Windows 10: Mitigating the last "L1 terminal fault" vulnerabilities - possible or not?

Hello,



So I have a 8700K and MSI Z370 with the last BIOS (and also the last, and necessary microcode update - see picture). I have installed the OS patch (Windows 10 x64). Yet the PC is still vulnerable, I can't figure why.



This is from the perspective of a normal Windows 10 user, i.e. client side, no Hyper-X, no SGX (not even installed that as there's no use to it unless you develop stuff, from what I've heard).



What I tried:



- turning off Hyperthreading - no effect (was suggested as necessary if using Virtualization-Based Security - mine shows as Disabled in msinfo, still gave it a shot)

- manually enabling SSBD mitigations - that changed the SSBDWindowsSupportEnabledSystemWide flag to True, as expected. Sadly L1TFHardwareVulnerable is also remaining True...



Intel (and Microsoft) are saying that the microcode necessary for L1TF is the same required for SSBD:

Are there mitigations in place?

Yes. The microcode updates released earlier this year when coupled with operating system and hypervisor software updates available now from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need.


The required microcode is the same microcode that addresses CVE-2018-3639 and CVE-2018-3640.
​

The last 8700K microcode is Rev 0x96 (see picture as well).



So all the pieces should fall into place, yet they don't. The PC is still found as vulnerable. So... what could be the issue here?



Thanks!



:)

 

AMD FX OC'ers Club

That's what the auto setting will do since you're over the 1333 mark it jumps to the next step which isn't listed or officially supported I assume by that ram.

At this point though I would suggest dropping the multi one step or .5 so that we can get something stable and possibly take the heat issue out of the picture for now.

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: {{windowTitle}}

 

Just a friendly notice to you peepz who visit Rage3D

Thanks HJ :up:

To be honest I'm not involved with the site restore. Though this does give me some ideas for an article, how to take steps to protect yourself and mitigate your data vulnerabilities.