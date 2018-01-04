Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Microsoft Security Windows

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs (theverge.com) 58

Posted by msmash from the racing-to-fix-things dept.
An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft's plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won't automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs More | Reply

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs

Comments Filter:
  • Due to the performance impact of this workaround it should have an option to disable it like Linux is providing. An alternate, more refined approach would be to selectively enable the kernel page-table isolation on a per-process basis, based on either user configuration or an automatic trust determination such as whether the app is signed by a trusted certificate source (ie, downloaded, unsigned apps would run with page isolation enabled).

  • AMD getting the Patch despite not being vulnerable (Score:4, Insightful)

    by mastagee ( 26015 ) on Thursday January 04, 2018 @10:30AM (#55862353)
    to Meltdown. . . which is the only thing PTI will help with. Seems like an unnecessary performance penalty to push on AMD users. Most likely down for simplicity/consistency on Microsoft's side for kernel code management.

    • But is it applied? Meaning, the code fix is in the kernel, but will it only enable it if the CPUID reports back as an Intel, and disabling if AMD?

  • What? (Score:3, Insightful)

    by UPZ ( 947916 ) on Thursday January 04, 2018 @10:37AM (#55862427)
    "that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets"

    Anyone just barely reading the headlines knows that the big does NOT affect AMD processors. Where have you been living lately "msmash"?

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Read more than the headlines.

      There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

      • Read more than the headlines.

        There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

        Spectre cannot be patched, but it cannot be exploited, either (as far as we know).

        Meltdown, meanwhile, is seriously dangerous because it is very easy to use, even with just a malicious webpage!

    • Re: (Score:2, Informative)

      by Anonymous Coward

      That's what comes from just barely reading the headlines. There are 2 classes of bugs (Spectre, Meltdown) and 3 exploits (Spectre-1, Spectre-2, and Meltdown-1). AMD and ARM are resistant to only to Meltdown. They are susceptible to Spectre.
      Meltdown goes back to Core2, Spectre goes back down to Pentium Pro. Many other processors are likely vulnerable to Spectre, any CPU that does speculative execution may be vulnerable. Mainframes have been doing this since the 60's IIRC.

    • There seem to be Intel sockpuppets flooding technical forums, making the false equivalence between Meltdown (affects only Intel) and Spectre (affects all CPUs), whereas Meltdown is a clearly exploitable and in fact the exploit was demonstrated in a fucking browser running a Javascript. There is no known way to exploit Spectre. Spectre does not cross userspace-kernelspace.

  • This was yesterday! (Score:3)

    by Guyle ( 79593 ) on Thursday January 04, 2018 @10:45AM (#55862475) Homepage
    The date of TFA was January 3rd. The verbage in the article saying "today" was referring to January 3rd. The patches for Windows 10 rolled out already. I installed mine last night.

  • I was planning on playing games at exactly 17:00 EST today! My gaming session is totally ruuinned! /Stewie

    • Re: (Score:2)

      by dstyle5 ( 702493 )
      It came out yesterday, so you can install at your leisure before 17:00 EST today! :) I just installed it, so far I can still login and check my email. And /.

  • Anyone care to comment on the performance hit after the patch? Is it obvious, measureable?

    • Re: Performance hit? (Score:1)

      by Anonymous Coward

      Win10 Ent 1709, i5 4cores 2.6GHz. You can feel it. Tasks that usually reported 0-0.1% now show 1-4%. Before average CPU consumption was below 10% now varies between 20 and 40%.
      Subjective perception of the system performance is better than numbers show, but noticeable.

  • All Windows updates have failed on my machine since 2015 or so, and I have tried every assistant, hot fix and third party assistant on earth trying to fix this issue.

    • Re: (Score:1)

      by bspus ( 3656995 )

      At the very least you should have been able to download the latest version 1703, burn the iso or make a bootable stick and reinstall, while keeping all apps and settings. It generally works, I've been updating this way for years

      It still doesn't explain you you even got to this weird position where nothing works update-wise and it is the first time I hear of such a serious disability.

      Is it a brand name laptop like dell or HP perhaps, where OS updating only works through their own specialized application?

    • Re: (Score:2)

      by dstyle5 ( 702493 )
      Could you have malware that is preventing the updates from being installed? Pretty sure I've heard of this happening in older versions of Windows. I would do a clean install.

  • I have run Windows Update several times today, but five minutes ago it was still telling me that there are no updates for my computer. (Windows 7 SP1, i7-940).

    And I am running MSE, not any "third party" anti-virus.

    This is normal behaviour. For many years Windows updates have not appeared here in the UK until at least 24 hours after the USA.

    • Apologies. After posting the parent I went back and read the last line of TFA.

      Apparently, those of us running Windows 7 in the UK are now second-class citizens in two different ways: geography and version.

  • Seriously, this is an escalation flaw on Windows and it's a "priority patch"?!!!

    I don't really care how many processors the "same bug" might affect, how can any version of Windows come close to saying that the most humble executable can't own the whole system if written correctly?

    Linux can't say this, Apple can't say this, OpenBSD won't even try to say this and yet suddenly plugging one such hole in Windows requires an out of band patch that also trashes performance? What, did someone's digital restriction

  • So, I don't trust Microsoft upgrades for shit - they tend to add telemetry, and they tend to break older OS versions to force upgrades. That said - just how bad are these exploits this time around? Will my firewall protect me if I don't browse porn sites or is opening any page in a browser guaranteed to result in infection?

  • Is it a coincidence that this flaw in CPUs since '96 has only been recently discovered and the article from a few days ago that top tech snoops are leaving the NSA?

Slashdot Top Deals

Of course you can't flap your arms and fly to the moon. After a while you'd run out of air to push against.

Close