Windows 10: CVE-2017-5703 - Unsafe Opcodes exposed in Intel SPI based products

Discus and support CVE-2017-5703 - Unsafe Opcodes exposed in Intel SPI based products in Windows 10 News to solve the problem; Unsafe Opcodes exposed in Intel SPI based products Intel ID: INTEL-SA-00087 Product family: Multiple Generations Impact of vulnerability: Denial... Discussion in 'Windows 10 News' started by Brink, Apr 14, 2018.

  1. Brink
    Brink New Member

    CVE-2017-5703 - Unsafe Opcodes exposed in Intel SPI based products


    Source: Intel Product Security Center


    See also: System firmware Can Be Erased or Corrupted After Boot

    :)
     
    Brink, Apr 14, 2018
    #1
  2. RICHARD BRUINS
    Richard Bruins Win User

    ETA of patch for "KRACK". Was this patched previously or should we expect a patch soon?

    We are looking for information that suggest when "Key Reinstallation Attack" will be patched for Windows 10 Professional. Has it been patched in an earlier update? This vulnerability has also been dubbed as "KRACK". This vulnerability is being tracked
    as CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
     
    Richard Bruins, Apr 14, 2018
    #2
  3. OLA_ERIK
    ola_erik Win User
    WPA2 Wifi KRACK & Windows update

    I'd like an update on this. This is what I've found so far:

    Type of attack

    CVE IDs

    Devices impacted

    IOS

    MacOS

    tvOS

    watchOS

    Windows

    4-way handshake

    CVE-2017-13077

    WiFi clients

    11.1

    10.13

    11.1

    4.1

    ------

    Group-key handshake

    CVE-2017-13078

    CVE-2017-13079

    CVE-2017-13080

    CVE-2017-13081

    CVE-2017-13087

    CVE-2017-13088

    WiFi clients

    11.1

    -----

    11.1

    -----

    -----

    -----

    10.13

    ------

    10.13

    ------

    ------

    ------

    11.1

    -----

    11.1

    -----

    -----

    -----

    4.1

    ------

    4.1

    ------

    ------

    ------

    ------

    ------

    Oct16

    ------

    ------

    ------

    802.11r Fast-BSS Transition (FT)

    CVE-2017-13082

    Access points

    Peer-key handshake

    CVE-2017-13084

    CVE-2017-13086

    WiFi clients

    -----

    -----

    ------

    ------

    -----

    -----

    ------

    ------

    ------

    ------

    Kudos to Zyxel for clear and exemplary info:Zyxel security advisory for the key management vulnerabilities of WPA2 protocol | Zyxel
     
    ola_erik, Apr 14, 2018
    #3
Thema:

CVE-2017-5703 - Unsafe Opcodes exposed in Intel SPI based products

Loading...

  1. CVE-2017-5703 - Unsafe Opcodes exposed in Intel SPI based products - Similar Threads - CVE 2017 5703

  2. Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel...

    in AntiVirus, Firewalls and System Security
    Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel...: Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel vulnerabilitiesMicrosoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilitiesMicrosoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel...

  3. Unsafe app !

    in Windows 10 Software and Apps
    Unsafe app !: After turning on my Windows 10 laptop a message came up "unsafe app check Windows security". I waited why it did a quick scan then everything seemed to go back to normal. I realised one of my "Tiles" was missing but at first unsure which one ! I realised My Viddly downloader...

  4. Unsafe app !

    in Windows 10 Gaming
    Unsafe app !: After turning on my Windows 10 laptop a message came up "unsafe app check Windows security". I waited why it did a quick scan then everything seemed to go back to normal. I realised one of my "Tiles" was missing but at first unsure which one ! I realised My Viddly downloader...

  5. It's safe or unsafe?

    in Windows 10 BSOD Crashes and Debugging
    It's safe or unsafe?: I have a question that Ventoy Multiboot USB Creator is safe for windows 10 or not? https://answers.microsoft.com/en-us/windows/forum/all/its-safe-or-unsafe/3bc01e49-d317-4ad3-9422-12ff190244fe

  6. Product Key Based

    in Windows Hello & Lockscreen
    Product Key Based: when my windows expire will my account pin fail to work? https://answers.microsoft.com/en-us/windows/forum/all/product-key-based/64bbb358-d835-4b09-93d8-63a808709fb3

  7. Exploit : O97M/CVE-2017-11882.BY!MTB

    in AntiVirus, Firewalls and System Security
    Exploit : O97M/CVE-2017-11882.BY!MTB: i have this threat on windows defender, when i select remove and start action it removes it but then after i start quick scanning again the threat pops up again and i have done this a few times and its still there, i already delete the folder which the threat says but its...

  8. Enable Retpoline to mitigate Spectre variant 2 (CVE-2017-5715)

    in AntiVirus, Firewalls and System Security
    Enable Retpoline to mitigate Spectre variant 2 (CVE-2017-5715): Following the release of Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 there is a lot of discussion regarding the new Retpoline mitigation. This feature has been included in the KB4482887, but is disabled by default. In future updates, or the next Feature...

  9. Get-SpeculationControlSettings not checking for CVE-2017-5753?

    in AntiVirus, Firewalls and System Security
    Get-SpeculationControlSettings not checking for CVE-2017-5753?: Hi all, Am I missing something here? Get-SpeculationControlSettings seems to check for 2017-5754 (Meltdown) and 2017-5715 (one part of Spectre) but not CVE-2017-5753 (the other part of spectre). I've gotta be misunderstanding something here, right? Thanks in advance!...

  10. Exploit for CVE-2017-8759 detected and neutralized

    in Windows 10 News
    Exploit for CVE-2017-8759 detected and neutralized: The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions were already protected against this threat. The...