Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations (bleepingcomputer.com) 90
An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."
HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.
"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "
HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.
"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "
What a mess (Score:1)
I don't see any good way past this.
Re: (Score:2)
Is it not possible for A/V companies to come up with a way to simulate how modern CPUs work?
This problem reminds me of the problem of archive files -- e.g. ZIP. A/V programs had to temporarily extract all the files, then scan those...and do this recursively.
Is this problem really all that different?
Re:Odd, I run Win7 64-bit & see no such bs... (Score:4, Funny)
It's probably your massive hosts file causing buffer overflows.
Re:Odd, I run Win7 64-bit & see no such bs... (Score:4, Funny)
Why would you patch Windows XP? It's not like it's still in heavy use, there's no point. Only ATMs, POS, medical and industrical equipment, really who cares.
Re: (Score:2)
Re: (Score:2)
Equipment that, if an adversary can install the exploit code, is already owned.
And guess why it was already owned. Yeah, nice and circular.
Re: (Score:2)
Re: Impersonating me = WEAK, you loser... apk (Score:2)
DeepAPK (Score:3)
Somewhere, someone is training some "Deep-Trump"-like deep neural net on APK's corpus of bullshit, and is ready to generate entire discussion trees of APK-"deep"-impostors all shouting at each-other...
So Linus was right? (Score:2, Interesting)
Basically they are telling us that Linus was not overreacting...
This is what happens when the market is a monopoly, Intel sitting at its laurels, without a care in the world it seems...
New processor for everyone! (Score:4, Insightful)
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
This is a fundamental flaw with the microcode and the only fix is a new processor.
Intel needs to give everyone a new processor or motherboard... (and a pony).
Re: (Score:2)
That's what I'm pushing for, especially for my server that was very badly impacted. New Xeon, new mobo, new RAM, Windows 10 licences and my hourly rate.
Re: (Score:2)
We apologise for the fault in the updates. Those responsible have been sacked. Mynd you, møøse bites Kan be pretti nasti... We apologise again for the fault in the updates. Those responsible for sacking the people who have just been sacked have been sacked
Re: (Score:3)
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
Your use of the phrase "I'm sure" leads me to suspect that you're not in any way sure about this.
Re: (Score:2)
I am sure.
If Microsoft can disable the patch. I am sure that your average hacker can disable the patch.
Re: (Score:2)
Hell on servers you can enable / disable the patch with two regedits and a reboot. So I don't see this being too hard to exploit ( especially for dumbass admins ): exploit some known exploit to elevate privileges, write the two registry keys to disable the patch and install your backdoor, then crash the server forcing a reboot ( that will be blamed on the patch ). Boom, instant owned server.
A good admin would probably catch this, but lets face it... there are tons and tons of shit admins that would just sh
Re:New processor for everyone! (Score:5, Insightful)
WTF?
If you can climb all the way to registry-editing admin, why would you waste that trying to disable an update that prevents you from merely reading memory?
You *ALREADY* owned the box to the point where you could load a custom kernel driver and simply sniff everyone's memory through that at full speed.
Re: (Score:2)
Because that is a thousand times easier to detect. You may gather data faster in the short term, but won't be able to gather data over the long term. It's far more likely that exploiting hardware vulnerabilities won't trigger any detection programs while a malicious kernel module will be found in a much shorter time.
It's all about how long the box is owned, not how hard it is owned.
Re: (Score:1)
It looks like you can also disable the patch (or at least the spectre variant 2 and the meltdown migitations) in Windows clients now also. If I'm reading the bottom part of this article right: https://support.microsoft.com/... [microsoft.com]
Re:New processor for everyone! (Score:4, Funny)
FTFY
Re: (Score:2)
All you need is administrator access and to reboot the machine!
Wait, what else can you do if you have that level of access...
Re: (Score:2)
Even more interesting is that the microcode can be upgraded. Not really huge news though - but it leaves also room for the speculation that microcode could be injected by malware. How about some new instructions in the processor - or changing some instructions to not cause an interrupt when accessing protected memory and instead return the real data?
I wouldn't put it past at least some three letter agencies to perform such things since they probably have the ability to get the full specs. I'm not saying it
Re: (Score:2)
Disabling the protection requires administrator rights. If you have administrator rights then you can attach a debugger to your victim process and dump its memory that way, no vulnerability required.
Re: (Score:2)
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
If someone has access to write sensitive registry values, reboot and continue to have access then exploiting Spectre and Meltdown is the LEAST of your problems.
Re: (Score:2)
There is no point exploiting the issue if you're already in a position to change the microcode. You're already on the wrong side of the airtight hatchway.
The complexity of CISC did kill it. (Score:1)
The solution is Linux and *BSD over RISC-V.
Comment removed (Score:5, Insightful)
Re: (Score:3)
On 8.1 here, and I'm going to do the same thing.
In fact I'm not sure I will ever run Windows 10. I'm on the tail end of my system (Core i7 920)'s life, so I could build my next system and just install Linux Mint. Or maybe I'll get a Mac desktop to go with my (mid 2010) MacBook I have for a laptop.
Re: (Score:1)
Re: (Score:2)
Not sure how much "bare metal" exposure you need for the developing you're doing, but you could set up your machine in Linux and then run Windows full screen in a VM. Only use it for work stuff and keep you personal stuff outside it. If there was a bad update that comes down the pipe and the VM gets hosed you could roll back to an earlier snapshot of the VM in a snap, too.
Re: (Score:2)
funny, the windows update on my win 7 box has only an upgrade to win 10 showing now.
Re: (Score:2)
Being on Windows 10 and knowing from the very start that this was controllable from a registry setting (which I used to disable this junk) I fail to see your poorly made point.
Re: (Score:2)
Short - when will it be safe to let Windows 10 updates happen, again?
My laptop is dual-boot, and 90+ percent of the time it boots Linux, which I have kept fully updated through this whole mess. I still have the Windows installation live and runnable, because there are those things that just won't work without Windoes. Occasionally I unplug my USB flash with /boot, let it boot Windows, and keep that up-to-date. Most of what I do with Windows is update Windows, and occasionally update my GPS, and a rare fe
Re: (Score:3)
A couple of centuries after hell freezes over.
Farce (Score:2)
Can someone *please* (Score:3)
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
Re: (Score:3)
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
Actually a "band" in this context is a specific radio frequency, and "out-of-band" is things not on that specific frequency. So if MS has a frequency of updates, something outside that frequency is out-of-band.
Re: (Score:2)
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
Actually it does. You're probably confusing it with one of the uses of the phrase which requires an additional word to define it e.g. "Out of band management" or "out of band signalling" or "out of band data".
Being "out of band" simply means you're not in the normal fixed frequency.
I have never, EVER... (Score:2)
... seen a pooch screwed this hard. Repeatedly.
I officially declare the 2010s "The Decade When Nothing Worked Right".
Software should just give up on Spectre (Score:4, Interesting)
Re:Software should just give up on Spectre (Score:5, Informative)
I tend to agree. Meltdown had an obvious path to exploit -- run an unauthorized branch of code to access something one shouldn't, then make sure another bit of code read that unauthorized data before it was flagged and wiped. Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
In a jewelry store theft comparison:
Meltdown -- walk in as a celebrity, ask the jeweler if you can view a specific priceless ring that only celebrities could afford, and then you bolt for the door as soon as the ring is on your finger. You got exactly what you wanted.
Spectre -- walk in, try to grab any ring an average customer is presently inspecting... assuming there are any customers and any of them are viewing any rings during your visit. You have no idea what you're going to get, if anything.... but whatever you DO get, it won't be the specific ring in Meltdown you could have gotten.
Re: (Score:2)
It's not even snooping on random processes, Spectre is about using a scripting language to figure out memory from the current process. So at worst, Javascript can use cache timing attacks to figure out your saved passwords.
Two Spectre variants. (Score:2)
Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
I know things are getting confused, but there are 2 variants of Spectre.
The first one, the one you're describing, the "Bounds Checks Bypass", is the one where Speculative Execution is working exactly as defined, affects all speculative executing processor (so basically a couple of in-order cores like Intel Atom and nearly all RISC except a few latest AArch64 are exempt).
CPU speculatively execute past a check, and might end up speculatively reading from another part of the memory to which the application has
Re: (Score:2)
Re: (Score:2)
he absent-mindly repeats the dance-steps of that dance he saw and liked...and ends up accidentally bumping into the button that turns the alarm off
Best non-car analogy ever.
Car Analgoy ! (Score:2)
Best non-car analogy ever.
I didn't start the Jewelry store analogy, the parent poster did.
And now let's try a car analogy ! (But let's not repeat what xkcd [xkcd.com]).
It's all about you car trying to be more clever than you. So it's fitting to take self driving car as a metaphore.
Speculative execution :
When you arrive at an intersection, the car doesn't wait for you to take a decision where you want to go.
It makes its best guess and start driving in that direction.
When it was invented, it wasn't even considered problematic, because if you act
Re: (Score:2)
I tend to agree. Meltdown had an obvious path to exploit -- run an unauthorized branch of code to access something one shouldn't, then make sure another bit of code read that unauthorized data before it was flagged and wiped. Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
In a jewelry store theft comparison:
Meltdown -- walk in as a celebrity, ask the jeweler if you can view a specific priceless ring that only celebrities could afford, and then you bolt for the door as soon as the ring is on your finger. You got exactly what you wanted.
Spectre -- walk in, try to grab any ring an average customer is presently inspecting... assuming there are any customers and any of them are viewing any rings during your visit. You have no idea what you're going to get, if anything.... but whatever you DO get, it won't be the specific ring in Meltdown you could have gotten.
Actually, Spectre variant 2 is more like:
Send 1000 people in to ask to see the same piece of jewelry, then walk in as a celebrity, don't ask to see it, but because the jewelrer has been trained that everybody wants to see the same thing, he takes it out and just places on the table before listing to what you actually want, and while he finds what you do ask him for, just pocket the jewelry you wanted but never mentioned yourself and walk out.
It is significantly slower than Meltdown, but it can do many of th
Re: (Score:1)
One possible, cynical, answer: Intel FUD is the point of it. Because AMD's patch to Meltdown was to do NOTHING; but someone somehow got both of these things hitting at once, and confusing the issue.
I hope I'm wrong, and I doubt many people will know for sure, but it's a possibility.
(Seriously, because AMD chips don't speculatively execute until AFTER permission checks, meltdown simply does not work on them.)
Saw this coming (Score:2)
I disabled all my auto-update crap on the Windows 10 Pro unit I do have. ( Wacom Cintiq, no choice on the OS )
Also disabled all the updates for my Win 7 machines.
Not about to play guinea pig for a rushed patch to fix a problem they've known about for some time.
I'll give it six months, then consider it once all the problems are ironed out.
IF all the problems get ironed out.
Meanwhile, Intel's stock (Score:1)
has risen over 10% so far this month. That's what lying PR can do for a company.
If you didn't apply the microcode updates... (Score:2)
It's worth noting that the Spectre variant 2 update was only enabled if you installed the patch and also installed the microcode update from your hardware vendor.
This out-of-band update doesn't effect anyone who hasn't installed the updated hardware microcode yet.
So what mitigations are ok? (Score:2)
Re: (Score:2)
Re: (Score:2)
FTFY
This destroyed my Win10 install (Score:2)
I've never seen anything like it. Windows would simply not load. Not even safemode could get windows to boot.
Completely reinstalling windows fixed it (for now) but there goes 2 hours of my life (plus the slow process of reinstalling all my apps).
I really regret purchasing an Intel CPU. If anyone out there is building a computer and on the fence about what CPU to get, AMD deserves your money. Ryzen is fantastic and should have been my first choice.