It broke Asus' AI Suite software as well - caused a nice repeating error window to start cascading across my desktop. I was just using one component of it to set my own fan curves but I've just uninstalled it for now. Asus appear to have released a beta update but it's based on a newer version and I don't know if it supports my old board because, erm, I haven't tried it yet.
More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns
More examples have emerged of security fixes for the Meltdown vulnerability breaking things. Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos. radiation symbol Microsoft patches …
COMMENTS
-
-
Monday 8th January 2018 17:56 GMT Ken Hagan
Re: Systems without an AV may need the reg key to be set manually
"Or the patch won't appear in Windows Update."
Or any other patch, from now on, perhaps? Presumably MS will rig the WU software so that it tells you that updates are not being provided and this is what you can do about it. Presumably...
-
-
Monday 8th January 2018 18:10 GMT TaabuTheCat
Add Symantec Endpoint Protection to the broken list...
https://support.symantec.com/en_US/article.TECH248552.html
"However, Symantec plans to release a hotfix to address the issue, and recommends that the Microsoft Windows Security Updates released on January 3rd, 2018 updates not be applied to systems until a hotfix is available for the affected versions."
Working AV or vulnerable system? Guess that's your choice.
-
-
Monday 8th January 2018 22:03 GMT hamiheim
Re: Add Symantec Endpoint Protection to the broken list...
According to the article linked, and testing that I've done, it technically is compatible, i.e. it doesn't cause BSOD as previously predicted, however on Win 8 or greater machines (Server 2012 or greater) after applying the MS patch, the SEP client reports errors in the SysTray but not the UI on the client. Symantec assures "At this time, this issue has no functional impact on the protection technology of the SEP client." but still recommends not installing the MS update until a hotfix is in place.
-
-
-
-
Tuesday 9th January 2018 13:54 GMT Anonymous Coward
Re: SCCM potentially affected
There was something on the Microsoft site warning about patching SQL Servers that are used for SCCM. I can't seem to find it now, but the implication there was patching the SQL Server would break SCCM and to hold off patching those for now.
It was about a week ago I saw that, so it's probably changed now anyway. It was a temporary "just hold off while we figure out what's going on" type warning.
-
-
-
Tuesday 9th January 2018 00:07 GMT Anonymous Coward
Re: As we have witnessed countless times, especially in the 'new era' Microsoft
While MS have screwed up too many patches in the last few years, it is dlfficult to blame them in this case. They are having to make fundamental changes to the way the OS deals with virtual memory due to a problem not of their making. I am sure they have done extensive testing with as much hardware/software as possible, but at the end of the day they can't test everything and the patches had to go out last week.
If developers are going to be naughty, not follow the rules and make undocumented calls to the OS, it is hard to blame MS when their software breaks due to these forced changes.
-
-
-
Tuesday 9th January 2018 22:07 GMT Michael Wojcik
Re: Is GPU also too?
GPUs won't be vulnerable to Meltdown, because they don't have privilege levels. At least I'm not aware of any that do.
GPUs traditionally did not provide speculative execution; their die space went to features that improved compute-intensive SIMD workloads. See for example this 2009 whitepaper on nVidia's Fermi architecture. The Spectre family of attacks depends on speculative execution.1
I haven't paid attention to the last several years' developments in GPU architectures, though, and it's conceivable that designers have started incorporating more speculation features into them.
Better questions: What might a side-channel attack like Spectre achieve on a GPU? Spectre is only interesting if the attack code can gain access to data that it shouldn't be able to read. And are there better existing attacks on such data? For that question, you might want to look at the CUDA Leaks paper from 2013. Again, obviously, that's relatively old, and memory protection in GPUs may have moved forward.
1However, it's entirely possible that there are other memory-probing side-channel attacks which don't require spec-ex, as I've noted in comments on other stories.
-
-
-
Wednesday 10th January 2018 15:16 GMT Nimby
Control! Must. Have. Control.
The good news is that one of the many things that Microsoft just broke is their own forced Windows Update on Win10 Home users. There is now a convenient registry key that allows you to stop Microsoft from updating your Windows 10 box so that you can update it when (and if) you want to. I wonder how long it will take before people start making software to leverage this registry key for easy control without regedit. Combine it with a Win7-style start menu replacement and you almost have a usable version of Windows again.