Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

Topic

New Reply

For most of you, Steve Gibson needs no introduction. For the rest of you, look here. Steve has a new scanner, just out, that claims to scan your PC an
[See the full post at: Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility]

15 users thanked author for this post.

Fred, Cascadian, Ascaris, MrToad28, Karlston, JDeC, BobbyB, SueW, Microfix, AJNorth, Elly, Pepsiboy, MrBrian

Reply | Quote

Replies

Works well but an interesting thing pops up.  According to Gibson when run on a 32 bit version of Win 7, 8.x or 10 you get this info in the scroll window

“At the time of this release Microsoft HAS NOT addressed these problems” (both MELTDOWN and Spectre) “IN ANY WAY on 32 bit versions of their operating systems …..”

In other words neither the KB4056894 roll-up or the KB4056897 security only update for Win 7 (or the corresponding KB’s for W8.x or W10) do a d**n thing to stop the MELTDOWN bug on 32 bit Windows systems.  Haven’t seen that pointed out anywhere!!!

Viper

3 users thanked author for this post.

JDeC, Great Lake Bunyip, woody

Reply | Quote

I can’t remember where I saw it, but this has been pointed out in MS documentation somewhere. 32-bit is not protected.

Reply | Quote

Microsoft has not yet addressed Meltdown for 32-bit Windows. See FAQ #7 at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002.

2 users thanked author for this post.

Great Lake Bunyip, woody

Reply | Quote

From what I have been reading online, I am not entirely sure that they can. I guess we will have to wait and see.

Reply | Quote

I came across the following github article which is pretty good about explaining the Meltdown and Spectre variants, what patches are currently available and which should eventually become available, and what won’t ever be patched:

https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9

The article warns that “32-bit windows does not have Meltdown patches. Beware.”

3 users thanked author for this post.

Great Lake Bunyip, SueW, woody

Reply | Quote

This tool likely does not cover CVE-2017-5753, which is Specter variant 1. According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

2 users thanked author for this post.

Great Lake Bunyip, woody

Reply | Quote

For those interested in the technical details, two Intel papers are linked to in posts https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-159446 and https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-159474.

1 user thanked author for this post.

Fred

Reply | Quote

Mr Brian said:
According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

Are there any characteristics or clues common to programs (other than web browsers) that might be vulnerable to CVE-2017-5753 ?

For instance, internet-facing programs such as email readers, RSS/feed readers, chat messengers, streaming audio/video/podcast players, file download managers, cloud drive managers, weather/traffic updates aggregators, etc. ?

Also, many non-internet-facing programs often try to connect to the internet for update checks, to send telemetry data, & what not. Would such programs be vulnerable to Meltdown-Spectre exploits ?

Reply | Quote

From https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html: “Examples of targets which may require patching include the operating system and applications which execute untrusted code.”

Reply | Quote

MrBrian said:
applications which execute untrusted code

Thanks. How can end users who can’t read IT source code tell which applications contain or are prone to executing untrusted code ?

Also, what about the numerous closed-source applications whose code are not supplied for everyone to inspect ?

Would the above-quoted scenarios be cases that will fall under & remain in the category of unknown unknowns ?

Reply | Quote

You’re welcome :).

You don’t need the source code. Instead, this refers to program (including script) execution from sources that you don’t consider trusted. Any program that allows scripts from untrusted sources would be included. An example: web browsers.

Reply | Quote

Mr Brian said:
Any program that allows scripts from untrusted sources would be included. An example: web browsers.

1) So would feed/RSS readers (or any application) with built-in browsers that can render full webpages be vulnerable to Spectre variant CVE-2017-5753?

I’m thinking that they could be, but so far, none of such feed readers have mentioned this issue, or released any updated version since the Meltdown-Spectre disclosure. And unlike most normal web browsers, it is not possible to block JavaScript, or enforce 1st-party site isolation in feed readers.

2) Even if 1st-party site isolation is enforced in web browsers, how would we know if the site itself does not host any malicious script? There is a possibility that websites (including trustworthy ones) may get hacked & injected with malicious code, right? Is  totally blocking JavaScript (which might be necessary for the website to work properly) the only way to prevent Spectre-enabled attacks?

3) There are lots of non-web browser applications that can interpret JavaScript, including PDF readers, office productivity suites, text editors, graphics editors, desktop publishers, Electron-based programs, chat messengers, game engines, etc.

Let’s say 1 PC on the local network somehow has malicious script. So when another PC (with at least 1 application containing an embedded JavaScript interpreter) connects to & browses this infected PC, would it be able to execute the malicious script & thus be subjected to Spectre side-channel attacks?

Thanks !

Reply | Quote

“1) So would feed/RSS readers (or any application) with built-in browsers that can render full webpages be vulnerable to Spectre variant CVE-2017-5753?”

I would think so, but it might be sufficient that the underlying rendering engine (example: Internet Explorer) is mitigated.

“2) Even if 1st-party site isolation is enforced in web browsers, how would we know if the site itself does not host any malicious script? There is a possibility that websites (including trustworthy ones) may get hacked & injected with malicious code, right? Is totally blocking JavaScript (which might be necessary for the website to work properly) the only way to prevent Spectre-enabled attacks?”

You can’t guarantee that the site itself won’t host a malicious script, right, and I think so, respectively (assuming you also don’t allow Flash or other programmability elements). Here is Google’s explanation of how site isolation helps though.

“3) There are lots of non-web browser applications that can interpret JavaScript, including PDF readers, office productivity suites, text editors, graphics editors, desktop publishers, Electron-based programs, chat messengers, game engines, etc.

Let’s say 1 PC on the local network somehow has malicious script. So when another PC (with at least 1 application containing an embedded JavaScript interpreter) connects to & browses this infected PC, would it be able to execute the malicious script & thus be subjected to Spectre side-channel attacks?”

I don’t think so. Have you seen any references that suggest this?

Reply | Quote

Following your link led me to Mr. Gibson’s page. All appeared normal until I clicked on the download button, which appeared to be a valid target when I moused over it.

Then my Kaspersky AV spoke up, rather stridently. It doesn’t do so very often, as I am a prudent surfer. What follows is the contents of the incident .txt file:

16.01.2018 04.08.52 Download blocked https://www.grc.com/files/InSpectre.exe Object name: HEUR:Trojan.Win32.Generic Object: https://www.grc.com/files/InSpectre.exe Application: Google Chrome Object type: Trojan program Time: 1/16/2018 4:08 AM

16.01.2018 04.08.52 Object (file) detected https://www.grc.com/files/InSpectre.exe Object name: HEUR:Trojan.Win32.Generic Object: https://www.grc.com/files/InSpectre.exe Application: Google Chrome Object type: Trojan program Time: 1/16/2018 4:08 AM

4 users thanked author for this post.

JDeC, Great Lake Bunyip, ryegrass, woody

Reply | Quote

It is a false positive.

4 users thanked author for this post.

HiFlyer, JDeC, Great Lake Bunyip, woody

Reply | Quote

VirusTotal results here:

https://www.virustotal.com/en/file/f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372/analysis/

 

Reply | Quote

I would still say it is a false positive due to the nature of the program.  Submit the URL to Kapersky so they can directly evaluate it – they should recognize the author.

1 user thanked author for this post.

HiFlyer

Reply | Quote

The utility/tool has been updated in an attempt to get past AV false positives, and the page now contains a warning to only download it from the source, not 3rd-parties!

Check it out here

Release #1 — Initial release:
The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.
Release #2 — Second try:
This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let’s see how this second try fares.

And further to my post abt 21hrs ago, it has been downloaded another 24,000 times. 🙂

3 users thanked author for this post.

Lori, SueW, HiFlyer

Reply | Quote

Again updated:

Release #3 — Raw Technical Data Display:
InSpectre’s more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine’s CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector’s analysis of its operating environment.

2 users thanked author for this post.

SueW, MrBrian

Reply | Quote

Release #4 — Silent System Probe Option:
Last Updated:: Jan 17, 2018 at 16:00

When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed. The application will assess its hosting system’s status, then immediately terminate itself returning a decimal exitcode which encodes eight “trouble bits” itemizing trouble.

1 user thanked author for this post.

SueW

Reply | Quote

From Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems: “Currently three exploits have been demonstrated as technically possible. In partnership with our silicon partners, we have mitigated those through changes to Windows and silicon microcode.” Notice that Microsoft modified Internet Explorer and Edge to mitigate CVE-2017-5753. This demonstrates the point that I mentioned in an earlier post: each program that might be vulnerable to CVE-2017-5753 needs to have mitigations provided in an updated version of the program.

5 users thanked author for this post.

Microfix, HiFlyer, Noel Carboni, Great Lake Bunyip, woody

Reply | Quote

So it says I’m protected against Meltdown, but am vulnerable to Spectre. I have an Intel based machine with Windows 8.1 Pro x64. What can I do?

Reply | Quote

For Spectre variant 2 (CVE-2017-5715), you need the Windows January 2018 updates, and also a CPU microcode update.

For Spectre variant 1 (CVE-2017-5753), you need the Windows January 2018 updates, and also updates for each program that might be vulnerable to CVE-2017-5753.

6 users thanked author for this post.

HiFlyer, Kirsty, Great Lake Bunyip, abbodi86, woody, Karlston

Reply | Quote

PKCano wrote:

I can’t remember where I saw it, but this has been pointed out in MS documentation somewhere. 32-bit is not protected.

Well they have certainly buried that info very well cause I have looked for that from the git-go when MS tended to make it sound like it was more of a 64 bit issue in their notes (more by wording inference that reference).  Since MS offered both 32b and 64b bit versions of the out of band 1/4/2018 emergency Meltdown patches they should have CLEARLY spelled that out. I would bet that 99% of users that are even aware of these bugs think that Window 32 bit systems have a Meltdown fix when the MS updates are applied.

Viper

Reply | Quote

This information wasn’t in the original release of https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002. That info was added on January 5 via FAQ #7.

Reply | Quote

Here’s the link (from @mrbrian)

Reply | Quote

DO NOT DOWNLOAD OR RUN

Virus Total says it may be malicious. This could be a “False Positive” but I would wait to see what others are saying before downloading and running!

https://www.virustotal.com/#/file/f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372/detection

1 user thanked author for this post.

Great Lake Bunyip

Reply | Quote

The tool downloaded from Steve Gibson’s site is SAFE.

14 users thanked author for this post.

Lori, Microfix, HiFlyer, JDeC, Great Lake Bunyip, BobbyB, abbodi86, SueW, woody, AJNorth, wdburt1, David F, Elly, satrow

Reply | Quote

Yep, any tool 🙂

2 users thanked author for this post.

Microfix, HiFlyer

Reply | Quote

Norton AV puts up a fuss too.  It specifically mentions that the software has not been tried by enough users to be scored.

1 user thanked author for this post.

Great Lake Bunyip

Reply | Quote

MrBrian wrote:

This tool likely does not cover CVE-2017-5753, which is Specter variant 1. According to Intel’s technical documents, the mitigation for CVE-2017-5753 needs to be done by program updates for each program that might be vulnerable to CVE-2017-5753.

Yep there it is and ya a gotta love MicroBrain.  Referenced as just CVE-2017-5754 in the notes as not applying to 32 bit.  Not as “Meltdown” or even “CVE-2017-5754 – Rogue data cache load” at that point in the doc.  They couldn’t have made it more obscure and hard to notice if they had tried to.

Viper

Reply | Quote

anonymous wrote:

DO NOT DOWNLOAD OR RUN Virus Total says it may be malicious. This could be a “False Positive” but I would wait to see what others are saying before downloading and running!

It’s safe.  Some AV’s will warn on it when run.  I use panda 2017 and it did on the first machine I ran it on.  It happens because the “InSpectre.exe” exec file is not in many AV’s cloud databases as safe yet

4 users thanked author for this post.

JDeC, Great Lake Bunyip, woody, satrow

Reply | Quote

ViperJohn said:
It happens because the “InSpectre.exe” exec file is not in many AV’s cloud databases as safe yet

On a sobering note (… not talking about InSpectre), the 2017 CCleaner hack shows us that if the binaries are hacked at the backend & then released undiscovered, most antivirus will still duly catergorize them as safe due to the good reputation of the developer.

For the CCleaner case, I recall that only 1 antivirus (can’t remember which) amongst the long VirusTotal list repeatedly flagged the compromised CCleaner as a trojan over the 1 month that the hack went undiscovered. If I saw the result back then, I would probably think that it was a false-positive.

Reply | Quote

anonymous wrote:

So it says I’m protected against Meltdown, but am vulnerable to Spectre. I have an Intel based machine with Windows 8.1 Pro x64. What can I do?

Right now everyone is vulnerable to Spectre 1 and 2.  You will need to apply firmware updates, when they become available (and are proven not to dork your system)  to mitigate the Spectre variants.

The probable primary attack vector for “John Q. User”, at least initially, will be your Web Browser. IE11 has an MS mitigation update, as does the latest version of Firefox 57 and Firefox ESR 52.x for both Meltdown and Spectre timing attacks.  I do not use Chrome so no clue about it.

Viper

Reply | Quote

But isn’t the Google Repotline “fix” enough to prevent spectre 2 without needing even to apply microcode patches to the cpu ?
( and microcode patches are needed just for spectre 2, I think ).

If that works as they claim (and they say is in production on all their cloud servers since december)…

Reply | Quote

Windows doesn’t implement Retpoline, according to Alex Ionescu‏ on Twitter.

2 users thanked author for this post.

Great Lake Bunyip, woody

Reply | Quote

But they can implement it, if they want.
The method etc is freely released… are we going to be taken as idiots , from microsoft, without raising complaints ?

afaik linux kernel moved to repotline 2 or 3 days ago

Moreover, surely there are cloud servers based also on windows. Are those paying clients be happy to stay on a windows solution with a speed decrease and cost increase, or would they just move to google – amazon ?
Money doesn’t grow on trees.. it’s in ms interest to use the repotline fix in place of their “less performant” fix, at least for business/corporate users.
But at that point, the rest of the crowd is entitled to it, too…

Reply | Quote

An interesting fact about retpoline (from the Intel whitepaper): “For Intel ® Core™ processors of the Broadwell generation and later, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective.”

4 users thanked author for this post.

Kirsty, Great Lake Bunyip, mazzinia, woody

Reply | Quote

MrBrian wrote:

This information wasn’t in the original release of https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002. That info was added on January 5 via FAQ #7.

Awh heck … I read that on the 3rd or 4th so no wonder I didn’t see it.

Reply | Quote

Lots of AV engines reporting inSpectre.exe as malicious.

https://www.virustotal.com/#/file/f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372/detection

Here’s why

https://www.hybrid-analysis.com/sample/f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372?environmentId=120

Sophos is blocking this at present.

Reply | Quote

Running Win 7 x64 and Win 10 x64. On the 7 computer Norton gives it a clean bill of health, no problem. On the 10 computer, Norton freaks out and deletes the file. Norton version is the same on both computers. Don’t know what gives there, why alright on one and not the other. I have noticed this happening before on certain files. Antivirus scans are not accurate, when using same identical version on 2 different computers. Just plain weird.

Reply | Quote

I don’t yet recommend installing the January Meltdown/Spectre patches from Microsoft just yet,
Woody, those of us with Win 10 ver 1709 are still awaiting your OK to update since 12/2017. The last update you OKed for Win 1709, if I’m not mistaken, was that of 11/2017.

Edit to remove HTML

1 user thanked author for this post.

woody

Reply | Quote

I don’t believe Woody “blessed” the Dec CU for 1709, don’t think they fixed it.
Wait for the Jan go-ahead. The patches are cumulative, so you won’t have missed anything.

1 user thanked author for this post.

woody

Reply | Quote

People may want to wait a day or two before trying InSpectre so the various AV programs can learn about it.

I downloaded it and scanned with McAfee and Malwarebytes and found nothing amiss but when I run the exe McAfee quarantined it. After rechecking this thread I unquarantined it and ran it. I got some info on my computer okay but McAfee again wanted to clean it – claiming it was an Artemis rootkit.

I let the AV clean it and ran a quick virus scan of system. No problems.

-firemind.

Reply | Quote

Tool blocked by Sophos as it contains “Mal/Dorf-A” according to the software scan. It is also blocked on IE11 by the ‘smart screen filter’ when attempting a download. This is on a Windows 8.1 machine with all but the most recent updates.

Reply | Quote

Pardon me but which patch update is the one for meltdown/spectre for Windows so I know it’s KB number so I am aware it’s in with my hidden updates I’ve hidden away? I just want to know in case.

Reply | Quote

That depends on the version of Windows you are running.
For Win7/8.1 it is called “2018-1 Security Monthly Quality Rollup for Windows.”
For Win10 it will be “Cumulative Update for Windows.”

Reply | Quote

Actually PK-I got WIndows 10. So what is the KB number for the cumulative update and follow up-when were at Defcon 3-Will it be safe to install the cumulative update or so along with the other monthly updates (Minus the win 10 1709 update which I keep hidden and secure)?

 

 

Reply | Quote

If you are asking for the January patch for Win10 v1709 it’s KB4056892 for Build 16299.192

For further Reference see the Win10 Update History page. It has all the KB numbers.

Reply | Quote

So, a bit confused here. Installed the Jan. 3 update for Windows 10 and Gibson’s tool says I’m alright on the Meltdown but not on Spectre. If I’m not mistaken, that fix has to be in the BIO.

I have a Dell computer that updates regular through Dell Update. Is Dell supposed to take care of this or is this up to the consumer to update this. My Windows 7 is an HP and older with no support of any kind still active. I have not installed the Jan. updates yet, so it reads negative on both counts.

Reply | Quote

“I’m alright on the Meltdown but not on Spectre. If I’m not mistaken, that fix has to be in the BIO.”

For Spectre (Variant 2), CVE-2017-5715: yes, that fix has to be in the BIOS, and yes, Dell is supposed to make the fix available.

As to your HP: I have an HP as well (Haswell, 10/2014) and have been checking this link periodically: https://support.hp.com/us-en/document/c05869091 for any BIOS/microcode information.  This is HP’s security bulletin for systems with Intel x86 processors and is updated periodically, although it’s been at version 4 since 1/12/18.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

bobcat5536

Reply | Quote

Just for interest’s sake I gave this little utility a try.  I hadn’t installed any Windows Updates for this month so far (Windows 7 Professional). But, I have installed the latest BIOS update – “Update CPU Microcode” – for my motherboard a couple of days ago.

InSpectre said I was vulnerable to both Meltdown and Spectre.

Then, I installed the security only update KB4056897 from MS and now InSpectre says I am no longer vulnerable to Meltdown and Spectre but at the cost of a performance decrease.

Funny thing is, after a refresh, my Windows Experience Index is exactly the same as it was before I installed this month’s security update rollup – 7.7 (everything rates at 7.9 except the processor which is an i5-7600 Kaby Lake) and I haven’t noticed any slowdown in the 15 minutes or so that I tested things.

After that, I restored a Macrium Reflect image taken before I installed the security update so I’m back to being vulnerable again but I’m just going to sit and wait until we get the all clear from Woody.

Reply | Quote

Using Edge or IE Windows 10 build 17074 SmartScreen blocks the download as unsafe.

--Joe

Reply | Quote

Martin Brinkmann has also posted an article on Steve Gibson’s InSpectre at gHacks: https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/ .

3 users thanked author for this post.

Microfix, Elly, woody

Reply | Quote

I have installed the January 2018 Security Only update on all three of my Intel Haswell Core I-5 machines. Two are desktops and the other is a laptop. It has been a week, and no issues so far since it turns out that Panda AV was inherently compatible after setting the required registry key. I have noticed some slowdowns in some situations, such as copying a plethora of small files from one location to another. Yesterday I took a chance and installed the January 2018 Security Only update on my AMD desktop. No issues so far, thank goodness. I need to test the AMD machine for a week in order to see if it remains stable.

I am not suggesting that anyone install the January updates just yet. Do so at your own risk, and make sure that you have a way to recover if Windows won’t boot.

7 users thanked author for this post.

Cascadian, Noel Carboni, SueW, AJNorth, amraybt, Elly, MrBrian

Reply | Quote

Which Security Only patch are you referring to?
Win7 4056897 or 4073578 (1/12)?
Win8.1 4056898 or 4073576 (1/10)?

Reply | Quote

@GoneToPlaid

How can you tell if Panda AV automatically sets the registry key? I have Panda free and it doesn’t look like the keys been set. What makes this especially bad is that I lack the skill to willingly try setting it myself.

Reply | Quote

I don’t use Panda, I use TrendMicro. I had to update the Program (engine, not just the definitions) to get it to set the key. The older engine didn’t do it. You might try that.

The other thing that could keep you from seeing the Jan updates is your processor. Microsoft is blocking certain AMD processors because the updates cause a BSOD.

Reply | Quote

Thank you @PKCano, I’ll look in to that. I never really thought about the version of the program being the problem.

Reply | Quote

@PKCano

I’m the person that asked about Panda AV and as far as I can tell I have the latest free version. You also said it could depend on whether my processor was AMD or Intel, I have an Intel Pentium dual core E2180. But as of 2 days ago I could pull down the 1-2018 rollup in WU. Even though as I said in my anonymous post, I don’t have the registry key. That shouldn’t be possible, should it?

Reply | Quote

Panda has not yet set the registry key. I have tested the 2016 and 2017 free versions of Panda Antivirus, and 2016 and 2017 Panda Internet Security. There have been absolutely no issues so far, after a full week of testing on my various computers.

Note that if you also have any other AV products aside from Panda installed, you should uninstall them for the time being. For example, the latest free version of Malwarebytes is supposed to be compatible with the January update, but I discovered that it is not. Well, that was a week ago. Maybe Malwarebytes has fixed the issue.

Attached is ZIP file which contains a text file called “Meltdown and Spectre Set Registry Key.reg”. All .reg files are text files which you can view in Notepad or any other text editor.

The contents of Meltdown and Spectre Set Registry Key.reg is what is shown below in between the two rows of asterisks.

***************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionQualityCompat]
“cadca5fe-87d3-4b96-b7fb-a231484277cc”=dword:00000000

***************************

Note: I tried copying and pasting the above lines in between the asterisks into Notepad, but the quotes did not paste as ASCII quotes. Thus, use the reg file in the attached ZIP file.

You can copy and paste the above lines which are in between the two rows of asterisks into Notepad, and then save the file as Meltdown and Spectre Set Registry Key.reg. Or you can simply use the reg file which is in my attached ZIP file and which is identical to the above. In either case, you simply right-click on the .reg file and then select Merge in the popup in order to merge the file into your Windows registry. Windows will ask you if you are sure that you want to continue. Click Yes. You do not need to reboot after doing the above.

After doing the above, go to Windows Update and check for updates. Windows Update will now show the January Monthly rollup. I chose to hide this rollup. After hiding this rollup, I then manually downloaded and installed the January Security Only update from the Microsoft Update Catalog.

If you are running Windows 7 64-bit, then here is the direct download link for the January 2018 Security Only update:

2018-01 Security Only Quality Update for Windows 7 for x64-based Systems (KB4056897)

 

 

1 user thanked author for this post.

Moonbear

Reply | Quote

Thanks for the breakdown @GoneToPlaid, for about a week I was convinced I had somehow messed up my Panda free AV because the Meltdown page on their site at 1st glance makes it look like the key should have been switched on the 9th. I’m in group A when it come to Windows patches, will anything be messed up by installing the security only update?

Reply | Quote

The security only patches have the same required key. However. the lack of the key does not prevent manual installation – AT YOUR OWN RISK. If you go this route, you will need to install the IE11 Cumulative Update as well. It is download from the Catalog, install manually also.

Reply | Quote

Ok, thats what I thought. In that case I’ll stick with rollup. One last thing at the moment, when I check WU the January rollup is still dated from the 4th, is that accurate?

Reply | Quote

I believe that date is correct. However it is my understanding the Rollup did not receive the fix for AMD. It will do so in the next release. There may be some more out of band releases, so WAIT to install until we know what’s going on.

1 user thanked author for this post.

Cascadian

Reply | Quote

Ok, I’m locking down for the time being. At the moment I’m way more worried about the patches than the actual vulnerabilities.

Reply | Quote

Question: While we are awaiting the go ahead to install the January Win 7 Monthly Rollup, wouldn’t it be a good idea to install the other January updates (5 MS Office & Malicious Software Removal Tool), and manually download/install the IE11 security only update KB4056568 since IE is a possible entry point?

Or, do these also have issues?

Also, I have received a Security and Quality Rollup for .NET Framework KB4055532 but it is not checked? Anyone know of issues?

KR

Reply | Quote

We have been so involved with the Meltdown/Spectre vulns and the rushed Windows patches that we have had little focus on the Office or IE patches to know if there are any problems. There have been problems with some of the .NET Rollups.

But, MS-DEFCON settings apply to ALL the January patches.

4 users thanked author for this post.

HiFlyer, GoneToPlaid, SueW, Elly

Reply | Quote

So not to be argumentative, but if no one is separtely reviewing or commenting on these other items especially the IE update that closes one of the main access to deliver these safety concerns to home computers, should’nt we consider installing them now as we will have no better info down the line when Defcon goes to 3?

FMI if I install the separate IE only security update KB4056568 which is included in the January Monthly Rollup KB4056894 will it cause any problems when we get the go ahead to  install KB4056894?

Reply | Quote

None of the vulnerabilities are being exploited in the wild at this time.
We are still on DEFCON 2, which means WAIT.

Reply | Quote

“None of the vulnerabilities are being exploited in the wild at this time.”

From https://twitter.com/GossiTheDog/status/952206579373432832: “CVE-2018-0802 (new Equation Editor exploits) in wild now. Exploit which embeds any .exe and runs, using OLE Packager.dll function […]”. Also see “Exploitability Assessment” section at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802.

 

Reply | Quote

anonymous wrote:

FMI if I install the separate IE only security update KB4056568 which is included in the January Monthly Rollup KB4056894

Will installation of the IE11 Security only Update prevent exploitation of the Equation Editor?

Reply | Quote

“Will installation of the IE11 Security only Update prevent exploitation of the Equation Editor?”

No. See “Affected Products” section at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802.

Reply | Quote

Then my answer/advice is still WAIT to install KB405656, the IE11 Security only Update

Reply | Quote

I’m trusting my instincts on this, usually, and in the past, Steve Gibsons site is a cut above many others when it comes to security checks and utilities (Respect to Steve). BUT, I’m keeping on DEFCON 1 due to the fact there are too many erroneous fixes related to Meltdown/ Spectre.

Firstly Intel, MS, then 3rd Party AV’s in conjunction with NO BIOS updates from Motherboard manufacturers (for our mobo’s) and now AV’s throwing false positives for something that is supposed to fix a problem. This could potentially be made worse by miscommunication between all the parties concerned AND create more problems later once a proper fix is established. There’s a possibility that overcomplicating ‘a fix’ by numerous sources can have a detrimental affect on PC’s, therefor, making future troubleshooting an absolute nightmare!

My advice is to stick to Woody’s MS-DEFCON system. Anti virus programs have issued fixes in updates which can easily be reversed should there be a problem further down the line.

If debian is good enough for NASA...

Reply | Quote

You forget the BROWSERS which will probably be the first point of exploit. And any other program that uses the instructions.

2 users thanked author for this post.

satrow, Microfix

Reply | Quote

Yup, more importantly Browsers and Javascript. Thanks PKCano

If debian is good enough for NASA...

Reply | Quote

Pale Moon Forum site says,

“Pale Moon already set the granularity for the performance timers sufficiently coarse in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.

Pale Moon also, by design, doesn’t allow buffer memory to be shared between threads in JavaScript, so the “SharedArrayBuffer” attack is not possible.”

I’ve been using Pale Moon as my primary browser… it works well for my needs…

Non-techy Win 10 Pro and Linux Mint experimenter

5 users thanked author for this post.

Cascadian, Sessh, Noel Carboni, Cybertooth, satrow

Reply | Quote

Same here, Pale Moon is a decent browser, especially if also augmented with uBlock Origin. I like that it already dealt with the issues – months ago – now having to be patched in a hurry in FireFox, Chrome…

-Noel

3 users thanked author for this post.

Cascadian, Elly, Sessh

Reply | Quote

I downloaded Pale Moon to try it out, since enabling the Strict Site Isolation flag that helps protect against Meltdown and Spectre has slowed down Chrome on my Windows 7 64 bit laptop. Definitely faster.

But I was surprised to see that PM uses the NPAPI version of Adobe Flash. I thought NPAPI plugins were considered unsafe these days? Do you know if/how these are impacted by the vulnerabilities?  I can’t find any info on this.

I’ve gotten so used to Chrome’s built-in, self-updating PPAPI Flash. Not sure I want to mess with separate Flash updates again.

 

Reply | Quote

I have switched to Pale Moon as well and although there are little things that don’t quite work right (smileys on this forum don’t display properly and appear as little squares with two rows of letters/numbers inside), I generally like it. It’s been a long time since I used a Firefox-based browser on a regular basis, but I’m finding that I really missed it. What I don’t miss is not being able to shut off auto updates and trying to avoid them due to not being able to trust Mozilla not to remove features I liked and generally degrade the browser.

I don’t have to worry about that with Pale Moon and update it soon after I am notified that an update is available. I do like Slimjet (Chromium) a lot too and it generally works just a little bit better, but it’s just a little bit. I think I’ll be staying with Pale Moon until it gives me reason to look elsewhere.

2 users thanked author for this post.

Elly, Cybertooth

Reply | Quote

Waterfox latest version (56.0.2) also has the timing granularity increased to foil attacks with Spectre, same as Firefox and, as I learn here, Pale Moon. I do not know if the second feature, it seems already available in Pale Moon and for some time now, that does not allow buffer memory to be shared between threads, has been implemented already in Waterfox as well. It would be there, almost certainly, if it has been put also in Firefox.

I have installed recently Waterfox in both the Mac Sierra and the Windows 7 PC. But not Pale Moon, which is only for Windows, in the PC, yet. So far, quite happy with Waterfox.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Do I understand correctly that Spectre is only being fixed by BIOS updates? Because, if so, and that remains true, that is horribly irresponsible. The vast majority of people do not patch their BIOS and wouldn’t even have the technical know-how to do it safely.

Still, if this is true, then what does the button to Enable Spectre Protection in this app actually do?

1 user thanked author for this post.

Microfix

Reply | Quote

For Spectre variant 2, Windows users need both the microcode update and Windows update. That setting probably controls whether Windows support for Spectre variant 2 is enabled.

Spectre variant 1 has been addressed in other comments in this topic.

1 user thanked author for this post.

Microfix

Reply | Quote

Hello Woody, Thank you for your excellent work and to those here that help here.

You said, “For most of you, Steve Gibson needs to introduction.  (no introduction)

You meant: “For most of you, Steve Gibson needs no introduction.”

1 user thanked author for this post.

PKCano

Reply | Quote

Fixed it. Thanks

Reply | Quote

Nice little utility, confirmed what I already knew but nice to have such a easy tool to check. Unfortunately one of my PC’s probably won’t ever get a firmware update to address the Spectre threat.

Reply | Quote

Just making sure, after glancing through the comments here: On a 32-bit system, installing the January update would be entirely pointless from the point of view of mitigating these vulnerabilities, right? So possible bugs, likely performance loss at some leve lor another, but zero gain, hence don’t. Or did I miss something?

Why did MS release that fix for 32-bit too then? I mean, what’s even in it? Wouldn’t it have made sense for the 32-bit file to not contain that part, assuming there was anything else in it, or to not be released at all if there was nothing else tackled?

Reply | Quote

There were other fixes in the patch beside the Meltdown fix

1 user thanked author for this post.

abbodi86

Reply | Quote

The updates for 32-bit Windows operating systems do address Spectre. See FAQ #7 at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002.

1 user thanked author for this post.

Microfix

Reply | Quote

An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited. But given those conditions, the attacker would have access to the information protected by the TPM, such as cryptographic keys.

 

Is this true for both variants?

Reply | Quote

That is a different issue.

Reply | Quote

Dumb question from a non-techie regarding both these vulnerabilities. If the only attack vector for both is via javascript in browsers, why cannot updated browser(s) with script blockers and updated decent antivirus deal with the issue vs. cobbling the O/S and processor with updates which aren’t needed??? Or is there some other vector for Meltdown & Spectre attack?

Reply | Quote

The browser mitigations are mitigations for Spectre variant 1 but not Spectre variant 2 or Meltdown.

Reply | Quote

A new version of InSpectre has been released since I downloaded and tried it yesterday.

2 users thanked author for this post.

SueW, HiFlyer

Reply | Quote

Sessh wrote:

I have switched to Pale Moon as well and although there are little things that don’t quite work right (smileys on this forum don’t display properly and appear as little squares with two rows of letters/numbers inside), I generally like it.

Ahhh, so it’s not just me who gets those little squares in Pale Moon instead of a smiley. I’d been wondering if I just couldn’t get the hang of using smileys at Woody’s.

That said, I too continue to use PM for all its other advantages over FF, as you described.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Elly

Reply | Quote

InSpectre Release #2 is being accepted by Sophos.

Virustotal test only has one malware warning remaining.

This indicates that there are still some “suspicious” features which could trigger future false-positives, but for now at least, Sophos is allowing me to download and run this.

Seems to work well.

Thanks Steve!

Chris.

 

Reply | Quote

InSpectre Release 3 is now available (https://www.grc.com/inspectre.htm).

Reply | Quote

I ran the program and it’s stating I’m vulnerable to both; however, I have the latest Win10 update and updated the BIOS on my ASUS Z170-A motherboard. Under the the system’s current situation, the first and last bullet are in red (2nd and third are green). What else do I need to do? Thanks for your assistance.

Reply | Quote

What is the text for the red bullet points?

Independently, please make sure to see https://www.askwoody.com/forums/topic/scan-for-meltdown-and-spectre-with-steve-gibsons-new-inspectre-utility/#post-159584.

Reply | Quote

Bullets in red:

• This 64-bit version on Windows is not aware of either the Spectre or Meltdown problems. Since Intel processors are vulnerable to both these attacks, this system will be vulnerable to these attacks until its operating system has been updated to handle and prevent these attacks.
• This system is not currently providing any protection against the Meltdown vulnerability. Either the operating system is unaware of this problem (which can be resolved by any operating system) or the operating system’s protection has been deliberately disabled.

Edit ti remove HTML

Reply | Quote

Also not sure if it matters but the Enable Spectre and Meltdown Protection buttons are greyed out for me.

Reply | Quote

any one or all options are greyed out if you do not install any of the January 2018 updates for Win10 (which release of Win10? – 1703, 1709?).

Still I wonder how running Steve Gibson’s “InSpectre” tool does when used on AMD based CPUs instead of Intel CPUs. have to try that tool out on a Toshiba based Win8.1 x64 laptop using an AMD A6-5200 APU w/ AMD Radeon HD Graphics 8400 R3.

Reply | Quote

Win10 Home Ver.1709 Build 16299.125

Reply | Quote

You don’t have the latest build of v1709. See https://support.microsoft.com/en-us/help/4043454.

Reply | Quote

So basically:

1st status – installed and active 2018-01 patch

2nd status – updated BIOS from the manufacturer

3rd status – windows 10

So basically 3rd status will always be false till 2020 for me, and I do not have updated BIOS yet.

But I like the written explanations in the tool, good job!

Reply | Quote

InSpectre Release 4 is now available (https://www.grc.com/inspectre.htm).

3 users thanked author for this post.

Microfix, abbodi86, MrBrian

Reply | Quote

From admin commandline:

start /wait InSpectre.exe probe
echo %ERRORLEVEL%

the returned value will be a sum of Trouble Itemization values
i.e. for me i get 253, which include all items except 2 😀

1 user thanked author for this post.

HiFlyer

Reply | Quote

“the returned value will be a sum of Trouble Itemization values
i.e. for me i get 253, which include all items except 2”

 

Pls clarify meaning for this dummie.

Reply | Quote

It’s hard to explain, i myself don’t understand the binary values

the values listed in the table:
1+2+4+8+16+32+64+128=255

the errorcode you get after running InSpectre represent the sum of previous values
subtract the previous values, starting with the bigger number to see which value item match your macine result

Reply | Quote

abbodi86 wrote:

It’s hard to explain, i myself don’t understand the binary values

See http://grc.com/inspectre.htm / Release History / Release #4:

1    OS is not aware of the Meltdown vulnerability
2    OS is not aware of the Spectre vulnerability
4    The system is vulnerable to Meltdown
8    The system is vulnerable to Spectre
16    CPU does not support Spectre (microcode not updated)
32    CPU does not support low-overhead Meltdown protection
64    Meltdown protection disabled by registry setting
128    Spectre protection disabled by registry setting

Reply | Quote

Version Info:

Release #1
The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

Release #2
This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let’s see how this second try fares.

Release #3
InSpectre’s more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine’s CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector’s analysis of its operating environment.

Release #4
When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system’s status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system.

If debian is good enough for NASA...

1 user thanked author for this post.

MrBrian

Reply | Quote

anonymous wrote:

On a sobering note (… not talking about InSpectre), the 2017 CCleaner hack shows us that if the binaries are hacked at the backend & then released undiscovered, most antivirus will still duly catergorize them as safe due to the good reputation of the developer. For the CCleaner case, I recall that only 1 antivirus (can’t remember which) amongst the long VirusTotal list repeatedly flagged the compromised CCleaner as a trojan over the 1 month that the hack went undiscovered. If I saw the result back then, I would probably think that it was a false-positive.

This is just a “heads up” to anyone who installed CCleaner 5.3.3. Anybody who was unfortunate enough to install CCleaner 5.3.3 and then think that CCleaner 5.3.4 or 5.3.5 fully removed the malware is mistaken. Yet this is a long story and for another topic.

Here is a quick summary. The following might not look like a quick summary, yet it is, based on what I discovered:

If you installed CCleaner 5.3.3, restoring to any System Restore points prior to August 2017 when CCleaner 5.3.3 was released will NOT resolve the issue. No AV product will detect the issue. Only GMER will occasionally detect the issue in the form of a couple of unknown threads which may show up when GMER is run. Why? Because I strongly suspect that DEP was skillfully defeated. Either Piriform completely missed that when they analyzed the malware and thus was never aware of this additional malware component, or Piriform completely missed that additional malware which defeated DEP was probably immediately downloaded and installed by the malware.

Interestingly, the defeat of DEP also involves precise timing issues — just like the timing issues behind Meltdown and Spectre. Why do I say that I strongly suspect that DEP was defeated. Because I was perhaps the first to report an in-the-wild defeat of DEP in XP way back in September 2009. No AV product on the market could detect it. As much was said in a research paper about how DEP could be theoretically defeated in XP. I say “theoretically” since the research paper authors responsibly never publicly published “proof of concept” code. I recall that the research paper was published either the previous year or perhaps another year or two before. The research paper did not include any code whatsoever. Instead, it merely described how DEP might be defeated via timing, and showed that all AV programs, after running non-disclosed code, could not detect the defeat of DEP. Thus, non-published code was used to prove that all AV programs could not detect either the defeat of DEP or any malware which was hidden from all AV programs by the defeated DEP. And that was enough. Say that it is possible, and somebody will eventually do it. Today, the same applies to Meltdown and Spectre. The difference today is that, with regards to Meltdown and Spectre, proof of concept code has been published. Publishing proof of concept code was sheer stupidity, given the magnitude of just how severe these exploits potentially are in terms of the compromise of passwords, other highly sensitive information, and virtually everything which any person does on their computer.

Back to the 2009 defeat of DEP in XP. Only one obscure beta stage program which I used could very indirectly detect the defeat of DEP because this program would throw an error message, once and only once on bootup, that it could not find an entry point in USER32.DLL for a specific DEP function call. That was the only clue, and this clue was an obscure one at that. Repeatedly closing and then relaunching this beta program would subsequently report that all was fine. Scans by over a dozen available AV products reported zero, zilch, nothing. Just like the research paper said.

In other words, on bootup and when the beta program was running, the defeat of DEP was in the millisecond process of occurring when when this error message was thrown by the beta program since DEP was still in the process of being “fixed” by the malware, such that DEP wouldn’t subsequently report any errors. After I contacted the AV company which created the beta program, it took the AV company over two months to finally confirm what I found, and to blacklist both the web site and all programs on that website from which I had downloaded the program which contained the malware. What was the program? The program name was DVDVideoSoft Free DVD Video Burner and the file name was FreeVideoToDVDConverter.exe.

The final upshot is that DEP’s design intentions were good. Yet DEP is flawed in the sense that if DEP is defeated, the defeated DEP itself and due to DEP’s inherent design, prevents AV programs from not only seeing that DEP has been defeated, but also from seeing where in memory the malware which defeated DEP is running. It is like, “Criminals broke into my bank vault, but the criminals are now forcing me to never let you see that they broke into my bank vault, or to let you see what they are doing right now inside of my bank vault.” This is the inherent design flaw in DEP. DEP has no ability whatsoever to ever report that DEP itself has been compromised, other than when a DEP function call momentarily doesn’t work because DEP is in the process of being compromised.

2 users thanked author for this post.

HiFlyer, AlexEiffel

Reply | Quote

InSpectre is greyed out in version 4

ran as admin, no diff

Reply | Quote

what kind of CPU are you using when you ran InSpectre? Intel or AMD

all options seemed to be grayed out when used on AMD based CPUs, even with the January 2018 updates installed.

folks do NOT visit Steve Gibson’s InSpectre page using either Internet Explorer or MS Edge. Use either Firefox or Chrome to download the tool. remember Woody’s advice to use Firefox or Chrome, but not IE or Edge for this one.

Reply | Quote

The InSpectre tool is now at release 5.

1 user thanked author for this post.

MrBrian

Reply | Quote

spectre 5 still grey-out on amd 8350.

downloaded with pale moon.

version 3 was not greyed but I chickened out.

Now I just cant

Reply | Quote

Interesting, InSpectre shows my fully-updated-from-scratch installation of 1703 as vulnerable to Spectre and show my  fully-updated-from-scratch-installation of 1709 as NOT vulnerable to Spectre :/

Both installed on the same Optiplex 5050  i7-7700 patched with latest BIOS from Dell (supporting the mitigation according to InSpectre)

Anyone can confirm this?

Why would 1709 be safe and not 1703 ? I don’t see any mention of that anywhere …

Reply | Quote

Woody,

I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this?

Just asking.

Dave

Reply | Quote

Hi Dave,

May I ask what version of Window 10 you running on?

I’m still trying to figure out why InSpectre shows my 1703 vulnerable to Spectre and 1709 NOT vulnerable on exactly the same machine, with same patched BIOS and fully patch clean install of Windows.

Reply | Quote

Pepsiboy wrote:

Woody, I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this? Just asking. Dave

Intel and ARM CPU’s are vulnerable to both both Meltdown and Spectre exploits.  AMD CPU’s are vulnerable to Spectre exploits but not Meltdown according to AMD.  I am really not sure how you could have come up with “Intel not vulnerable” think ( No Dis Intended) on this but it is troubling that you did as others may have as well.

It appears that virtually all modern CPU’s used in darn near everything (computer, phones, consoles, routers, LoT items, etc, etc) may be / likely are vulnerable to some form of Spectre attack.  Now that said there is a big difference between “being vulnerable” and having an attack vector to actually be able exploit that vulnerability on a given device.

Web Browsers are the most likely way right now ATM however browsers from MS (IE11 –  Edge), Firefox and Chrome have updates out with mitigation in them.

Viper

1 user thanked author for this post.

Pepsiboy

Reply | Quote

ViperJohn wrote:

Pepsiboy wrote:

Woody, I just ran InSpectre utility and it says “YES”, “YES”, “GOOD” for the results. From what I have read on this site, I thought the Intel CPU’s were not vulnerable to Meltdown and Spectre problems. Or did I just get a “False Positive” on this? Just asking. Dave

Intel and ARM CPU’s are vulnerable to both both Meltdown and Spectre exploits. AMD CPU’s are vulnerable to Spectre exploits but not Meltdown according to AMD. I am really not sure how you could have come up with “Intel not vulnerable” think ( No Dis Intended) on this but it is troubling that you did as others may have as well.

It appears that virtually all modern CPU’s used in darn near everything (computer, phones, consoles, routers, LoT items, etc, etc) may be / likely are vulnerable to some form of Spectre attack. Now that said there is a big difference between “being vulnerable” and having an attack vector to actually be able exploit that vulnerability on a given device.

Web Browsers are the most likely way right now ATM however browsers from MS (IE11 – Edge), Firefox and Chrome have updates out with mitigation in them.

Viper

ViperJohn,

Thank you very much for correcting me. I guess I read the original post about this wrong. No criticism taken. This month’s updates have been, and are going to continue to be a GIANT [pain]. I’m getting a migraine that doesn’t want to go away. Hopefully it will when this straightens out.

Many thanks for the tips.

Dave

Reply | Quote

The InSpectre tool is now at Release #6:

“Release #6 — Worked around a Microsoft bug and more . . .
Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator’s Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator’s Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system’s true protection.

And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :)”

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

MrBrian, Elly

Reply | Quote

I’ve checked it again today, and it’s still at v.6, but showing the date as January 31st…

Reply | Quote

It says Release 6 on the site, but the newest version says Release 6b on the applet itself.

1 user thanked author for this post.

Kirsty

Reply | Quote

Steve Gibson has tweeted today to say that v.7 InSpectre has just been released.

New release #7 of GRC's InSpectre app clearly displays the CPUID for comparison with Microsoft's forthcoming Intel & AMD processor microcode patches:https://t.co/5kto6W9LGH
See the comments for release #7 for further details. /Steve.
— Steve Gibson (@SGgrc) 8 March 2018

Release #7 — Added the display of the system’s CPUID . . .
Microsoft will be making Intel (and perhaps AMD?) processor microcode patches available for the most persistent Spectre Variant 2 vulnerability. These will become available over time as they become available from Intel and they will apparently need to be manually installed by interested Windows users. It is not yet clear whether Microsoft will be willing or interested in making these patches available for earlier versions of its Windows operating systems, but we can hope.

The patches are applicable to specific CPU models only, which are identified by each chip’s “CPUID.” For this reason, InSpectre now prominently displays the system’s processor CPUID at the top of its system summary.

Please check this page on Microsoft’s website to see whether a microcode patch for your CPU, determined by its CPUID, is available at any time:
KB4090007: Intel microcode updates

You can also use your favorite Internet search engine to search for the string “KB4090007” which should always take to that page and to its related Microsoft Update Catalog page to obtain the specific Windows update.

4 users thanked author for this post.

SueW, Cascadian, Elly, SkipH

Reply | Quote