can't own the whole system if written correctly?

    Linux can't say this, Apple can't say this, OpenBSD won't even try to say this and yet suddenly plugging one such hole in Windows requires an out of band patch that also trashes performance? What, did someone's digital restriction

  • So, I don't trust Microsoft upgrades for shit - they tend to add telemetry, and they tend to break older OS versions to force upgrades. That said - just how bad are these exploits this time around? Will my firewall protect me if I don't browse porn sites or is opening any page in a browser guaranteed to result in infection?
    • by Zorro ( 15797 )

      Porn sites want to give you more porn.

      It is the Governments you have to worry about.

  • by magarity ( 164372 ) on Thursday January 04, 2018 @12:34PM (#55862821)

    Is it a coincidence that this flaw in CPUs since '96 has only been recently discovered and the article from a few days ago that top tech snoops are leaving the NSA?

  • why AMD and will this messup Xbox as well?

"Ninety percent of baseball is half mental." -- Yogi Berra