McAfee?
My employer uses McAfee, so I assume we must already be patched and ready to go. I feel so secure.
Find out how you can make US 10.000$ a week working from home Visit $URL;> to find out more.
Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes. The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709. While …
LOL, at least you'll be safe from the US government and it's 17 security agencies, who it must be said SHOULD HAVE SPOTTED THIS BUG.
So we have to conclude that either
1. They did spot it but kept quiet and abused it to spy on people
or
2. They are incompetent and useless.
Neither of which is very confidence inspiring and none have anything to do with Russia...
yeah, but win security centre knows what av is installed for most major brands, hell, team viewer knows it. wouldn't be beyond the realms of mankind to check that automatically would it?
Well it would make sense on consumer systems for Win Security Centre to set the key, however, suspect there are valid installs where Win Security Centre isn't running or cannot reliability determine the AV software installed, hence MS have left it to the AV vendor to set.
Because of the circumstances under which it blue screens, it is worth manually setting this and seeing if your 'old' AV causes a blue screen or not, as you can always delete the key via safe mode.
i dont think im going to enable this on anything. trend reckon they have, in development, not released yet, an auto patch that can be installed via trend wfbs itself, but its not ready yet. i really dont fancy doing this on 746 machines manually....i hope to christ that they do it right...otherwise my phone will melt.
if you use trend wfbs, see the below
Is that only shiny new anti-virus software with updated shitty dependencies on Windows internal gubbins knows to set it.
It must be really shiny and new AV software, as a machine currently running MBAM 30-day trial doesn't have this key...
So just because you are running a current subscription AV doesn't mean this KB will be installed, you need to check that the key exists and then do the install.
The absence of the value suggests that old anti-virus is present, which will probably kick the patched Windows in the 'nads.
It also suggests that no AV is present.
Yes, it appears to be a rewrite of most of the core pieces of the Windows directory - I took a look around C:\Windows\SoftwareDistribution\Download once it downloaded, and have decided I'm willing to wait a few days to hear what other problems this behemoth causes.
Contrary to what Intel is bleating about it, it looks to be all Windows components being patched. And an enormous and rather terrifying number of them, all patched at once.
I dont' see anything that looks like a microcode update from Intel to address the root cause.
"Are the Linux patches similar?"
To answer my own question, the only linux patch available for my Debian Stretch boxes right now is one for linux-image-amd64, so that's a big fat no. If there *are* plans to recompile all of user-space with Spectre mitigations, they aren't being put into effect yet.
>> "I dont' see anything that looks like a microcode update from Intel to address the root cause."
That's because Meltdown is beyond the scope of a microcode fix.
As a result, the "fix" doesn't actually fix your CPU at all - it re-writes core parts of your OS so that the CPU flaw can no longer expose parts of kernel memory. That's why this fix involves lots of patched Windows files. Think of it more as a workaround than a resolution :)
Actually, even mapping kernel memory into a process address space - albeit protected by some access control bits - is a performance workaround to avoid the performance hit due to switching address spaces.
From a security point of view, fully isolating the kernel memory from user processes is a much sounder design - not a workaround. The issue is CPU are not designed to switch them quickly, and anyway performing the required checks takes time.
It's a long time since I've had to read an Intel CPU data sheet.
Was (prior to this) mapping kernel code into every application's virtual memory space their recommended way of calling kernel functions from an application for better performance, or did they advocate a proper separation and context switch?
I don't really know if that was something suggested by Intel, or something devised by kernel developers to avoid bottlenecks. I think more about the latter, but I could be wrong.
Some information about the use of the features that lead to this issues, and some of their possible solutions are in "Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3A: System Programming Guide, Part 1".
Intel has always suggested different models, but the more secure one implied the use of segments and specific "gates" to call across rings, which is very "heavy" and no one used - and in 64 bit mode AMD thought it was fine to get rid of segments. IMHO, one day they will find it's the right way to write secure OS.
Anyway, today you'd need to read some long manuals, i.e. "Intel® 64 and IA-32 Architectures Optimization Reference Manual" (788 pages) or "Intel® 64 and IA-32 Architectures Software Developer Manual: Vol 3" (1998 pages), to have a good knowledge of all the available features and recommended use.
"Contrary to what Intel is bleating about it, it looks to be all Windows components being patched. And an enormous and rather terrifying number of them, all patched at once."
To be fair, *only* Intel are trying to pretend that this is a minor issue. Everyone else is talking about how unfixable Spectre is and how it can only be mitigated with counter-measures compiled into all software running on the system. Presumably, then, MS have simply run all of Windows through a version of the compiler that applies the mitigations. They've had 6 months to test such a compiler and they have a reproducible build system for all of Windows, so this isn't any more scary than a hobbyist rebuilding their own Linux system, which any competent software developer will tell you is not *very* scary.
Huge - just like all Win10 patches then :D
All with a rushed fix done with overtime by sleepy engineers.
What could go wrong?
I suspect all programs that ask for a password now explicitly now black the password string as soon as it's been used to stop it hanging around in memory - so more changes than just the kernel.
too many beers already possibly, but...
"Also, people installing the Windows Server patches should ensure they are enabled, too. They are disabled by default due to the potential performance hit involved. "
"they" are enabled? what are enabled? wtf are you talking about?
do you mean the mitgations talked about in the link on "they are enabled"? in which case, word it as "you should enable these mitigations here" or similar?
There is a new Firefox (57.0.4) which makes some timings more random to allegedly make it more difficult to exploit the two bugs.
I wonder how much slower Firefox becomes to protect itself from other processes I run on my personal computer. In theory the OS could eavesdrop Firefox, but it could be also done in many other ways.
just a heads up....i think this update has screwed trend wfbs. ive had 3 win 10 machines do odd things today on fresh installs - firewall wont enable on trend, refuses to start even from directly telling the service to start, and the enable firewall button is greyed out on the client. in services, a dependancy for the firewall service is missing, trend micro wfp callout driver, but i cant find this referenced with a fix anywhere.
ive been scratching my head on this one. ive only got 1 machine left in the lab with this issue, but it has the update applied. i'll take it off and see what happens
... KB4056894 is causing BSODs (blue and black) on restart after installation. That's on W7Pro-64bit, with Microsoft Security Essentials installed. Okay, so not a stellar setup, but you'd think it would have the least hassle since it's all MS. It even gives different error codes in each crash (80242016, 800F0816, etc.) and a slightly different fix each time as well.
KB4056894 is now blocked and hidden, because I've got better things to do than nurse borked laptops back to life each time it gets a toe-hold in.
Will wait to see if the AV trick registry key works, but not yet.
And I've just seen the 12/2017 version of the Quality Roll-up update arrive - KB4054518, but that's late (issued 12 December?).
It's only 00:47 - I wonder if it fixes things...?
Hmm, it hasn't broken anything, but I'll still hold off with the Jan 2018 one for now...
... KB4056894 is the Win7 version of KB4056892. The details of **94 state Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics. The notes mention the same registry key details. **94 installs automatically, and leaves one laptop with a STOP error seconds after trying to start Windows.
Solutions mostly involved the Windows Repair tool, which auto-recovered one time (2nd or 3rd), but required two system restores on a later fix, which is why the December Quality Roll-up reappeared - I'd applied that one late and restores after that date failed to stick.
YMMV, but that's been my experience so far with this out of step patch.
From a Meltdown perspective, it's an older laptop (Toshiba SatPro A300D) running an AMD Turion64 X2 CPU, and Radeon graphics. I haven't tried other Intel/Nvidia and Intel/Intel laptops yet, Win10 or Win7-32bit may also have a different ride, which might also be affected by the rest of my PCs running different AV - the A300D really stands apart from the others.
Win7-32bit laptop on Intel CPU and discrete Nvidia GPU, with Zonealarm Extreme Security - **94 patch installed with no problems. ZA had set the registry entry itself.
Win10-64bit laptop on Intel CPU and on board graphics, same ZA AV etc. doesn't list the **92 patch - registry key not set.
YMMdefinitelyV - mine has, going from no probs to no go, passing not there, in just three laptops.
KB4056892 now applied to the Win10 laptop, and has slowed disk br down to between half and fifth of what it used to be...
Intel 1000M CPU (approx 4 years old), Win10-64bit, Crucial MX200 0.5TB, 8GB RAM.
On the CrystalDiskMark v6 benchmark the results are between 15% and 60% of what they used to be, probably due to the way the drive caches R/W access through a chunk of system RAM. Subjectively, overall the PC feels more in the 70-95% estimated range from the article, but the workaround has definitely hit this PC's file I/O speed.
It's coming to that. One computer for browsing with everything else disconnected from it. That'll make it tough to run a mail server effectively, but what with NICs and Bluetooth not having hard shutoff switches and ME/UEFI there's probably no real extra risk, I guess. To be honest, it feels like most, maybe all, Governments approach to proprietary OSs and software is an extended play in graft and corruption. It's probably a lack of knowledge on Politicians part, but it certainly plays into the deepening distrust people have of Government.
Presumably malware uses details of how Windows organises virtual memory and changes in this area may cause malware to crash the OS. Have malware authors provided updates so normal uses can enjoy the benefits of keyloggers and RATs without risk of BSODs?
I just felt like a down vote Friday when I posted :) Didn't hear of any hassle with the macOS patch and had no AV problems with Sophos.
However, karma has had its revenge as I find my beer has evaporated whilst I wasn't paying attention and I now have to get up and get another one. I will however dedicate it to all who won't make it to the pub at lunchtime due to this M$ SNAFU.
Symantec have updated SEP and once rolled out the Registry Key is set so the system is offering the MS Patch - however the fix is flawed with users reporting issues - https://support.symantec.com/en_US/article.TECH248552.html
We are now at the point where the MS patch is installed, the Symantec Update is installed on the PC but SEP is reporting multiple issues.
It's not only AV that it breaks. Applying this update will break other applications.
We've had reports already, Numecent’s CloudPaging solution https://www.numecent.com/cloudpaging/ stops working.
With such a fundamental change to how Windows works, there will no doubt be many applications that fail and will need updating. This is why this patch needs the reg edit before it installs, as MS know this could potentially break loads of stuff.
Hopefully Microsoft will get around to fixing their giant File Explorer bug too one day.
1. Get FLAC file and mess with a meta-data length field with a binary file editor.
2. Put it on a Windows machine.
3. View it in File Explorer. Note how each broken FLAC you view adds nearly 400MB to File explorers memory footprint. Copy it in File Explorer to watch it each another 400MB per copy made.
4. As the machine runs out of memory and crashes, make a note to delete them from the command shell as File Explorer can't even look at them.
I have no idea how File Explorer got this far in the world with this type of schoolboy error.
"4 January: About the Meltdown and Spectre attacks: FreeBSD was made aware of the problems in late December 2017. We're working with CPU vendors and the published papers on these attacks to mitigate them on FreeBSD. Due to the fundamental nature of the attacks, no estimate is yet available for the publication date of patches."
Looks like they'll be late to the party with any fixes since they weren't deemed important enough to be told about it months ago like the big boys.