Meltdown and Spectre vulnerabilities Intel (and AMD) Chip Bug

A lot of noise on the internet, after Intel confirm that chips have a bug:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ 

This post is to bring some light on this.

1- Intel says is not only their chips affected

2- PCID (Process-Context Identifiers), a chip feature,  has a bug that allow apps (malware) to read data

3- Process-context identifiers (PCIDs) are a facility by which a logical processor may cache information for multiple linear-address spaces. The processor may retain cached information when software switches to a different linear address space with a different PCID.

4- Macintosh and Linux OS are also affected.

Rumors:

1- If you have Haswell (4th-gen) or newer, PCID (Process-Context Identifiers) is enabled. 

2- After apply the patch, performance is going to be slower on newer CPU. Around 5 to 10%.

2- Still if you have older CPU, performance will be affected worse than newer CPUs.

3- To be affected you must have a OS 64 bits. {Correction: 32bits has vulnerability, MS still working on this)

Just as I'm writing this, Linus Torvalds and his team are working on this too:
https://lkml.org/lkml/2018/1/2/703
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe%40alap3.anarazel.de

Can we get a word from Microsoft?

For windows, What patch is going to address this? (Update: Patch links and KB are listed on postings)

Is that is going to be on the Montly Rollup and/or Security only patches? (Update: See the links posted)

If performance is going to suffer, can we be able to uninstall such patch? (Update: Microsoft published a document about it, See the links posted)

Please, any info will be appreciated.

 

Question Info


Last updated November 23, 2018 Views 21,938 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

More info on this.

The KB that address this is KB4056892.

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Now, the BAD news: Some Antivirus have issues with this KB. 

Due to the nature of the bug, some anti-virus applications do unsupported calls into kernel memory, that lead to a nasty BSOD (Blue Screen of Dead).

https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

Microsoft went safe and only install patches with certified Antivirus.

Antivirus need to update their engines.

4 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

At least for Symantec AV, they recommend to update to ERASER Engine 117.3.0.358 (or greater), after that, KB patch applies without problem:

If you don't. you will see  "Product Error requires attention" and the SEP system tray icon to report "There are multiple problems (2)".

https://www.symantec.com/connect/forums/latest-win10-update-corrupts-sep14

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Once more...just to be clear. This is not a virus.

This is a bug.

It is not really that big an issue at the moment though it is expected to be in the future.

The Microsoft Cumulative Security Update that addresses this is available NOW.

Just go to settings and click update. Then check for updates.

Also visit HP, Dell, any manufacturer of your device's website for other updates involving MELTDOWN and/or SPECTRE.

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Just to add that also affects Windows servers OS: Windows Server 2016, Windows Server 2012, Windows Server 2008 and all R2.

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Some KBs are still in process and not released yet.

Also affects SQL Servers: SQL Server 2008, SQL Server 2008R2, SQL Server 2012, SQL Server 2014, SQL Server 2016, SQL Server 2017:

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

Read more here:

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Just meant as an info... because IMO below articles are worth reading and contain lots of further info/links:

May 4, 2018: I won't participate anymore in MC. Enough is enough.

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Well, Symantec reports problems even with the ERASER engine 117.3:

Endpoint Protection system tray icon reports there are multiple errors after updating ERASER to 117.3.0 and Microsoft Update KB4056892

Just great!

For now, anyone with Symantec AV just hold on.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

It's a massive issue, answers are needed urgently!

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Which Intel-based platforms are affected by or vulnerable to the issue? 

The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. 
Please check with your system vendor or equipment manufacturer for more information regarding your system.

Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
Intel Atom® Processor C Series
Intel Atom® Processor E Series
Intel Atom® Processor A Series
Intel Atom® Processor x3 Series
Intel Atom® Processor Z Series
Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Processor J Series
Intel® Pentium® Processor N Series

For latest list, see:

Facts about The New Security Research Findings and Intel Products

4 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

We appear to be getting conflicting comments here, Microsoft call the issue a bug (https://answers.microsoft.com/en-us/windows/forum/windows_10-security/meltdown-and-spectre-vulnerabilities-intel-chip/ead3f25e-6c55-4359-9cd9-5be87cbe7b4f?messageId=28cccf1a-5240-4489-8989-a6b733b12fb9) Intel say it's not ( *FAQ* -  https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html) Where do we go?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.