A note about the “new” Spectre NG revelations

Topic

New Reply

Several of you have pinged me about the Spectre NG (variously, Specter V4, Spectre V4, Specter-NG, and enough alternatives to make Google search inter
[See the full post at: A note about the “new” Spectre NG revelations]

5 users thanked author for this post.

SueW, Noel Carboni, Cascadian, Elly, flackcatcher

Reply | Quote

Replies

Are most people here still holding off on installing any firmware from Intel? Sorry I’ve been out of the loop the past 2 months.

Reply | Quote

I upgraded in April after everything got ironed out. One of my older Haswell desktops from HP still waiting on firmware. This latest stuff with firmware just was released in beta from Intel to PC makers. Dell is thinking July or August for many models for firmware for Spectre 4 and that will not be enabled by default just included. Personally I would pass on it in case we have yet another batch of bad firmware. Basically both Microsoft and Google seem to feel the current fixes in the OS and the browser mitigation are enough. The new fix as I call it with firmware is said to slow PC by up to 8% according to Intel tests. As Woody says nothing in the wild that poises a threat to any of these variants so why slow your PC needlessly.

1 user thanked author for this post.

Demeter

Reply | Quote

The only thing that all the hoopla about Meltdown and the Spectre variants has accomplished is to convince me to defer a new PC purchase until the chip makers get their act together!  I guess I might be waiting for a long time…

3 users thanked author for this post.

HiFlyer, Microfix, Elly

Reply | Quote

I continue to check periodically the MS page for the 5/18 Secur.-only patch KB4103712; that’s the page with the recent new language re MS “…being aware of a problem…re network drivers being uninstalled…we are presently investigating this…blahblahblah…” It’s been TWO WEEKS for who-knows how many million Win 7 x-64 users; and they haven’t patched it yet. OH! BUT WAIT!!! Recently, MS added, at the top of that page, something I don’t recall ever seeing before on this type of “Help” article: A banner shilling…wait for it… A NEW PC WITH WINDOWS 10!!! Click on that banner once, and you’re off in another land. Translation: MS is, first, and foremost, a marketing machine, for just-good-enough software.

3 users thanked author for this post.

HiFlyer, SueW, columbia2011

Reply | Quote

In the Master Patch Listed this security only update for Win 7, as well as the one for Win 7 IE 11, are both listed with the same comment, under “Issues being tracked”: “None so far.”

Maybe someone here could clarify this point?  And thanks in advance to those who do.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Not sure about the theory concerning buying new computers. To me, this constant flux of new side-channels vulnerabilities just makes me want to not buy any computer until they have taken a good enough look at all of this new world of possibilities and include the protections in their chip design, which might take a while.

But then again, maybe the marketing folks know that most people who would be scared might end up buying a newer computer to not suffer as much performance penalties thinking the new computer wouldn’t be affected by similar vulnerabilities.

For me, it’s why buy a newer chip that might likely end up with new similar vulnerabilities discovered in a few months, instead of waiting for the dust to settle on this one and certainly not reward the companies responsible by buying another chip when it is really not clear that the whole issue has been investigated enough to lower significantly the risk of future similar issues.

4 users thanked author for this post.

HiFlyer, JohnW, SueW, Elly

Reply | Quote

And a new computer does not necessarily come with all the new and improved chips installed.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Seems to me a lot of folks buy into the “Windows 10 is the most secure yet” hype and from there comes the purchase incentive to get a new system with Win 10 on it (and also because the old system sure seems to have gotten slow!)

The right thing is to be skeptical, and to hold off throwing money. Most folks I imagine will not care to be informed enough to do the right thing.

-Noel

6 users thanked author for this post.

Sessh, HiFlyer, flackcatcher, walker, SueW, AlexEiffel

Reply | Quote

This being a hardware issue, it won’t go away. Every few months we will see more proof of concepts on accessing this flaw and exploit it. Much that has already been done creates a difficult path for any of it to work for a hacker. Its probably why we have seen nothing trying to attack as yet. Plenty of easier targets in software and operating system, why bother with something more difficult? Probably why we have gone so long with this hardware and nobody has exploited it.

3 users thanked author for this post.

HiFlyer, flackcatcher, Cybertooth

Reply | Quote

Jescott418 wrote: “This being a hardware issue, it won’t go away.”

Precisely, and for this additional good reason:

There is an undeclared arms race between chip designers trying to redesign and innovate to make their chips more powerful, useful and versatile, and black hats looking for that exploitable new feature they can use for their evil ends.

A feature that, intended to make things better by their designers, these never imagined it could be also exploited as a vulnerability.

Unless and until they are designed by an all-knowing, all-nice god (or by self-aware, but benevolent AI), chips, like every other work of mortals, are always going to have weak spots that some people, somewhere, some time, will discover and figure out how to use for their own nefarious ends.

So, where does this end? When computers, as we know them, are no longer in use. But don’t worry: something else will came along to keep nasty people busy making money and, or making trouble.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

HiFlyer, flackcatcher

Reply | Quote

I have updated all my Windows 7 64 bit machines to April and I am still mainly using my oldest laptop a  C2D  because I prefer the 16 x 10 ratio screen.

These Spectre threats are more of an issue for servers IMO.

As for buying new hardware –  There is nothing on the market that interests me now and buying something with Windows 10 installed is an insult.

Obviously your browser is basically your front door and making sure that is secure should keep you safe.

 

3 users thanked author for this post.

HiFlyer, Microfix, Noel Carboni

Reply | Quote

anonymous wrote:

As for buying new hardware – There is nothing on the market that interests me now and buying something with Windows 10 installed is an insult.

That’s one way to look at it, but another’s to see it as a challenge, if you have the time and inclination to make it such.  That’s what it was when I bought the Dell laptop (Braswell, 11 inch TN, 4GB RAM) in December (2017) expressly for the purpose of putting Linux on it, since its non-upgradeable 32GB eMMC storage was too small for Windows (of any currently-supported flavor) anyway.

I was not certain I could get it to work under Linux, but having had smashing success every time I’ve tried a Linux conversion/addition so far, I was hopeful.  Still, I made sure to buy from a vendor that offers a no restocking fee return policy if I wasn’t happy with it, just in case, but I didn’t need it.

Mint runs very nicely on the little laptop, and while the thing would have earned my ire had I left Windows 10 on it (leaving it probably unable to update as so many of these “Chromebooks with Windows” are because of insufficient storage space), it has instead has become a beloved and worthy member of my “stable” of computers.

FWIW, if anyone remembers my comment on the Flickergate thread, that same laptop is now back from Dell after being sent in for a flickering screen issue that looked (on the video I shot with my digital camera) worse than the flicker video Woody linked when describing the Surface Flickergate issues.  That doesn’t mean my flicker was actually worse than in the Surfaces, since it is difficult or impossible to tell how much of the flickering on the video is real and how much is an exaggeration of the issue that’s evident when using a video camera based on frames (as they are) to record an image displayed in frames on the laptop’s screen (as they also are).

At any rate, the little Dell is back and the issue’s fixed to my satisfaction (in Dell’s words; they sent me an email to contact them if it wasn’t), so there’s a demonstration of how that’s done, Microsoft.  $180 laptop and Dell did better than you did with much more expensive Surfaces!

A less successful example also involved a Dell, though not by intent.  I mentioned this one in a post called something like “thoughts on modern laptop design” in rants, so I won’t retype the whole thing in an already long post.  The short short version is that Linux went on just fine, and worked perfectly, but as it was a gaming PC, I wanted to keep Windows around just in case there was something I wanted to try that required it.  Windows 10– no.  So I tried 8.1, and while I was able to overcome the hurdles thrown at me by Microsoft and Intel, I couldn’t get the Synaptics/Dell touchpad working flawlessly in Windows 8.1.  The Synaptics drivers simply didn’t work, and I tried several versions.  I would have been stuck using the generic “PS/2 HID-Compatible Mouse” driver, unable to access any of the touchpad’s advanced features.

It was the last day of the return period, and because of that and some other issues (an overly sharp and painful edge right on the wrist-rest), I took it back.  It’s a shame, as hardware-wise (other than the driver issue, which didn’t exist at all in Linux), it was a heck of a machine.  If I had more time, I may have been able to do more to get the touchpad working properly, but I am not hopeful about that.

It helps if you enjoy this stuff as I do.  It’s part of my recreational time to try to do things like this.  Necessary, if you’re going to have a Windows 10 free new PC, and fun, though not without its moments of frustration.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

Cascadian, johnf, columbia2011, Noel Carboni

Reply | Quote

Woody wrote:

Oh. And it should go without saying that we haven’t yet seen one, single, solitary Meltdown or Spectre exploit in general use.

Believe it or not this actually works in favor of the hypesters.

When a real exploit gets out there, it will ultimately be detected. Antivirus / antimalware software will be coded to watch for it. Blacklists will block sites that serve it.

It will be treated like any other malware.

There will be nothing magic about it. It will not be somehow more virulent, less detectable, or more persistent – it’ll just be so much more malware. The world has already seen plenty of malware, and there are ways to deal with it.

The best thing to do is to try not to let fear of the unknown influence decisions – unless the decision is to become more knowledgeable about that unknown.

I remember growing up in the 1960s… People were worried about nuclear war. As schoolchildren we had drills where we got under tables or desks. Guess what? After all that upset (surprise! youngsters are scared of dying), all that wasted effort (honestly, it made no one any safer), all that shaping of young personalities into more suspicious, bigoted forms… The nuclear war never happened.

Are we better off for having been scared of the unknown; of things we couldn’t control?

Perhaps it’s a debate for another day, but I don’t feel my life was enriched by it.

What I see in all this is no great actual threat, but a very real degradation of computing experiences and productivity.

And what really scares me is that someone, somewhere in Marketing is no doubt planning more of these shenanigans.

-Noel

7 users thanked author for this post.

Elly, Sessh, HiFlyer, flackcatcher, walker, SueW, johnf

Reply | Quote

well woody, looks like Microsoft quietly released new revisions of the KB4090007, KB4091663, KB4091664 and KB4091666 updates recently to include new Intel Microcodes for Ivy Bridge and Sandy Bridge series of CPUs, which I was anticipating MS would do to deal with the new Spectre NG flaws.

Reply | Quote

I have upgraded the BIOS on my two Ryzen systems (Ryzen 5 1600X / Ryzen 5 1500X) with Gigabyte motherboards to recent versions, which supposedly have the Spectre CPU microcodes in place. I upgraded not because of the need to deal with Spectre, but for newer CPU support.

For my recent Intel systems (X99 / Z270) I have not installed the Spectre BIOS updates yet as I believe there is no need to do so right now, and there are no useful new features in them. In fact Gigabyte, for some reason, still has not released the Spectre BIOS updates for the X99-UD4 revision 1.1, which I have several (Though the corresponding BIOS for the revision 1.0 board has been released. I wonder why that is.).

Windows 8.1 x64 running on these systems is at April 2018 patch level, while Windows 7 x64 running on them is staying at December 2017 patch level.

As for the new “Variant 4” Spectre, well, I shall continue to wait and see. I wonder if Gigabyte and other motherboard manufacturers will continue to provide BIOS updates that mitigate these new vulnerabilities?

Hope for the best. Prepare for the worst.

Reply | Quote

I’m not saying that Microsoft, Intel, AMD, Qualcomm and others had a hand in bringing down the Meltdown/Spectre curtain. I am saying they stand to make a whole lotta money out of it, and added publicity doesn’t hurt one whit.

Intel, AMD & Qualcomm should be forced to replace the defective hardware with new hardware that doesn’t have these defects at no cost to the consumer (e.g. like a car maker would be forced to do).

This would guarantee that they don’t make any profit out of this fiasco.

-lehnerus2000

1 user thanked author for this post.

columbia2011

Reply | Quote

anonymous wrote:

Intel, AMD & Qualcomm should be forced to replace the defective hardware with new hardware that doesn’t have these defects at no cost to the consumer (e.g. like a car maker would be forced to do).

This would guarantee that they don’t make any profit out of this fiasco.

I need to push back on this. Halfway. This is in the realm of applying standards of today retrospective to accepted standards of old.

Reference a comment from late January. This was in a reply chain, and is not exactly the metaphor you’ve started here.

Anyone please correct my memory, but these side channel speculative queries are made possible by designs created to increase overall computational speed at a time when hard processor speeds were at a plateau. In danger of falling behind of Moore’s law, engineers created a work around that both marketing and consumers at all price points accepted, supported, and demanded more. When real advances came later, it would be silly to stop using this additional advantage for a superior overall performance rating. To fully put this now malicious genie back in the bottle has a price to be paid in performance.

But I’m only pushing halfway. Because to market and profit unfairly, by pushing this vulnerability to the fore, is also bad practice. Creating the condition that if you do not address this possible exploit, then you are not performing due diligence in defense of your infrastructure. End consumers are less affected by this, but feel the vulnerability more sharply. The expensive loss would be an entity that holds others data in trust. That covers a very wide range of databases.

Reply | Quote

I acknowledge the points you’ve posted.

However Intel, AMD & Qualcomm continued to sell these defective products, after they were aware of the issues and AFAIK they are still selling them today.

Disclaimer: I don’t consider a software patch to be a proper fix for a problem with hardware.

Contrast this situation to the dodgy airbags issue. To fix the issue, the car makers aren’t allowed to say, “just buy a new car”. They have to replace the airbags, regardless of the age of the vehicle (these dodgy airbags were fitted to millions of vehicles over many years). The fact that software (and apparently CPUs) are not subject to the same rules as real products is why we constantly have to put up with quality and security issues.

-lehnerus2000

1 user thanked author for this post.

Cascadian

Reply | Quote

Similarly, I agree with your additional points, especially that a software solution is an incomplete fix to a hardware problem. That is why new workaround exploits beget new patches ad infinitum.

I think we look at this from different directions, and will not likely come to agreement. I am not trying to convince you. Just attempting to be better understood. You describe this as a safety flaw that is a liability on the manufacturer alone.

I see this as an outdated performance enhancement that has proven to be unsafe. But it was known, acknowledged, and declared worthwhile at the time. Even when further advances brought performance past the point set by this workaround, consumers at all price points continued to demand more. And so this faulty method became the standard. when time has passed and memories fade does not suddenly create a liability out of a customer requested improvement. The manufacturer fulfilled the requested feature.

I do not see exploding fuel tanks, unsafe at any speed bumpers, or Takata airbags here. I see pleasant comfortable features like ‘suicide’ doors that allow for a more natural egress from a rear seat, and convertible tops for all the fresh air you could want at low speeds. When these features were declared safety hazards the consumer lived with their purchase decision until they were ready to replace.

I actually see a long view irony involved in villagers marching with torches and pitchforks against the manufacturers castle, demanding to hobble the high performance features the consumer demanded. I continue to advocate the unpopular view that new chipsets should be produced that admittedly underperform. But if the marketplace is fulfilled with both options, consumer demand can make clear to manufacturers how to proceed. Fast versus safe, options available for all.
—
edit to add: Inserting an acknowledgement for those truly practical, practical engineers of applied theory. There is no ‘software’, it is all hardware existing in different charged states. Every change in code is a change in the current state of the hardware configuration at a very minute level.

Reply | Quote

I think we look at this from different directions, and will not likely come to agreement. I am not trying to convince you. Just attempting to be better understood. You describe this as a safety flaw that is a liability on the manufacturer alone.

I see this as an outdated performance enhancement that has proven to be unsafe.

Thanks for your thoughtful replies.

I agree that this isn’t a life-and-death safety issue per se. I used the car example as a lot of people would be familiar with Automotive Safety Recalls. Other safety recalls normally don’t receive much publicity (household goods).

That said, if malicious hackers could corrupt medical equipment, then people could be injured or killed.

It could also be argued that hackers using innocent people’s PCs for criminal activities could be considered a safety issue (indirectly). For example, using botnets to distribute terrorist materials and/or to facilitate money laundering, etc.

-lehnerus2000

1 user thanked author for this post.

Cascadian

Reply | Quote

Does that make you want to buy a new computer? You think we’re done with that kind of announcement?

https://threatpost.com/intels-virtual-fences-spectre-fix-wont-protect-against-variant-4/132246/

 

Reply | Quote

UPDATE: 13th June 2018

Here’s the Status of Meltdown and Spectre Mitigations in Windows
by Catalin Cimpanu at BleepingComputer

Yesterday’s Patch Tuesday release included fixes for the latest Spectre vulnerability, known as Spectre variant 4, or SpectreNG…
..Only Windows 10, Windows Server 2016, Windows 7, and Windows Server 2008 R2 have received SpectreNG patches…

continued reading below:

https://www.bleepingcomputer.com/news/security/heres-the-status-of-meltdown-and-spectre-mitigations-in-windows/

What! no patch for W8.1 for SpectreNG!

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, SueW, walker

Reply | Quote

@Microfix:   This provides a whole lot of information.   Thank you so much for sharing it with us all!     

Reply | Quote

Hey Y’all,

I just did a new check and Dell published a new BIOS update (6/12/18) for my machine as well as MS publishing KB4284819 for the Spectre bug.

Using this PowerShell code:

Code:

#Requires -Modules SpeculationControl, @{ ModuleName="SpeculationControl"; ModuleVersion="1.0.8" }
# Save the current execution policy so it can be reset

$SaveExecutionPolicy = Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned -Scope Currentuser
Import-Module SpeculationControl
Get-SpeculationControlSettings
# Reset the execution policy to the original state
Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

I get the following results:  Note: Changed items in bold.

Before Installing KB4284819

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Windows OS support for speculative store bypass mitigation is present: False

Suggested actions

* Install the latest available updates for Windows with support for speculation
control mitigations.

BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
SSBDWindowsSupportPresent : False
SSBDHardwareVulnerable :
SSBDHardwarePresent : False
SSBDWindowsSupportEnabledSystemWide : False

After Installing KB4284819

PS> G:\BEKDocs\Scripts\Query-SpeculationControlSettings.ps1
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass mitigation is present: False

Windows OS support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is enabled system-wide: False

BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : False
SSBDWindowsSupportEnabledSystemWide : False

After Dell BIOS Flash to 1.0.16

PS> G:\BEKDocs\Scripts\Query-SpeculationControlSettings.ps1
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.mic
rosoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not requi
red for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is enabled system-wide: False

BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : True
SSBDWindowsSupportEnabledSystemWide : False

HTH

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

FYI …
Intel just released yesterday an updated “Microcode Revision Guidance” dated June 21 2018.

https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

No details other than …

The following table provides details of availability for microcode updates currently planned by Intel.

I suspect this includes the next round of microcode fixes for Spectre Variant 4 as the microcode revisions are being updated from the previously released versions for Spectre Variant 2.

Good news … maybe ?

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

2 users thanked author for this post.

Microfix, Elly

Reply | Quote

RDRguy:

I noticed that, in the list of CPUs in that site you have provided a link to, many of the processor updates are labelled “Beta” and are marked in yellow, while a similar number are marked in green and labelled as “Production” (meaning, I suppose, “OK by us for you to use, if you dare”)  So it looks as if their color code is based on traffic lights, not fruit

Interesting the notes at the end of the same PDF document. Sure, some of it is just recycled legal boilerplate, but even so…

Take the the last paragraph, for example:

“Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.”

And here is the full disclaimers’ text:

” Intel may make changes to specifications and product descriptions at any time, without notice.”

“All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.”

“Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.”

“Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation.”

“Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.”

“Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

HiFlyer, Elly, RDRguy

Reply | Quote

Yes, it seams that Intel stripped all of their CPU Products with a previous status of “Planning, Pre-Beta & Stopped” & changed their table color code scheme (for the better I think) from their last guidance dated April 2 2018.

As far as you or I using any of “Beta” or “Production” updates, we must first be able to get our hands on them.

I may be wrong but I presume those marked in green have been released to and/or buy EOMs and will soon be or are already available via system OEM BIOS or Microsoft/Linux updates.

The yellow/gold ones I presume are either still being validated by Intel and/or system OEMs so those probably won’t be available for a little while longer.

As far as the “legalese” at the bottom of the last page, it’s the same as before in their previous April 2 & March 6 releases and I suspect it’s very similar to most Intel documentation presented on their webpages so I’m not really surprised they included it in here too.

From my understanding, adding mitigation for Spectre Variant 4 adds/removes CPU features that’ll undoubtedly negatively effect system performance. I’m sure Intel has some sort of “test bed”, either real, simulated or both, to verify/quantify CPU performance.

As such, I interpret the last paragraph to simply state that every system may or may not be effected in the same way as their “test bed” results were as far as performance is concerned and as such, I’m neither surprised nor alarmed by it being included.

I just hope it’s not too much of a performance loss or I’ll be turning it ON/OFF regularly as needed.

(let’s just hope they don’t keep finding/mitigating new Spectre issues or we may all end up with PIII class performance with our current systems)

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

3 users thanked author for this post.

HiFlyer, Microfix, Elly

Reply | Quote

RDRguy wrote:

(let’s just hope they don’t keep finding/mitigating new Spectre issues or we may all end up with PIII class performance with our current systems)

Don’t give them ideas, we’ll be booted off W7 thereafter..

Windows - commercial by definition and now function...

3 users thanked author for this post.

walker, HiFlyer, RDRguy

Reply | Quote

FYI,

Intel released another updated Microcode Revision Guidance dated July 3, 2018 here.

Except for CPUIDs 506C2 & 206E6 & 206F2, it’s showing that Spectre 3a & 4 mitigated CPU Microcode is in “Production” status. The last 3 remaining are still in “Beta” status.

Those that still want and are waiting for Spectre 3a & 4 mitigated CPU Microcode via Win10 update and/or OEM BIOS updates, they should be popping out soon …

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

3 users thanked author for this post.

HiFlyer, columbia2011, Microfix

Reply | Quote

Update dated 10th July 2018:
Intel has released new documentation regarding more issues:

https://www.intel.com/content/www/us/en/security-center/default.html

Insecure Handling of BIOS and AMT Passwords: CVE-2017-5704

Affected products:

Platform sample code for the following processor generations:
• 4th Gen Intel® Core™ Processor (Haswell)
• 5th Gen Intel® Core™ Processor (Broadwell)
• 6th Gen Intel® Core™ Processor (Skylake)
• 7th Gen Intel® Core™ Processor (Kaby Lake)

Windows - commercial by definition and now function...

Reply | Quote

Yet more vulnerabilities: New Spectre 1.1 and 1.2 discovered.

More info here from Martin Brinkmann on Ghacks:

https://www.ghacks.net/2018/07/11/here-we-go-again-spectre-1-1-and-1-2-vulnerabilities-discovered/

more bios updates on the horizon..<sigh>

 

Windows - commercial by definition and now function...

2 users thanked author for this post.

columbia2011, Elly

Reply | Quote