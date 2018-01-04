Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs (theverge.com) 58
An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft's plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won't automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.
Re: (Score:3)
Re: Mac OS X (Score:2, Informative)
Apple already deployed a fix in Mac OS X 10.12.3
Re: (Score:2)
Oh, sure. Leave all of us PowerPC Mac users in the dust...
Re: (Score:1)
You've been mired there for quite awhile.
Re: (Score:2)
OMG this affects PowerPC too! It's bigger than I thought!
Re: Mac OS X (Score:1)
Dont look here then https://twitter.com/aionescu/status/948609809540046849
Should be user-configurable or based on trust (Score:2)
Re: (Score:1)
AMD getting the Patch despite not being vulnerable (Score:4, Insightful)
Re: (Score:1)
Re: (Score:1)
There are two kinds of vulnerabilities: One which allows reads across privilege boundaries. Page table isolation prevents reads of kernel memory from user mode and is needed to mitigate this vulnerability, which has only been shown on Intel processors. The other vulnerability does not cross privilege boundaries and is thus not mitigated by PTI. The performance penalty resulting from PTI is unnecessary on AMD processors.
Re: (Score:2)
Isn't that James Bond's problem?
Re: (Score:2)
But is it applied? Meaning, the code fix is in the kernel, but will it only enable it if the CPUID reports back as an Intel, and disabling if AMD?
Re: (Score:2)
Windows Embedded Standard 2009: Extended Support will end on Jan. 8, 2019.
Windows Embedded POSReady 2009: Extended support will end on April 9, 2019.
https://blogs.msdn.microsoft.c... [microsoft.com]
What? (Score:3, Insightful)
Anyone just barely reading the headlines knows that the big does NOT affect AMD processors. Where have you been living lately "msmash"?
Re: (Score:3, Informative)
Read more than the headlines.
There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.
Re: (Score:2)
Read more than the headlines.
There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.
Spectre cannot be patched, but it cannot be exploited, either (as far as we know).
Meltdown, meanwhile, is seriously dangerous because it is very easy to use, even with just a malicious webpage!
Re: (Score:2, Informative)
That's what comes from just barely reading the headlines. There are 2 classes of bugs (Spectre, Meltdown) and 3 exploits (Spectre-1, Spectre-2, and Meltdown-1). AMD and ARM are resistant to only to Meltdown. They are susceptible to Spectre.
Meltdown goes back to Core2, Spectre goes back down to Pentium Pro. Many other processors are likely vulnerable to Spectre, any CPU that does speculative execution may be vulnerable. Mainframes have been doing this since the 60's IIRC.
Re: (Score:2)
There seem to be Intel sockpuppets flooding technical forums, making the false equivalence between Meltdown (affects only Intel) and Spectre (affects all CPUs), whereas Meltdown is a clearly exploitable and in fact the exploit was demonstrated in a fucking browser running a Javascript. There is no known way to exploit Spectre. Spectre does not cross userspace-kernelspace.
This was yesterday! (Score:3)
Re: (Score:2)
Re: (Score:2)
Did you get a chance to do any benchmarking? (Score:2)
Re: (Score:2)
Damn you, Microsoft! (Score:2)
I was planning on playing games at exactly 17:00 EST today! My gaming session is totally ruuinned!
/Stewie
Re: (Score:2)
Performance hit? (Score:2)
Anyone care to comment on the performance hit after the patch? Is it obvious, measureable?
Re: Performance hit? (Score:1)
Win10 Ent 1709, i5 4cores 2.6GHz. You can feel it. Tasks that usually reported 0-0.1% now show 1-4%. Before average CPU consumption was below 10% now varies between 20 and 40%.
Subjective perception of the system performance is better than numbers show, but noticeable.
Some links from Microsoft (Score:2)
https://support.microsoft.com/... [microsoft.com]
https://support.microsoft.com/... [microsoft.com]
https://support.microsoft.com/... [microsoft.com]
https://portal.msrc.microsoft.... [microsoft.com]
https://docs.microsoft.com/en-... [microsoft.com]
https://www.powershellgallery.... [powershellgallery.com]
Doesn't help me a bit (Score:2)
Re: (Score:1)
At the very least you should have been able to download the latest version 1703, burn the iso or make a bootable stick and reinstall, while keeping all apps and settings. It generally works, I've been updating this way for years
It still doesn't explain you you even got to this weird position where nothing works update-wise and it is the first time I hear of such a serious disability.
Is it a brand name laptop like dell or HP perhaps, where OS updating only works through their own specialized application?
Re: (Score:2)
Not in the UK yet... (Score:2)
I have run Windows Update several times today, but five minutes ago it was still telling me that there are no updates for my computer. (Windows 7 SP1, i7-940).
And I am running MSE, not any "third party" anti-virus.
This is normal behaviour. For many years Windows updates have not appeared here in the UK until at least 24 hours after the USA.
Re: (Score:2)
Apologies. After posting the parent I went back and read the last line of TFA.
Apparently, those of us running Windows 7 in the UK are now second-class citizens in two different ways: geography and version.
Broken sandbox patch? Give me a break! (Score:2)
Seriously, this is an escalation flaw on Windows and it's a "priority patch"?!!!
I don't really care how many processors the "same bug" might affect, how can any version of Windows come close to saying that the most humble executable can't own the whole system if written correctly?
Linux can't say this, Apple can't say this, OpenBSD won't even try to say this and yet suddenly plugging one such hole in Windows requires an out of band patch that also trashes performance? What, did someone's digital restriction
To Upgrade or Not To Upgrade (Score:1)
Re: (Score:2)
Porn sites want to give you more porn.
It is the Governments you have to worry about.
Re: (Score:1)
conspiracy hat time (Score:2)
Is it a coincidence that this flaw in CPUs since '96 has only been recently discovered and the article from a few days ago that top tech snoops are leaving the NSA?