Got an Intel processor? Welp you need to do some patching. And i know you love patching!

[MoarThrottle]

Looks like Intel sold thousands of chips with a built in security flaw. More about that here..
http://www.businessinsider.com/inte...fter-company-was-informed-of-chip-flaw-2018-1
But at least now MS is releasing patches. Win 10 users will get the out of band pushed this week, everyone else needs to make sure they update on their own.
https://www.ghacks.net/2018/01/04/microsoft-releases-out-of-band-security-updates/

Microsoft released out-of-band security updates for Windows yesterdays that address a recently revealed major security bug in Intel, AMD and ARM processors.

The updates are filed under the IDs KB4056888 , KB4056890. KB4056891, KB4056892, and KB405689. All updates share the following description:

Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Subsystem for Linux, and the Windows SMB Server.

The update is available only for Windows 10 and Windows Server 2016 at this point; updates for Windows 7 and Windows 8.1 will be released next Tuesday according to The Verge. The second Tuesday of the month is Microsoft’s traditional Patch Tuesday. Microsoft releases security updates for all supported products on that day usually.

The updates rely on firmware updates from Intel, AMD, and other vendors, and some software programs, antivirus products, for instance, may need patching as well to address the changes made to Kernel-level access.

The patches may cause performance to drop on affected systems. While Intel Skylake and newer processor systems won’t see a massive drop in performance, older Intel processors may see a significant drop in performance after application.

Intel confirmed that performance might be affected depending on the system’s workload. Initial benchmarks suggest that performance may drop by up to 30% in certain workload situations.

AMD published a response on its corporate website indicating that AMD processors are affected only by one variant of the vulnerability and that the company expects a negligible performance impact

Google disclosed the vulnerability yesterday on the Project Zero blog. It seems likely that Microsoft’s decision to release an out-of-band security update for Windows 10 was caused by Google’s disclosure date.

It is unclear why Microsoft won’t release updates for Windows 7 and Windows 8.1 as out-of-band security updates as well.

Update: Security updates for Windows 7 and Windows 8.1, and Server operating systems are available on the Microsoft Update Catalog website (thanks Woody).

Internet Explorer 11 patches are available on the Microsoft Update Catalog website as well.

 

[BillyDean7173]

Thanks for the info. Looks like I'll be running some updates tonight. At least my computer was fast last year.

Not to detract from this important info, but I find it laughable in a bad way that Intel and their CEO Brian Krzanich are going to play dumb and tell us his stock sell off was preplanned. Didn't some of the Equifax execs pull a similar tactic before news of the massive data breach became public? Meanwhile, some guy selling sandwiches out of his truck is getting hassled for not having a permit.

 

[MoarThrottle]

Looks like its not just Intel processors but all processors that run a specific set of instructions. Ohhh joy.Patch em up as fast as you can. Even though the exploit wasn't in the wild it most likely is now.

 

[camarochevy1970]

Also, the OS updates only fix that attack surface. All chipset manufacturers are supposed to release firmware updates to cover the gap at the hardware layer.

 

[Javelin3o4]

Intel chips primarily affected by Meltdown/Spectre and AMD affected by Spectre. There was an article that people with AMD CPU's running Windows 10 got pushed the patch and basically got stuck in a boot loop and couldn't even do a system reset.

 

[Gary S]

Microsoft has stopped allowing AMD machines to download that patch so the boot failure should no longer happen. Expect a fixed patch for AMD to show up soon.

 

[MoarThrottle]

It boggles my mind that MS released a patch that essentially bricks half the processor market. Not surprised per se, but still surprised. I mean there was talk of some performance issues but that takes it too far.

 

[Gary S]

From the information I can get, it isn't entirely Microsoft's fault that the patch causes problems. Microsoft says:

"Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown"

It appears that there was either incomplete or incorrect information passed between AMD and Microsoft.

 

[MoarThrottle]

"It's not entirely clear what the documentation error is. There are some reports that users with very old AMD processors are seeing crashes because the Windows kernel is trying to use an instruction that the very earliest 64-bit AMD chips didn't support. It's not clear if this is the cause of suspension, but the bulk of the complaints do seem to concern older chips, so it's certainly possible" from an Ars Technica article i was reading.

Knowing what i know of off-shore assistance, most like what happened was somebody went "oh yea yea sure don't worry" and did their thing and completely fubar'd it up. They probably thought, 'oh everything is always how its been since 64 bit architecture was introduced.' without actually checking. And AMD probably didn't think to remind them. I've seen off-shore do some incredibly bone-headed things w/out permission or understanding what is being done.