Windows 10: Intel Issues Updates to Protect Systems from Security Exploits

Source: https://newsroom.intel.com/news-rele...rity-exploits/

Reference: Kernel memory leaking Intel processor design flaw - Windows 10 Forums

See also: Download Intel-SA-00086 Detection Tool

:)

 

KB4056892 (meltdown & spectre) installed: Am I safe?

You are safe enough for now. There are no known attacks, yet.

https://office-watch.com/2018/spectre-meltdown-...

https://www.theguardian.com/technology/2018/jan...

This my favorite, typical propaganda:

https://newsroom.intel.com/news-releases/intel-...

 

Bug? In Windows Defender Exploit Guard.

If we assume that this is just a glitch, then you might be able to reset the Exploit protection defaults by exporting the settings from an unaffected PC (with default settings) and then importing those settings on the affected machines. This looks
to be the backup/restore tool for the Exploit protection settings:

Deploy Exploit protection mitigations across your organization

Export and Import Exploit Protection Settings in Windows 10

 

what does this mean:

"Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years."

I haven't seen any updates by Intel (only Microsoft)

 

Could it be that those intel patches are included in the Cumulative Updates being pushed out by MS?

So many unanswered questions and doubt here.

I wonder how many AMD chips are affected, it seems like less of them might be. In a way I wish AMD was still independent of Intel, I'd love to see some real competition in the processor market.

 

I don’t like the references to ‘firmware’ updates. Software is all well and good but I suspect the updates from intel could relate to firmwares. Intel working with motherboard manufacturers would be a possible scenario. Am not particularly clued up but I believe microcode fixes to processors can sometimes be applied via BIOS revisions. Thus implying they expect people to start messing around with updating the motherboard BIOS. If this is a recommended step then I’d say 99.9% would not do this as people generally aren’t aware of this aspect and also it’s pretty risky. It really is the sort of thing you don’t want to mess with if everything’s working as it can screw up. I hope it’s not the case and that all we need to worry about is allowing windows update to do it’s job.

 

Yes, Intel supplies the OEM's with updates to the firmware so that MS updates can mitigate - did mine last night

Announcing Windows 10 Insider Preview Fast+Skip Build 17063 for PC Insider - Page 58 - Windows 10 Forums

 

Processor microcode can, and is, also updated by Windows Update. It gets loaded into the processor early in the boot stage, For something as important as these vulnerabilities, I am confident Microsoft/Intel would update it through Windows update.

 

I think we need clarity from official sources. Has the WU fix solved the problem or do we also need updates from the PC supplier or motherboard supplier. I might have a long wait in the latter case since I have a Gigabyte motherboard.

 

https://support.microsoft.com/en-gb/...erabilities-in


It's a 3-prong approach...
NB: WU cannot determine the model of the firmware to update thus must be done via the OEM's.

 

I ran the PowerShell commands in this post Windows Client Guidance against speculative execution vulnerabilities

This gave the result below after the latest W10 update. It seems there is some way to go before we have full protection.

 

Hi there

I suspect if ordinary users try applying BIOS updates there will be an awful lot of "Bricked" computers out there.
I'm sure if this type of problem was in any way problematic to a significant number of individual users updates would have been released already.

professional / serious hackers know about this stuff already and would surely have exploited it if worth doing. I don't see how companies the size of Intel could possibly keep this type of stuff under wraps -- companies of that size invariably have some "leakers" - inevitable.

I'm not really sure whether this is essentially Fake News during a quiet period of the year, a sales pitch by some AV companies who must be feeling the pinch as Ms's own built in security improves or Intel to get people ready to go out and buy computers with brand new processors in them.

In any case I don't have anything on my Windows machines that anybody would find either interesting or the slightest bit of use -- they certainly couldn't make any money out of it. !!! - I never use Windows for things like online banking or online shopping (e.g Amazon) - if I do then it's on Linux machines which are much better protected and never keep passwords on the machines in these "remember password" programs -- those types of programs should be OUTLAWED IMO - maybe convenient but a huge security flaw.

If you MUST use those types of things ensure the password stuff is on a different machine on your network and NOT connected to the internet in any way and even on the network has limited access - you can create a small Virtual machine for this purpose, recover your password and then power off the VM. This VM in my case is on an external HDD (SSD actually) which is then removed after powering off the VM so a hacker wouldn't be able even to see it.

I'll just wait and see what's next anyway and probably be quietly amused.

Cheers
jimbo

 

I think I’ll take my chances with the BIOS my pc was shipped with (Asus pro gamer 170 motherboard or something like that). I wouldn’t even know exactly the model to go for, since the machine functions, boots etc I won’t risk it. Hopefully as mentioned windows update will do its job. Like Jimbo, there’s little of interest in my machine!

 

It works fine.

 

Just curious what that is supposed to mean.