Microsoft yanks all of this month’s Windows patches for “devices with impacted AMD processors”

Topic

New Reply

Let’s hear it for beta testing. Early this morning, Microsoft officially announced that it was pulling all of this month’s Meltdown/Spectre patches fo
[See the full post at: Microsoft yanks all of this month’s Windows patches for “devices with impacted AMD processors”]

5 users thanked author for this post.

AJNorth, rontpxz81, dgreen, Pepsiboy, MrBrian

Reply | Quote

Replies

I just rechecked my Windows update.  (it’s set to never check).
KB4056894 is now checked.
It was unchecked on 1/4/18.

Dell Inspiron 660 (purchased in 2013) just replaced hard drive in November 2017 and had Windows 7 reloaded.
Windows 7 Home Premium 64 bit SP 1
Server 2008 R2 x64
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02

After new hard drive installed went to
Group A

2 users thanked author for this post.

Bill C., MrBrian

Reply | Quote

I’m waiting on pins and needles to see what gets thrown against the wall today, the official Patch Tuesday.

7 users thanked author for this post.

SueW, AJNorth, geekdom, fk5353, Noel Carboni, Elly

Reply | Quote

Just a thought here. I installed KB4056891 ( 15063.850 ) last Friday and so far, with no problems. That patch has now been pulled and if I don’t uninstall it, is that a snake in the basket that’s going to come back and bite me later ? I Have an i7 processor and not AMD, and registry was set by Norton.

Reply | Quote

Woody, are we not all beta testers these days?

Reply | Quote

No, pre-alpha testers.

Reply | Quote

Has anyone to date doucmented how, in technical terms, these patches mitigate the vulnerabilities?

Do they rewrite the microcode so that processors stop doing speculative execution?

Do they change the browsers so that they can’t be compromised via Javascript?

Do they make the kernel zero out buffers when they’re deallocated?

What we have is wording like this (from the KB4056894 page for Win 7 / Server 2008):

This security update includes improvements and fixes that were a part of update KB4054518 (released December 12, 2017) and addresses the following issues:

Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

And this (KB4056895 for Win 8.1, Server 2012):

This security update includes improvements and fixes that were a part of update KB4054519 (released December 12, 2017) and addresses the following issues:

Security updates to Windows Kernel, Windows Datacenter Networking, Windows Graphics, and Internet Explorer.

Wouldn’t it be nice to know more about what’s technically being done to our computing environments so that we could understand the risks?

Not only are there gotchas built into the cumulative “all or nothing” path, but there are also ramifications of the policy changes at Microsoft toward reducing technical documentation to “we fixed, it, trust us.”

-Noel

9 users thanked author for this post.

HiFlyer, Steve, ryegrass, Karlston, Cybertooth, BobbyB, AJNorth, Rock

Reply | Quote

Here are some technical info links that I’ve posted before:

https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9

https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

https://github.com/marcan/speculation-bugs

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf (links to pdf)

https://meltdownattack.com/

 

2 users thanked author for this post.

Noel Carboni, SueW

Reply | Quote

“Do they rewrite the microcode so that processors stop doing speculative execution?

Do they change the browsers so that they can’t be compromised via Javascript?”

No and no.

 

Reply | Quote

Details about microcode changes

Reply | Quote

Meltdown description and fix is detailed at https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/.

Reply | Quote

From that article:

If the problem were just that it enabled the derandomization of ASLR, this probably wouldn’t be a huge disaster. ASLR is a nice protection, but it’s known to be imperfect. It’s meant to be a hurdle for attackers, not an impenetrable barrier. The industry reaction—a fairly major change to both Windows and Linux, developed with some secrecy—suggests that it’s not just ASLR that’s defeated and that a more general ability to leak information from the kernel has been developed. Indeed, researchers have started to tweet that they’re able to leak and read arbitrary kernel data. Another possibility is that the flaw can be used to escape out of a virtual machine and compromise a hypervisor.

The solution that both the Windows and Linux developers have picked is substantially the same, and derived from that KAISER work: the kernel page table entries are no longer shared with each process. In Linux, this is called Kernel Page Table Isolation (KPTI).

With the patches, the memory address is still split in two; it’s just the kernel half is almost empty. It’s not quite empty, because a few kernel pieces need to be mapped permanently, whether the processor is running in ring 3 or ring 0, but it’s close to empty. This means that even if a malicious user program tries to probe kernel memory and leak information, it will fail—there’s simply nothing to leak. The real kernel page tables are only used when the kernel itself is running.

This undermines the very reason for the split address space in the first place. The TLB now needs to clear out any entries related to the real kernel page tables every time it switches to a user program, putting an end to the performance saving that splitting enabled.

The impact of this will vary depending on the workload. Every time a program makes a call into the kernel—to read from disk, to send data to the network, to open a file, and so on—that call will be a little more expensive, since it will force the TLB to be flushed and the real kernel page table to be loaded. Programs that don’t use the kernel much might see a hit of perhaps 2-3 percent—there’s still some overhead because the kernel always has to run occasionally, to handle things like multitasking.

But workloads that call into the kernel a ton will see much greater performance drop off. In a benchmark, a program that does virtually nothing other than call into the kernel saw its performance drop by about 50 percent; in other words, each call into the kernel took twice as long with the patch than it did without. Benchmarks that use Linux’s loopback networking also see a big hit, such as 17 percent in this Postgres benchmark. Real database workloads using real networking should see lower impact, because with real networks, the overhead of calling into the kernel tends to be dominated by the overhead of using the actual network.

A potential 50% dropoff to protect against something whose chances of ever affecting me are extremely low? At this time, this is an unacceptable risk. What programs would use the kernel enough to cause this kind of performance hit? Gaming? Video encoding? Gaming + recording on the same machine simultaneously? I did notice on reddit (don’t remember where I saw the link on here) of a gamer that did some of these tests and saw significant performance drop offs in some areas that affected gameplay performance. Obviously, recording smooth gameplay videos is also potentially out of the question.

It’s just not acceptable especially to mitigate a risk that is highly unlikely to ever affect me. If I did happen to be exposed to it, I have blacklists and I have uBlock and uMatrix blocking all webpage elements that are not first party by default as well as any ads and malicious content. I may even switch over to Pale Moon if I can work out a few little things for even more protection in the browser.

I just refuse to panic myself into a “solution” to a problem that is going to cause problems worse than the initial problem the solution was made to fix. Sacrificing as much as half of your engine power to fix a small leak in the boat is not a solution. It’s replacing one problem with another.

People who use their systems for more mundane tasks probably have nothing to worry about, though. For me, I spent money on this PC for the performance and am not willing to give any of it up for “security reasons” nor should I or anyone else have to be faced with such a dilemma. It needs to be better.

4 users thanked author for this post.

HiFlyer, David F, Cybertooth, Noel Carboni

Reply | Quote

The fixes can be disabled, as mentioned elsewhere in this topic.

Reply | Quote

I’m a dyed-in-the-wool lifetime geek and I’ve got to tell you even the tl;dr sections of the techical descriptions have caused my eyes to start to glaze over…

So far I’m not impressed by what I’m reading and will not yet be (potentially badly) hobbling my pre-Haswell systems to protect against a risk I can’t even begin to quantify yet.

-Noel

4 users thanked author for this post.

HiFlyer, BobbyB, Sessh, Cybertooth

Reply | Quote

When I downloaded KB4056894 it was approx. 200MB.  I disk clean frequently so there shouldn’t be a lot of memory used up.  I  uninstalled the up date and the disk clean up said  4.87 GB.  What’s that  all about?

Reply | Quote

See Section “What Steps Should I Take to Help Protect My System?” in link at https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-157797 for Microsoft’s details on the changes to Windows.

Reply | Quote

[Question already answered but answer not seen.]

Reply | Quote

In the first place, why are M$ applying the Meltdown patch to AMD devices since AMD processors are not affected by Meltdown.?

Linux are not applying the KPTI/Meltdown patch to AMD devices.

2 users thanked author for this post.

HiFlyer, Seff

Reply | Quote

… continue …..

https://www.amd.com/en/corporate/speculative-execution
.

Variant One(CVE-2017-5753) Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

Variant Two(CVE-2017-5715) Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Variant Three(CVE-2017-5754) Rogue Data Cache Load(Meltdown) Zero AMD vulnerability due to AMD architecture differences.

The Windows patch from M$ is only to mitigate against the Variant Two and Variant Three bugs, as per this link …
https://www.ghacks.net/2018/01/05/find-out-if-your-windows-pc-is-affected-by-meltdown-spectre-vulnerabilities/
As stated by AMD, AMD processors do not really need the patch from M$-Windows. Seems there is a difference of opinions between AMD and M$.

Reply | Quote

The leaked story obviously put these fixes into a rapid release mode. I think most likely without enough testing. Considering that nothing is in the wild to exploit this, why not wait until the updates are stable and been beta tested more? I have begun to wonder if a option to just disable this side loading for some might end up being better. Personally I would like a choice myself to apply a fix or not. Since nothing is in the wild, I would prefer to wait until these fixes get fixed.

Reply | Quote

Soooooooo what does this mean?  Does the Windows Updater check to see if the user’s computer has an AMD or Intel chip?

I have an Intel Core i7-2600K chip and Norton (which has delivered the necessary registry entry).  I had, and as of a re-check now, still have the KB4056894 with check mark.

Am I still good to install?  Or, is the KB being pulled for everyone to be replaced with a KB usable by everyone?

1 user thanked author for this post.

rontpxz81

Reply | Quote

Microsoft is blocking the update to computers with certain AMD chips until the problem can be resolved.

However, even with an Intel processor, I would WAIT a while to install the updates. We are still at DEFCON-2

4 users thanked author for this post.

SueW, Bill C., geekdom

Reply | Quote

Microsoft yanks all of this month’s Windows patches for “devices with impacted AMD processors”

= For M$ to be able to do this, it means whenever M$ use Windows Update Service to scan the computers, M$ know which processors they are running.

Wonder what other computer data that M$ may be scooping up with Windows Update, besides which AV programs are running. In theory, M$ can scoop up every data that is on your Windows computer with Windows Update. Can you trust M$?

So far, we know that M$ scan for data about your hardware and software configuration, eg your Windows license is deactivated if you change the motherboard, or your Win 7/8.1 computers can no longer receive security updates from M$ if you are running Kabylake/Ryzen processors, or your computer may be bricked by M$ if you are running pirated Windows.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Read the Microsoft privacy policy. I explains what information is collected through Windows Update.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Update Services Privacy Statement

Reply | Quote

From Woody’s ComputerWorld article:
Since all of Microsoft’s patches now are cumulative (except the Win7 and 8.1 security-only manually downloaded patches), that means those who don’t pay for their antivirus product, or otherwise get thrown under the antivirus bus, won’t get any more Windows patches. Ever. And most will never know why.

Not sure which destiny is more tragic …

• To never ever receive those oh-so-fabulous Win Updates again in this universe; OR
• To be force-fed potentially/confirmed fatal (but nevertheless fabulous-as-usual) Win Updates, even though the compliant registry key is NOT set (ref: the case of the user below)

Ron (MS Technet- 08 Jan 2018):
I would say that only 20% of the machines are being offered the Meltdown and Spectre patch.  On the machines that are being offered the patches, I find no trace of the the QualityCompat registry key.

I have checked on the machines with the latest version of System Center Endpoint Protection client and on machines with older versions of the End Point client.  Is Microsoft not using the same registry key for their own AV products?

 

Reply | Quote

Has anyone managed to find Microsoft’s definition of “impacted AMD processors”?

Reply | Quote

Günter Born has published a list of those AMD CPUs that he’s seen reported: https://borncity.com/win/2018/01/08/windows10-update-kb4056892-kills-amd-systems-error-0x800f0845/

Browsing German forums, I found that only AMD CPUs are affected. Here is a list of AMD processors mentioned:

AMD Athlon 64 X2
Athlon 64 X2 4200+
AMD Athlon ™ 64 3800+
AMD Athlon 64×2 Dual Core 4400+
AMD Athlon Dual Core 4850e
AMD 4850e
AMD-Athlon 64×2 5200+
HexaCore AMD Phenom II X6 Black Edition 1090T
DualCore AMD Athlon 64 X2, 2000 MHz (10 x 200) 3800+
AMD Athlon(tm) 64 X2 Dual Core Processor 6000+

I’ve also seen Semprons mentioned a couple of times.

1 user thanked author for this post.

BobbyB

Reply | Quote

I have also seen the mobile Turion64 chip listed somewhere. That CPU was mainly used in netbooks, and since my netbook is Linux now, I am not worried about the MS patch for the Turion64.

Reply | Quote

Yes, thanks satrow, I’d seen that list but was interested to know what list Microsoft are working to or whether it is a blanket pull from all AMD machines. KB4056894 has now been withdrawn from my AMD Phenom II X4 955 Black Edition machine (supplied August 2009, and with a Nvidia graphics card). It remains offered but unchecked on my i7 – 2600 (supplied September 2011, and which includes an AMD graphics card).

EDIT: I have just done a new check for updates on my Intel machine and KB4056894 is now checked, which it wasn’t before.

I should add for the record that I have no intention of installing this update on any machine at present! I suspect that this episode may well tempt a lot of Windows 7 users to bring forward their own January 2020 plans and drop MS updates altogether – while there may be serious risks involved they may be considered to pale by comparison with the risks from MS!

Reply | Quote

OP has an updated compiled list here… https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1

Reply | Quote

1. The January 2018 Windows updates address all three vulnerabilities for the products listed at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002. That doesn’t mean that there aren’t other things that users also need to do. Note: 32-bit Windows products aren’t getting the Meltdown fix. Source: FAQ #7 at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002.

2. Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities has been modified to include the registry changes used to disable and enable the Spectre/Meltdown Windows fixes.

Reply | Quote

“Halt” would be proper description

Reply | Quote

Excuse me what? Am I understanding this correctly? So if you have a clean install of Windows with no antivirus, you won’t be able to install updates after December 2017 because of this registry key? That’s insane, you’d think that Microsoft, a multi bilionaire company with the world’s best engineers and programmers would come up with a better solution than that, right? Or am I missing something?

Edit to correct date Dec 2018 -> 2017

Reply | Quote

Yes, that’s correct
i don’t use any antivirus (Defender disabled), and had to add the registry key manually to get the update for Windows 8.1

Reply | Quote

Hi abbodi86,

Did you test on hardware (vs. virtual machine) and if so, what hardware, and did you detect significant performance changes?

-Noel

Reply | Quote

Hi Noel

i don’t do heavy tasks or gaming on my machine, merely some video encoding
and i did not notice any real impact
how one can test?

i have not recieved the Intel/BIOS firmware update yet

Reply | Quote

abbodi86 wrote:

how one can test?

If you do video encoding – do the same before and after the patch, then compare encoding time.

Other things to do is benchmarking – PC Mark (overall), 3D Mark (gaming), SiSoft Sandra, Cinebench and others…

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

1 user thanked author for this post.

abbodi86

Reply | Quote

What is troubling about the Monthly Rollup is that when a component of the update fails after installation, it is no longer possible to locate what element caused system crash. If the chip patch is bundled with several other patches today and if there are system failures, there will be problems determining exactly which patch causes failure.

The Monthly Rollup issue is not new. However, the difficulties in one giant patch (as opposed to numerous small ones) are highlighted with the obvious failure of the early chip patch.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

3 users thanked author for this post.

Elly, Karlston, Cybertooth

Reply | Quote

Noel Carboni wrote:

Has anyone to date doucmented how, in technical terms, these patches mitigate the vulnerabilities? Do they rewrite the microcode so that processors stop doing speculative execution? Do they change the browsers so that they can’t be compromised via Javascript? Do they make the kernel zero out buffers when they’re deallocated? What we have is wording like this (from the KB4056894 page for Win 7 / Server 2008):

This security update includes improvements and fixes that were a part of update KB4054518 (released December 12, 2017) and addresses the following issues:

• Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

And this (KB4056895 for Win 8.1, Server 2012):

This security update includes improvements and fixes that were a part of update KB4054519 (released December 12, 2017) and addresses the following issues:

• Security updates to Windows Kernel, Windows Datacenter Networking, Windows Graphics, and Internet Explorer.

Wouldn’t it be nice to know more about what’s technically being done to our computing environments so that we could understand the risks? Not only are there gotchas built into the cumulative “all or nothing” path, but there are also ramifications of the policy changes at Microsoft toward reducing technical documentation to “we fixed, it, trust us.” -Noel

4 users thanked author for this post.

HiFlyer, Elly, Noel Carboni, Cybertooth

Reply | Quote

I would consider it interesting that there’s a way officially provided to disable/re-enable the fix, once the patch is installed

Reply | Quote

I have an AMD Athlon desktop with an ATI RS690C chipset. It is not on any list that I have seen. Considering its age and the fact that it meets the computing needs of a certain family member right now, I will not be installing any patches from Microsoft on this system that is supposed to address the meltdown vulnerability. What is it that Microsoft did not understand when AMD stated that all their processors are not affected by meltdown.

Having chosen Group B allows me this flexibility. I was expecting the meltdown patch was going to be a standalone patch considering it is a kernel update and released out of band. Unfortunately, MS bundled it with other patches, [messing] both Group A and Group B.

Spectre is going to present us all with the same dilemma. AMD says their processors are affected by Spectre, but just slightly. I take that as meaning ‘a little bit pregnant’. It seems that a BIOS update will be required, but not made available to older processors (>5 years) – just wondering if MS will impose this condition … NO MORE SECURITY UPDATES FOR SYSTEMS THAT DO NOT HAVE THIS BIOS UPDATE INSTALLED – EVER!!!!

2 users thanked author for this post.

Cybertooth, Bill C.

Reply | Quote

About the Windows Meltdown fix: From https://twitter.com/aionescu/status/949748183927685120: “The x64 patches which have KPTI check if you have != Intel and don’t enable it. I have not looked at ARM64. […]”

Reply | Quote

Woody, to address a point you raised in your article – KB4056894 has been pulled from my AMD machine with a Nvidia graphics card, but is still offered (newly checked) on my Intel machine with an AMD graphics card.

Reply | Quote

The National Vulnerability Database gives each of the three speculative execution vulns a CVSS v3 severity base score of 5.6 on a scale of 10, with impact scores of 4.0 and exploitability scores of 1.1 on a scale of 10:

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5753&vector=AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5715&vector=AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5754&vector=AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

5 users thanked author for this post.

HiFlyer, Elly, AlexEiffel, SueW, AJNorth

Reply | Quote

I have a question that I think may be relevent to others that, like me, want to remain safe but are very skittish about the microcode and windows fixes (or have a more than 5-year old processor), and are very confident that all installed apps are not malicious. It seems that for people in this situation, the entry point for Meltdown and Spectre exploits boils down to the web browser. Everything I’ve read seems to indicate that the way this can happen is through Javascript. So, is a potential way to remain safe while not slowing down your computer simply by disabling Javascript? Or are there other ways outside of Javascript that a browser can be vulnerable? I’m thinking of installing extensions such as ScriptSafe or NoScript; I do understand that there would be a learning curve as I whitelist trusted sites that require JS. But I wouldn’t bother with these extensions if JS is not the only way that Meltdown and Spectre can do harm.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Installing an ad blocker would be a good idea.

If you disable JavaScript globally, a lot of websites won’t work properly. If you can handle script blocking with NoScript or similar, that would be a good thing to do also.

5 users thanked author for this post.

HiFlyer, AlexEiffel, Steve D., Microfix, AJNorth

Reply | Quote

Indeed!

For the Windows boxes under my care,  Firefox is the browser of choice (either the mainstream release or ESR), running uBlock Origin and NoScript, together with HTTPS Everywhere and the Privacy Badger (both from the EFF).

It is recommended to allow only those scripts necessary to obtain the desired access, and then only temporarily (that is, for that session).

6 users thanked author for this post.

Elly, AlexEiffel, SueW, Steve D., Microfix, MrBrian

Reply | Quote

Good advice for browser security to avoid the Spectre attack vector..

Windows - commercial by definition and now function...

Reply | Quote

I was remiss in not mentioning a rather nifty – and very useful – feature of NoScript: if one hovers over a detected script, holds down the shift button and then clicks on the Temporarily allow option (which will not enable the script), then a new window will open with evaluations of that script from several reputable sites; the bottom option, URLVoid Scan, itself runs the site associated with that script through thirty-four malware engines, or so.  A little extra effort up front can spare a great deal of aggravation later on… .

5 users thanked author for this post.

HiFlyer, Bill C., SueW, Cascadian, Cybertooth

Reply | Quote

With NoScript run it out of the box, click on the icon and just temporarily allow scripts you trust on trusted sites. That is it, if you allow permanently it will allow permanently those unwanted domains on other sites. This will help you a great deal and I would recommend it anyway.

Is it the only way you can be exploited (through Javascript)? No. Thats why there is a global panic right now. Bottom line, these exploits are hard to pull off, and as far as we know, not in the wild yet. Javascript would be the easy option with ads probably…

What to do? Wait. Keep your browsers up to date, install NoScript and practice normal safe routines. Let the patches have time to mature. It’s probably not time to panic – and millions will never even know, let alone be able to apply these patches. They won’t know, or their computers won’t get them for some reason.

None of us knows, really. Normal users are probably not the juicy targets. The big boys will have to apply all patches, and that may be why there is a lot of panic online. (Cloud providers, institutions, and so on – but we need them to do that for security reasons and they need to do that for security/legal reasons).

I have a question for anyone who knows: What happens when you update the kernel in a VM? (a: can the exploit overcome the virtual environment?, b: Your guest does rely/call on its host at the host kernel level?) (Or wouldn’t that matter?). We all are wondering about these things and they are hard to wrap your head around, that’s for sure.

2 users thanked author for this post.

SueW, PKCano

Reply | Quote

“I have a question for anyone who knows: What happens when you update the kernel in a VM? (a: can the exploit overcome the virtual environment?, b: Your guest does rely/call on its host at the host kernel level?) (Or wouldn’t that matter?). We all are wondering about these things and they are hard to wrap your head around, that’s for sure.”

From CPUs: information leak using speculative execution: “On the Intel CPU, I also have preliminary results that suggest that it may be possible to leak host memory (which would include memory owned by other guests) from inside a KVM guest.”

Reply | Quote

Thank you Mr. Brian. Oh oh !!!….of course, side channel exploits would read it anyway. This is getting to be a worry…if that guy is up to that, we shouldn’t get too complacent…onwards, I guess…do what we can, etc. Thanks for the link.

Reply | Quote

I have a stupid question, this patch (the meltdown/spectre patch)  counts as the January 9 one? (a.k.a  does it mean no updates for today?)

Reply | Quote

Patches are released at 10:00am PST US

Patches for Office, .NET, IE11 Flash, MSRT are also due.

Reply | Quote

I see, so we can expect more updates today, thanks for answering me.

Reply | Quote

@woody: there’s a recent ZDNet article about MS’s decision not to offer the Meltdown & Spectre updates for those using certain AMD processors:
http://www.zdnet.com/article/meltdown-and-spectre-now-microsoft-blocks-security-updates-for-some-amd-based-devices/

Reply | Quote

From Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines: “It’s not entirely clear what the documentation error is. There are some reports that users with very old AMD processors are seeing crashes because the Windows kernel is trying to use an instruction that the very earliest 64-bit AMD chips didn’t support. It’s not clear if this is the cause of suspension, but the bulk of the complaints do seem to concern older chips, so it’s certainly possible.”

Reply | Quote

Think I should probably be glad my old computer died on me late last year, then… It was nearly 7 years old with an AMD processor running Win7. With my luck, I’d have been SOL

Reply | Quote

Window 10 Pro w/ i7 Processor

I just updated Friday my December updates which included the Jan 3 meltdown patch. It got slipped in there just before I updated and everything appears to be running alright. Should I uninstall it or leave it alone. Any thoughts on this ?

Reply | Quote

I’d leave it as is.

1 user thanked author for this post.

bobcat5536

Reply | Quote

I wonder how the World’s banking sector is reacting to this?

Considering that lots of ATM’s (AMD and intel based hardware) run Win XP epos, is there a patch for these or Win XP in general?

Windows - commercial by definition and now function...

Reply | Quote

No. See https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-157813.

1 user thanked author for this post.

Microfix

Reply | Quote

I don’t think ATMs are going to be the big deal for banks.  I doubt any ABM providers still sell their units running XP, and most of the XP units should be end of life.  Likewise for Meltdown to work you’d need physical access to the machine to run code, which would require tampering.  Spectre’s worse, but the more useful of the two variants can be disabled via BIOS updates.

Reply | Quote

Here’s an interesting wrinkle.  I have both Panda Antivirus and Malwarebytes Anti-Malware installed.  (This was not initially by choice…I’d paid for just MWB Anti-Exploit, and the company decided to roll that into a combined product for the same yearly price.  It’s billed as being designed to work alongside traditional antivirus, and has always played nicely with Panda in the past, so I continue to run both.)

I noticed the other day, however, that I had been offered KB4056894 in Windows Update, despite the fact that Mr. Beaumont’s spreadsheet, and the documentation to which it linked, stated that Panda had not been certified compatible or updated yet to set the registry entry.

Going back to check the spreadsheet again, though, sure enough…Malwarebytes does.  So I have to assume it went ahead and set the key, triggering Windows Update to offer me the patch despite the fact that I still have an antivirus product that isn’t verified as compatible.

Users with layered security solutions should go over that list very carefully before assuming that seeing the patch in Windows Update means it’s safe to install it.

1 user thanked author for this post.

MrBrian

Reply | Quote

You should look to verify the Registry key is set. Even so, it might be a good idea to wait until the Panda is approved, or uninstall it altogether.

Reply | Quote

Yeah, it’s there.  Panda is supposedly working on the fix, which was planned for release today, but it doesn’t appear to have been rolled out yet.  I’ll install kb4056897 (security only) once it’s updated.

I’m just concerned seeing the monthly rollup appear in Windows Update, because it’s a pretty fair bet I’m not the only one in this situation.

Reply | Quote

“Let’s hear it for beta testing…”

Listen. Since Microsoft can’t afford to have even one single AMD machine to check the patch on, how on earth can they afford to pay for beta testing?

And why would they? They have never ever been billed for the countless hours wasted world wide by users trying to undo (or prevent) the damage forced upon them.

Reply | Quote

Just installed the Jan 2018 Windows patches on my ASUS PC with Win 8.1 OS 64-bit. Yes, even the dreaded Meltdown/Spectre patches.  All is well. Rebooted just fine, but got a hick-up when running the scheduled startup task “ASUS AI Suite 3” software.  Didn’t want to load any more, but no big deal as I never really used it.  Seems it doesn’t like the new Kernel update. A quick disable of the scheduled task using autoruns64.exe and the world did not come to an end.  Life is good.

Reply | Quote

ASUS AI Suites have gathered something of a reputation for being involved in BSODs, as have a number of other ‘utility’ software, esp. those that run at driver level.

Drivers known to cause BSODs (last updated during 2013, but the risks from more recent versions would remain similar): http://carrona.org/drivers/bsod_drivers.php

Reply | Quote

Interesting, my generic PC with NVIDIA graphics did not receive the Meltdown-Spectre roll-up patch when I installed my January patch Tuesday.  My other PCs with NON-NVIDIA, NON-AMD graphics received to roll-up patches.  Just wondering if MS checks to see if there is an NVIDIA graphics card along with an AMD graphics card and holds back the patch.  I was not aware of any NVIDIA issues with the patch.  Anyone else noticed this?

1 user thanked author for this post.

rontpxz81

Reply | Quote

I just visited my OEM support site to see if there is a BIOS update for Spectre available. Many products already have code available, however neither my laptop or desktop is listed. Both are Intel based and therefore affected. Looks as though the 5 year cutoff date announced by Intel is being adopted by my OEM.

The support forum is currently being besieged by some very angry customers. I can not see some of these customers embracing this OEM or Intel in the future.

So far it looks as though an unsupported system (for the Spectre BIOS update) will have been acquired before January 2013, no matter its processor gen type.

1 user thanked author for this post.

rontpxz81

Reply | Quote

The McAfee LiveSafe antivirus suite does set the required registry key.

Corporate customers support page.

Home consumer support page.

Reply | Quote

I had just cloned to an SSD last week when this problem surfaced.  It’s my brother’s little HP with an AMD 64 X2 4450e (I think) running Win 10 Home.  Once it received the KB4056892 update, it was stuck at the Windows logo on reboot as others have reported.

Just a couple of hours ago (4 pm cst) I re-cloned the SSD and tried again.  The system came up fine but, of course, before KB4056892 was issued.  As soon as Windows checked for updates, it downloaded KB4056892 again with the same result.

If MS has withdrawn KB4056892, why did my PC download it again at 4 pm cst?

Reply | Quote

woody wrote:

Instead, think about the people who can’t get their antivirus software updated for whatever reason —

Is antivirus software which can’t be updated very useful?

woody wrote:

Then think about those who don’t run antivirus software,

That was covered by advice from Microsoft in an article you linked to five days ago:

Customers without Antivirus
In cases where customers can’t install or run antivirus software, Microsoft recommends manually setting the registry key as described below in order to receive the January 2018 security updates.
Important: Windows security updates released January 3, 2018, and antivirus software

woody wrote:

That means those who don’t pay for their antivirus product, or otherwise get thrown under the antivirus bus, won’t get any more Windows patches. Ever.

Er, no.

Q3: How long will Microsoft require setting a registry key to receive the January 3, 2018, security updates?
A3: Microsoft added this requirement to ensure customers can successfully install the January 2018 security updates. Microsoft will continue to enforce this requirement until there is high confidence that the majority of customers will not encounter device crashes after installing the security updates.

(Same article. Do you read them or just link to them?)

woody wrote:

And most will never know why.

If they click the links but don’t read the provided documentation?

Reply | Quote

So I cannot install KB4056897 (the Security-only update for Win 7) as part of Patch Tuesday for now?

Reply | Quote

Looks like another pile of patches is out today. With Office installed I now see 12, including the Meltdown security rollup. Some are small Office patches, but others look substantial.  I am holding off on all of them for a few days to see what happens.

Reply | Quote

While KB4056894 was previously unchecked on my AMD machine and then pulled yesterday, today it’s offered again and this time it’s checked.

As before, it’s offered checked on my Intel machine (which has an AMD Radeon card).

No action intended yet, of course.

1 user thanked author for this post.

MrBrian

Reply | Quote

KB 4056892 is now offered again via windows update for x64 (i have an amd FX). On the contrary, for my amd athlon (x32) the update is not…

Reply | Quote

From Windows operating system security update block for some AMD based devices:

“Microsoft has resumed updating the majority of AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown.

A small subset of older AMD processors remain blocked to avoid users getting into an unbootable state after installation of recent Windows operating system security updates. Microsoft is working with AMD to resolve this issue and should resume Windows OS security updates to this subset of AMD processors via Windows Update and WSUS by next week. For AMD device-specific information please refer to AMD’s Security Advisory.”

Reply | Quote

Perhaps this is quite late addition but just leave it as it is :

Concerning  the problematic Windows 7 (x86) updates on an Athlon XP 3300+ (and on its variants) – these kinds of x86 AMD CPUs are/were also affected by the “unbootable state issue” after having applied the spectre patch.   Nevertheless, x86 CPUs of that generation mainly do not support SSE2 either, and as well not the Nx feature (and no PAE), so this decisive and essential “event” – if we call it so – is or was the final kick for anybody to move on from legacy hardware to a new current, means half-way modern machine with proper 64Bit support (concerning daily windows and internet comms use, means being able to use a modern supported OS). No old Athlons by all means. To something which is not on the “issues” list for these spectre patches.

Reply | Quote