![]() ![]() Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” If you are running an affected device, this update can be applied by downloading it from the Microsoft Update Catalog website. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. For the full list of affected devices, see Intel’s microcode revision guidance. While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode. We understand that Intel is continuing to investigate the potential effect of the current microcode version, and we encourage customers to review their guidance on an ongoing basis to inform their decisions. On January 22, Intel recommended that customers stop deploying the current microcode version on affected processors while they perform additional testing on the updated solution. Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “ higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “ data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. In some of the tests, we will be using this CPU with all six CPU cores active, while others will be tested using both Dual-core and Hx-core configurations for reasons that will become clear later.Notice: Applying this update will disable the Spectre variant 2 mitigation CVE-2017-5715 - “Branch target injection vulnerability.” Customers can apply this update to prevent unpredictable system behaviors, performance issues, and/or unexpected reboots after installation of microcode. ![]() To test the performance impact of this security fixing Windows Update, we will be using our games test system, which is based on Intel's X99 platform with an i7 6850K at 4.0GHz. More information about both Meltdown and Spectre is available here. The software fix imposed by Microsoft is very similar to the fix introduced by into the Linux Kernel, though the performance impact of the change will vary depending on your system's workload and how often system memory needs to be accessed. Early estimates claimed that this fix would impose a 5-30% performance hit on Intel hardware, with today's testing being designed to showcase what kind of performance changes to expect. Intel has been the worst hit by both Spectre and Meltdown, being affected by all three attack variants, with meltdown requiring some extreme software changes to mitigate the issue. Fixes for both Windows 7 and 8 are also expected in the near future. The discovery of these bugs has prompted updates for every major computer operating system on the planet, with updates arriving for Windows 10 shortly after the issue became disclosed to the public. ![]() Spectre has been found to be usable in most moderns processors, with Meltdown being seemingly exclusive to Intel (at least in the x86 market) due to architectural differences with AMD. Over the past few days, it has been hard to see anything to do with PCs or computing without coming across the names Meltdown and Spectre, two recently discovered exploits that can be used to access protected data, potentially allowing hackers to steal data from programs running on a computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |