Yes, Blorg, if you're using an Intel CPU with Windows and you're offline, you should be just fine. Also, you can stop the patch from being installed. But I simply wouldn't risk using Internet with any of these setups because malware/virus writers will make damn sure to exploit that security hole. So no Pornhub with Intel CPUs any more. "no porn inside"

 

From Woody Leonhard
--------------------------------

Windows 7 Monthly Rollup patch is out
Posted on January 4th, 2018 at 20:03 woody Comment on the AskWoody Lounge

The guesses were right. Late today, January 4, Microsoft released the usual Patch Tuesday Monthly Rollup for Windows 7.

KB 4056894 2018-01 Security Monthly Quality Rollup for Windows 7

I’m installing it right now on my “Group A” test Win7 machine, using Windows Update. The description only mentions the Meltdown-related patch. As far as I can tell, that’s the only fix for Win7 in January.

No word yet on the Windows 8.1 Monthly Rollup. No word on whether we can expect another Win7 Monthly Rollup this month – but it seems unlikely.

Windows Patches/Security
January 2018 Black Tuesday

 

Last edited: Jan 5, 2018

Funny you should mention it. Googled

and this shows up

 

It's important to know that these security flaws, Meltdown and Spectre, only allow malware to read certain memory locations. They can peek at your data, potentially passwords, credit card numbers, company secrets, etc. They can't write anything, and can't install malware or take over your system. It is essentially potential spy-ware only (but that's pretty bad). It is reported that a web page's javascript can implement this, so bad web sites might be able to spy into your memory, but they won't infect your system. There are plenty of other ways to do that anyway.
Check this out for some good info:
https://meltdownattack.com/

 

Thantrax, let us know how it went. I'm interested even though I only touch internet with Debian and it will get patched, too, anyway and it will have the same effect. I won't patch W7 on both of my computers no matter what. My desktop is AMD but my laptop is Intel and they both connect to the Internet with Debian. Shame my laptop will get slower with Internet and for regular activities with Linux.

 

additional news,
iPhones and iPads cpus are affected too

https://media1.tenor.com/images/7065691acfb07bafd267051479f56e48/tenor.gif

 

Spectre could be mitigated but not fixed. It is all about modern processor pipeline works.
A new architecture for chaching is probably necessary. It's not even an easy fix.
I'm surprised about official statements from several vendors, I don't see how they could not be affected.

 

IMO there is something sinister behind all of this. There is no logic behind it.

 

Last edited by a moderator: May 7, 2018

The bad news according to all my tech bulletins is that it affects Intel, AMD and ARM processors. The advice currently is only download from authorised sites and adopt normal safe browsing/downloading procedures.

 

yeah, I never update my DAW Win10, use the original install 1511 version and disabled all updates.

 

Intel, in collusion with AMD and ARM/SoC manufacturers, introduced a secret sinister flaw into their products, back in the 90s, in a dastardly ploy forcing us to buy products which they still do not make. A deft, albeit grossly unethical, business move.

And they would have gotten away with it too, if it weren't for you ̶m̶e̶d̶d̶l̶i̶n̶g̶ ̶k̶i̶d̶s̶.

 

AMD?
Until yesterday morning every tech source over the web was excluding AMD microprocessors because their architecture is different.
What really happen?

 

I guess people (news writers) started learning how computers work,
if computers are designed the way processes are sharing memory pool (regardless of operating system), then the problem is valid across ALL computing devices, simple as that,
the source of the risk is ability for ANY process to infiltrate ANY other process - Meltdown can read it, Spectre can modify it
first one can be apparently fixed by restrictive hotfixes, as introduced by Apple (High Sierra 10.13.2, Sierra 2017-002 and El Capitan 2017-005) or Microsoft (KB4056892 - it's rushed, so may cause BSODs in combination with certain anti-viruses and other software), Linux distros are patched by various hotfixes as well
second one cannot be easily fixed, practically requires new computer design (not just cpu) and kernel architecture (so new operating system literally from scratch), which is a matter of few years ahead

 

@tzzsmk

So... Is Spectre the origin of a PCs Armageddon?

 

No, @tzzsmk has no idea what he's talking about. Both exploits are read-only so they can only spy on you. Yes, that's bad, but nowhere near as bad as malware which can infect your system (because then, by definition, it can also spy on you).

Meltdown applies only on Intel CPUs (that means also all Macs, gg) and it's the "worse" one because it can read kernel memory. Intel CPUs are affected because Intel don't do proper privilege checks when speculatively executing instructions, they thought it's not needed, they didn't realize exploiters can be this clever. I mean, it's part of the reason Intel CPUs are probably faster than AMD: every security check wastes power or performance. So they just tried to "shortcut" it here thinking it's not needed, but they were wrong. AMD implemented it by the book, so their processors are probably safe (well at least that's what they claim, I didn't reverse engineer an AMD CPU to prove this).

Spectre, on the other hand, is an inherent flaw in the very principles of CPU designs, not Intel's fault. It applies to non-x86 CPUs with out of order execution as well (funnily, it doesn't apply on old Atoms because they have no speculative execution, so they're slow).

There is no conspiracy here. If you know basics on how CPUs work you'd realize that it's simply something the CPU designers have never anticipated before. The exploits are extremely clever. They rely on timing attacks on information that would otherwise not be available.

Modern CPUs execute multiple instructions in parallel and predict branches so that they don't have to wait until the result of the conditional branch is known. When they do this, they "speculatively" execute instructions, meaning they execute them but will discard them if the CPU predicted wrong. This is not just x86, ARM processors also do this (otherwise they'd be extremely slow).

When out of order execution like this was designed, nobody thought you could exploit speculative execution like this. After all, the processor is supposed to discard ALL architectural state if it's proven wrong in a branch. Which is true and it does, but exploiters rely on "cache" timing attacks to extract information from the speculative execution.

They poison the cache and force the branch predictor to predict it the way they want it to, then use a different input data to make it predict it wrong and this data will "speculatively access" a wrong part in memory that you design. The CPU will discard this data since it was predicted wrong, so that's fine, however now he can see whether or not the data he attempted is in the cache or not by reading his own specific memory and checking whether its access time is fast or not. He relies on cache timing to extract one bit of information this way. Now he has to flush the cache and make it branch several times in a row to predict wrong again then send another data to extract another bit.

That's why the exploit can only read around 2KB per second of memory.

There's no conspiracy. Just CPU designers who never thought this would be a way to extract information; it's way too clever. Not just Intel, ALL CPU designers, not just x86 either, got it wrong here.

 

Ouch!

​

 

it appears each of us has different information (I stick to official resources such as this: https://meltdownattack.com ),
I can not compeltely agree with what you wrote, perhaps this place isn't even a place for extensive discussion of such technically complex matter

 

Intel-SA-00086 Detection Tool can detect if your computer is vulnerable to the Intel Management chip security flaw known as INTEL-SA-00086.

https://downloadcenter.intel.com/download/27150

 

I have tested my PC (Windows 10 Pro) with the Intel Detection Tool, just after applying the Microsoft fix (KB4056890) , and the test says that "This system is not vulnerable"
I wonder if this result is because of applying the fix before, or if in fact my Intel i5 4460 Haswell processor is free of that defect?

P.D. I have uninstalled the Microsoft update (KB4056890) , and i have done the Intel test again, and it continues : "This System is not vulnerable"
Does this mean that my system is not really vulnerable, or that this Detection Tool by Intel is just a joke?

 

The Intel tool test result: "This system is not vulnerable".

Weird. The KB 4056894 is for the Meltdown threat only (Windows 7 Pro/Ultimate).

 

Last edited: Jan 5, 2018