Glitch in Intel cpus may result in security patch with big perf hit

Discussions about anything Computer Hardware Related. Overclocking, underclocking and talk about the latest or even the oldest technology. PCA Reviews feedback
User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Tue Jan 09, 2018 7:05 pm

I got the Meltdown PowerScript test working, but it's not for the faint of heart. Hopefully someone will release a simpler tool.

If you're willing to try it, BleepingComputer walks you through here: https://www.bleepingcomputer.com/news/m ... cpu-flaws/
There's lot's of Meltdown info there, including a way to bypass the Anti Virus block if you know your AV is compatible with the patch, but Windows Update is still blocking you (I checked and since I only use Windows Defender, looks like Defender already set the registry entry that indicates the AV is compatible).

However, that didn't work for me. I had to manually download the module and install it.

According to the script, I do have an exploitable system.

In other news, Microsoft is preventing the patch from being installed on AMD systems, for now, to avoid causing problems:
https://www.computerworld.com/article/3 ... uters.html
Image

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Tue Jan 09, 2018 8:11 pm

WTH. I went ahead and installed the Meldown patch on my main workstation - arguably the most exposed PC here. No issues, and the PowerShell script indicates Meltdown is patched although Spectre is only partially patched because MS hasn't released a full patch for it yet (and may never since it's hard to fix and hard to exploit).
Image

User avatar
Err
Almighty Member
Posts: 4578
Joined: Thu Nov 22, 2007 11:54 am

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby Err » Tue Jan 09, 2018 11:04 pm

FlyingPenguin wrote:I've had no luck getting the flaw testing PowerScript to work properly so I've removed the link from above.

I'll see if I can figure it out first.


I have no experience with powershell but I tried the instructions. I really didn't understand the instructions but tried coping and pasting. The first command asked me to enable (something, I'm too tired to remember as I type this). The second command was supposed to bring in the script but all I got was red text stating that it couldn't.

I'm fairly sure the laptop I tried it on is patch in the BIOS and by the Cumulative Patch. I'm not a huge fan of Lenovo but they constantly patch their stuff.

User avatar
wvjohn
Posts: 8875
Joined: Wed Nov 22, 2000 7:09 am
Contact:

NV apparently vulnerable as well - will issue patches

Postby wvjohn » Wed Jan 10, 2018 11:43 am

when it rains, it pour

Spectre + crypto mining next? not to mention IOT.


https://www.reuters.com/article/us-cybe ... SKBN1EZ1E9

Nvidia patch release adds to scope of Spectre worries
Aishwarya Venugopal, Laharee Chatterjee
4 MIN READ

(Reuters) - Graphics specialist Nvidia Corp was the latest chipmaker to say its equipment was vulnerable to the Spectre security threat, broadening the scope of concern for millions of computers beyond their central processors.

FILE PHOTO: A NVIDIA logo is shown at SIGGRAPH 2017 in Los Angeles, California, U.S. July 31, 2017. REUTERS/Mike Blake
Spectre is one of two chipset flaws, the other dubbed Meltdown, revealed by researchers last week which offer hackers opportunities to steal sensitive information from laptops, desktop computers, smartphones, tablets and internet servers.

Advanced Micro Devices Inc, ARM Holdings and now Nvidia have reported being exposed to the Spectre flaw, while Intel Corp has been hit by both.

SPONSORED

Nvidia, the world's leading maker of graphics chip processors (GPUs), said in a blogpost releasing software security patches that affected chipsets included GeForce, Tesla, Grid, NVS and Quadro. (bit.ly/2DeYzXN)

“NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this (third) variant,” Nvidia said, referring to Meltdown. A display driver is an integrated circuit that acts an interface between Nvidia chips and a screen.

While the full extent of affected systems is not yet fully known, Cisco Systems Inc has said it has identified 18 vulnerable products and is looking for problems in nearly 30 other products, including switches and routers.

Releases to date from chipmakers have concerned central processing units (CPU) rather than graphics processors.

Affected companies, keen to quash any speculation that the flaws could require the replacement of millions of chips or provoke lawsuits caused by slowing computer performance, have been striving to play down the scale of the threat.

Intel and AMD have not disclosed the number of chips affected by the security flaws and AMD has said its products were at “zero risk” from Meltdown. ARM says that around 5 percent of more than 120 billion chips shipped since 1991 were impacted by Spectre and significantly fewer by Meltdown.

Meltdown could let hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. Spectre potentially allows hackers to trick otherwise error-free applications into giving up secret information.

GeForce, Nvidia’s core line of GPUs, is aimed at consumer markets and includes gaming chips.

The Quadro chipsets are used for commercial workstations, while Tesla powers datacenters and is used for artificial intelligence processing such as that used in self-driving cars.

“It’s not shocking to see this given the widespread nature of the chip vulnerabilities ... This situation will test its brand and reputation although we see minimal financial ramifications to the company,” said Daniel Ives, research analyst at GBH Insights, said about Nvidia.

Nvidia shares were down 1.3 percent at $219.09 in early trading on Wednesday. Intel shares were little changed, while AMD, believed to be able to benefit from its rivals’ issues, were up 1.7 percent.

Chipmakers and operating system vendors have been pushing out patches to fix the flaws, but the software updates have also raised a host of new concerns.

Microsoft Corp said Tuesday its software patches slowed down some PCs and servers, with systems running on older Intel processors seeing a noticeable decrease in performance and added that security updates froze some computers using chipsets from AMD.




http://nvidia.custhelp.com/app/answers/detail/a_id/4611

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Wed Jan 10, 2018 2:31 pm

AMD boards may also require firmware updates. They may not be susceptible to Meltdown, but they are to Spectre.

It's a mess. This is all based on some bad decisions in basic CPU design to trade off security for performance. It's going to impact all kinds of devices including big iron routers.

Lack of transparency is not helping.

Intel needs to come clean about Meltdown and Spectre
https://www.theverge.com/2018/1/10/1687 ... own-issues
Image

User avatar
psypher
Senior Member
Posts: 349
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby psypher » Wed Jan 10, 2018 4:53 pm

The more stories I read the more I start to think that no nefarious hacker needs to bother exploiting this flaw to cause havoc, Microsoft/Intel/etc... are all doing a fine job of bricking computers!

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

SpecuCheck Windows utility for checking the state of the software mitigations against Meltdown & Spectre

Postby FlyingPenguin » Thu Jan 11, 2018 5:57 pm

Steve Gibson tweeted a link to this simpler test:

https://github.com/ionescu007/SpecuCheck
Image

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Thu Jan 11, 2018 7:12 pm

Oops. Posted a link to the source code. The EXE file for that test is available here: https://github.com/ionescu007/SpecuCheck/releases

Use the x86 version only for 32bit operating systems.

You have to run this from a DOS command prompt with admin privileges.

If you don't have the patch, you just get a message that the patch is not installed, because part of the patch is it adds an API that this tool uses to test for exploitability.

If you're patched it will look like this. There are mitigations indicated as still being vulnerable (no) because they either require a Spectre OS patch or a BIOS update:

Image
Image

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Thu Jan 11, 2018 7:40 pm

Steve Gibson did a deep dive into this on his last podcast.

Here's the short version for those of you who don't need to understand ALL the nitty gritty:

- The reason this all happened (and this is a VERY simplistic explanation) is that modern CPUs do a LOT of prediction and caching to improve performance. Since a lot of CPU operations are repetitive (like loops) the CPU is constantly guessing ahead to predict what code and data you may be re-using in the immediate future and storing it in very fast CPU cache (because it takes a LOT longer to retrieve it from memory). The trouble is that since the user and kernel spaces both share those caches, what these researchers discovered is that a program running in user space can "see" or at least infer what a kernel process is doing. This could allow a malicious app running in user space to "see" another what another program is doing - even one running in the protected kernel space. It can basically be used as a spy tool to steal confidential data like passwords or (in the case of a server) private encryption keys.

- AMD CPUs that are having issues with the patch are older Athlon X2 and Sempron CPUs. MS is now blocking AMD CPUs until they resolve the problem.

- As I mentioned before, if your AV company doesn't set a registry setting to indicate it is compatible with the patch, you won't get the patch OR ANY FUTURE WINDOWS UPDATES until that registry setting is set. This is because many AV products use unapproved "hooks" into the kernel and this patch breaks those hooks. You can assume all major AV vendors will eventually make their AV compatible and set the registry, but if you're one of those people running a 4 year old free AV app you may want to update. Honestly, IMO, all you need is Windows Defender and - if you want some extra protection, get Malwarebytes Premium or run Malwarebytes free on a monthly basis. AV apps have become so big and bloated, they are becoming a performance and security issue themselves.

- Should you rush into the patch? Not really. There are other mitigations. Keep in mind this exploit can only be taken advantage of if you first allow a malicious program to be installed. If you're not the type of person who installs anything (especially unsigned software) willy-nilly, then you're not likely to have something nasty get in there in the first place to use this exploit. Firefox and Chrome are both actively blocking attempts by websites that offer you an install that would exploit this. I suspect AV products will start to do the same soon.

- Real world performance hits from the patch on home users have been negligible. On servers they can be VERY significant though (some gaming servers saw CPU usage go up 250%, but we can assume these companies will re-code their server software to make it more efficient). How much of a performance hit you actually see depends on how often your OS switches between a kernel and a user program, and that's a very subtle thing. It's more common on very processor intensive tasks. SQL server, for instance, seems to take a substantial hit (FYI: a lot of database programs use SQL server, like Quickbooks). The patch forces the CPU to flush the cache every time it switches from kernel to user (so there's no data in the cache for a malicious user app to see). Arguably, CPUs should have been doing this all along, but CPU manufacturers chose not to because it costs performance. They assumed that other mitigations would make it hard to leak information through the cache, but these researchers showed it was actually possible.

- Do check your mobo manufacturer's download patch for a BIOS update. The Windows patch alone doesn't totally solve the problem.

- How bad is this? If you're a cautious person and don't let untrusted software into your PC, it's no big deal. This is more of a concern for your average non-techie who is prone to downloading fake Flash updates. It's also a big problem for servers although IN THEORY servers shouldn't ever be installing unsigned software, so MS is actually recommending server operators hold off if they are sure that their practices will not allow unsigned software to be installed. Trouble is that we HAVE had hackers steal encryption keys from software vendors and inject fake updates into poorly secured update systems, so server operators are kind of in a bad place: be safe and install the patch and take a major performance hit, or don't install the patch and hope that they're security practices are good and some bozo doesn't plug a malicious flash drive into a server.

Here's Steve Gibson's podcast on this subject. The whole show is a good one, and he mentions Meltdown issues several times before the main segment, but if you want to cut to the chase on Meltdown, then jump ahead to the 1:27 mark:

Image

User avatar
psypher
Senior Member
Posts: 349
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby psypher » Thu Jan 11, 2018 8:16 pm

FlyingPenguin wrote:Steve Gibson did a deep dive into this on his last podcast.
- Should you rush into the patch? Not really. There are other mitigations. Keep in mind this exploit can only be taken advantage of if you first allow a malicious program to be installed.


Except for Spectre, I believe that one can be exploited with javascript.

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Thu Jan 11, 2018 8:20 pm

Yeah, and I think Meltdown can be too. That's what Chrome and Firefox are mainly blocking. Again, expect AV to be detecting that too.

No patch for Spectre yet though.
Image

User avatar
normalicy
Posts: 9047
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby normalicy » Fri Jan 12, 2018 1:23 am

I'm interested to see if other hardware vendors go through the effort to patch older product firmwares.

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Fri Jan 12, 2018 7:20 pm

AMD is releasing Spectre firmware updates to fix CPU vulnerabilities

https://www.theverge.com/2018/1/11/1688 ... ryzen-epyc
Image

User avatar
FlyingPenguin
Flightless Bird
Posts: 26860
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby FlyingPenguin » Fri Jan 12, 2018 7:40 pm

According to Steve Gibson, the eventual BIOS updates (IF they release it for your CPU - Intel says earlier than Haswell may never be patched - and IF your mobo manufacturer provides it) will add new instructions that the OS can use instead of the "blunt force" fix that the current Windows patch uses, which should negate the performance loss. The OS will detect if you have the new instructions (or the latest generation of CPUs that already have an instruction that does this) and use that instead of flushing the cache when switching from kernel to user space.
Image

User avatar
Err
Almighty Member
Posts: 4578
Joined: Thu Nov 22, 2007 11:54 am

Re: Glitch in Intel cpus may result in security patch with big perf hit

Postby Err » Wed Jan 17, 2018 2:25 pm

Steve Gibson released a tool to check for Meltdown and Sptectre:

https://www.grc.com/inspectre.htm


Return to “General Hardware”

Who is online

Users browsing this forum: No registered users and 4 guests