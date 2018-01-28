Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations (bleepingcomputer.com) 53
An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."
HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.
"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "
I don't see any good way past this.
It's probably your massive hosts file causing buffer overflows.
Why would you patch Windows XP? It's not like it's still in heavy use, there's no point. Only ATMs, POS, medical and industrical equipment, really who cares.
So Linus was right? (Score:1)
Basically they are telling us that Linus was not overreacting...
This is what happens when the market is a monopoly, Intel sitting at its laurels, without a care in the world it seems...
New processor for everyone! (Score:5, Insightful)
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
This is a fundamental flaw with the microcode and the only fix is a new processor.
Intel needs to give everyone a new processor or motherboard... (and a pony).
That's what I'm pushing for, especially for my server that was very badly impacted. New Xeon, new mobo, new RAM, Windows 10 licences and my hourly rate.
We apologise for the fault in the updates. Those responsible have been sacked. Mynd you, møøse bites Kan be pretti nasti... We apologise again for the fault in the updates. Those responsible for sacking the people who have just been sacked have been sacked
If it's so easy to disable the protection in a Microsoft patch, I'm sure that anyone who wants to exploit the microcode bug could also disable the protection.
Your use of the phrase "I'm sure" leads me to suspect that you're not in any way sure about this.
I am sure.
If Microsoft can disable the patch. I am sure that your average hacker can disable the patch.
Hell on servers you can enable / disable the patch with two regedits and a reboot. So I don't see this being too hard to exploit ( especially for dumbass admins ): exploit some known exploit to elevate privileges, write the two registry keys to disable the patch and install your backdoor, then crash the server forcing a reboot ( that will be blamed on the patch ). Boom, instant owned server.
A good admin would probably catch this, but lets face it... there are tons and tons of shit admins that would just
WTF?
If you can climb all the way to registry-editing admin, why would you waste that trying to disable an update that prevents you from merely reading memory?
You *ALREADY* owned the box to the point where you could load a custom kernel driver and simply sniff everyone's memory through that at full speed.
All you need is administrator access and to reboot the machine!
Wait, what else can you do if you have that level of access...
Even more interesting is that the microcode can be upgraded. Not really huge news though - but it leaves also room for the speculation that microcode could be injected by malware. How about some new instructions in the processor - or changing some instructions to not cause an interrupt when accessing protected memory and instead return the real data?
I wouldn't put it past at least some three letter agencies to perform such things since they probably have the ability to get the full specs. I'm not saying it
Disabling the protection requires administrator rights. If you have administrator rights then you can attach a debugger to your victim process and dump its memory that way, no vulnerability required.
The complexity of CISC did kill it. (Score:1)
The solution is Linux and *BSD over RISC-V.
So, how is this forced update thing working out? (Score:3)
On 8.1 here, and I'm going to do the same thing.
In fact I'm not sure I will ever run Windows 10. I'm on the tail end of my system (Core i7 920)'s life, so I could build my next system and just install Linux Mint. Or maybe I'll get a Mac desktop to go with my (mid 2010) MacBook I have for a laptop.
funny, the windows update on my win 7 box has only an upgrade to win 10 showing now.
Farce (Score:2)
Can someone *please* (Score:3)
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
teach Microsoft what "Out of Band" means? Hint--it doesn't mean "unscheduled."
Actually a "band" in this context is a specific radio frequency, and "out-of-band" is things not on that specific frequency. So if MS has a frequency of updates, something outside that frequency is out-of-band.
I have never, EVER... (Score:2)
... seen a pooch screwed this hard. Repeatedly.
I officially declare the 2010s "The Decade When Nothing Worked Right".
Software should just give up on Spectre (Score:3)
Re: (Score:3)
I tend to agree. Meltdown had an obvious path to exploit -- run an unauthorized branch of code to access something one shouldn't, then make sure another bit of code read that unauthorized data before it was flagged and wiped. Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
In a jewelry store theft comparison:
Meltdown -- walk in as a celebrity, ask the jeweler if you can view a specific priceless ring that only celebrities could afford,
Re: (Score:2)
It's not even snooping on random processes, Spectre is about using a scripting language to figure out memory from the current process. So at worst, Javascript can use cache timing attacks to figure out your saved passwords.
Saw this coming (Score:2)
I disabled all my auto-update crap on the Windows 10 Pro unit I do have. ( Wacom Cintiq, no choice on the OS )
Also disabled all the updates for my Win 7 machines.
Not about to play guinea pig for a rushed patch to fix a problem they've known about for some time.
I'll give it six months, then consider it once all the problems are ironed out.
IF all the problems get ironed out.
If you didn't apply the microcode updates... (Score:2)
It's worth noting that the Spectre variant 2 update was only enabled if you installed the patch and also installed the microcode update from your hardware vendor.
This out-of-band update doesn't effect anyone who hasn't installed the updated hardware microcode yet.
So what mitigations are ok? (Score:2)