Intel CPU Bug (Meltdown and Spectre)

[V_R]

I've downloaded the Windows patch, KB4056892, on 06-01-2018 and all seems well.

Does this give total protection from the problem or is it only partial cover? Or no cover at all?

Not yet, but its a start.

 

[muckshifter]

I've downloaded the Windows patch, KB4056892, on 06-01-2018 and all seems well.

Does this give total protection from the problem or is it only partial cover? Or no cover at all?

I highly recommend you use THIS to be protected.

or, disconnect from the tinternet.

 

[nivrip]

Thanks, Mucks. It just about stretches over the PC.

 

[V_R]

https://www.grc.com/inspectre.htm

“InSpectre” is an easy to use & understand utility designed to clarify the many overlapping and confusing aspects of any Windows system's ability to prevent the Meltdown and Spectre attacks.

 

[V_R]

https://blog.frizk.net/2018/03/total-meltdown.html?m=1

Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.

No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required - just standard read and write!

Oh dear.

 

[Becky]

Eek, that's pretty terrible

Good reason to upgrade to Windows 10 (not that this restores any faith in Microsoft). Funny, I still think of Windows 7 as being relatively new, but it's nearly 9 years old!

 

[bootneck02]

The best solution is to dump Microcrap and use a Linux distro

 

[muckshifter]

The best solution is to dump Microcrap and use a Linux distro

err, you do know you are not immune!

It's a CPU bug, not an OS bug.

 

[Ian]

A very clever bit of detective work to figure that one out - just shows how rushed this initial patch was (given the severity).

The best solution is to dump Microcrap and use a Linux distro

I'm going to point you to @Abarbarian's thread from this morning :
https://www.pcreview.co.uk/threads/linux-mint-was-hacked.4073486/

Whichever OS we choose, I think there will always be pretty awful bugs surface at some point .

 

[bootneck02]

What I do not understand is what do the people who do things like hacking, spyware etc, etc get out of this are they doing this because they can or what, I cannot understand why any would write spyware, viruses etc. Am I missing something or are they just sick.

 

[Ian]

What I do not understand is what do the people who do things like hacking, spyware etc, etc get out of this are they doing this because they can or what, I cannot understand why any would write spyware, viruses etc. Am I missing something or are they just sick.

I bet most of them do it as a technical challenge or in some cases for extortion, etc... Thankfully most of these vulnerabilities are found by people paid to find holes like this and they're sorted before exploitation.

 

[EvanDavis]

The best solution is to dump Microcrap and use a Linux distro

 

[Abarbarian]

https://blog.frizk.net/2018/03/total-meltdown.html?m=1



Oh dear.

A bit of extra to V_R's post.

From the article,

OOB security update released to fully resolve the vulnerability on 2018-03-29. CVE-2018-1038. Apply immediately if affected!

Windows kernel update for CVE-2018-1038

Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

Just use W 7's update facility and you should have the fix.