GRC test utility for 'Meltdown and Spectre', Tracking Issues with the Spectre Patches
FYI...
GRC test utility for 'Meltdown and Spectre' vulnerabilties
- https://www.grc.com/inspectre.htm
Jan 15, 2018 - "This is the Initial Release of InSpectre - We did not wish to delay this application's release while building additional confidence in its conclusions and output. It has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now. But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris.... Protection from these two significant vulnerabilities requires updates to every system's hardware – its BIOS which reloads updated processor firmware – and its operating system – to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance."
(Download the utility from the URL above.) - Thank you, Steve!!!
... Added Jan 16, 2018: "High incidence of -false-positive- A/V warnings:
People are reporting that their 3rd-party anti-virus systems are quarantining InSpectre under the mistaken belief that it's malicious. This did not occur during early work, and is almost certainly due to the end-of-project inclusion of the protection enable/disable buttons and the presence of the registry key they use. I would rather not remove that feature... I will explore obscuring the use of that key to see whether false positive anti-virus warnings can be eliminated. At that time I will clarify some of the conflicting language the app can produce and also explain why the enable/disable buttons may be disabled (there's nothing for them to enable or disable in specific circumstances.)"
___
Windows 7 SP1 and Windows Server 2008 R2 SP1
January 4, 2018 — KB4056894 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1
- https://support.microsoft.com/en-us/...date-kb4056894
Last Updated: Jan 12, 2018
___
Patch Watch: Tracking Issues with the Spectre Patches on AMD Machines
> https://windowssecrets.com/windows-s...-amd-machines/
Jan 11, 2018 - "Beware, AMD chip owners. For you Windows Secrets readers who have computers with AMD inside, these Spectre/Meltdown patches are causing more issues than they are preventing. So much so that Microsoft has halted release of the updates on machines that have AMD chipsets. Some of the relevant security posts include the following:
Microsoft’s KB4073707 on the issues with AMD chip sets and how Microsoft is blocking the patches until the issue is resolved:
- https://support.microsoft.com/en-us/...-based-devices
Microsoft’s KB4073757 recapping the overall guidance:
- https://support.microsoft.com/en-us/...ectre-meltdown
Let’s recap the big picture:
> Intel CPU chips have a bug in their very architecture.
Researchers found a way for attackers to possibly steal passwords and other confidential information from our machines. As of publication, the attack has not been used in the wild. However, the potential is there and it’sreally concerning up in cloud servers as it could mean that fellow virtual servers could read information from a tenant next door.
It won’t be enough to patch for the Windows operating system, you’ll need to patch the firmware on your computer as well.
It’s not a Microsoft bug, but because everything uses CPUs, pretty much everything needs to be patched ranging from phones to firewalls. So after you get your patches for Windows, go look for updates for anything else that has a CPU included in it (I’m not kidding or overstating the issue).
A bigger concern to many will be the performance hit this “fix” will make on your system as discussed in a Microsoft blog[2].
2] https://cloudblogs.microsoft.com/mic...ndows-systems/
The older your computer the more the “hit” will be. If you have a computer that is a 2015-era PC with Haswell or older CPU – you will notice a difference.
CERT goes so far as to recommend replacing the CPU hardware in their blog post[1]. I’m not ready to go that far, but it would be wise to review how old your computer hardware is, evaluate the performance hit and plan accordingly.
1] https://web.archive.org/web/20180104...vuls/id/584653
Check That Your Antivirus Is Supported:
Because this is a kernel update, antivirus vendors who have hooked into the kernel for additional protection could trigger blue screens of death if they are not updated for the change introduced by this patch. Thus Microsoft is requiring that before the January Windows and .NET updates are installed that a registry entry is made by the vendor – or by you if your vendor doesn’t provide the registry key in an update – before the January updates are installed.
Make sure you review the antivirus listing page that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn’t support these updates, it’s time to find a new vendor...
Make sure you review the antivirus listing page*** that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn’t support these updates, it’s time to find a new vendor...
*** https://docs.google.com/spreadsheets...lview?sle=true
Protect your Windows devices against Spectre and Meltdown
Applies to: Windows 10, Windows 10 Mobile, Windows 8.1, Windows 7, HoloLens, Windows Server 2016, Windows Server 2012 Standard, Windows Server 2012 R2 Standard, Windows Server 2008 R2 Standard
> https://support.microsoft.com/en-us/...ectre-meltdown
Last Updated: Jan 10, 2018
