Massive CPU Security Flaws Revealed

As the proud owner of a MSI Z87-G43 Gaming, I anticipate exactly zero ongoing support :(

I’m also the owner of a Z97 mobo. Meltdown is going to be fixed in OS updates, so, that one is “done”.
Spectre, as long as it can’t run in Javascript (and browsers are being updated to “ensure” that), you should be fine (or as fine as possible, safety wise). I’d wager AV software and the like are going to be updated to look for this sort of behavior.

Last time I applied a BIOS update to my (home built) PC - all my drives got forgotten and I lost my hardware RAID. Assuming there is an update available for mine: I’m going to be leery of applying it.

But right: most people are not going to know how to apply/will apply a BIOS update. Hmph.

What’s that from?

The Last Starfighter

I think you have to turn in some sort of card now. Either geek, nerd, or old man card. Mostly because I get really worried when even I get a reference.

VMware is pulling ESXi patches due to this, and Dell is issuing a warning about their BIOS updates that include the Intel fix.

Gentlemen, this is a shit show.

To be fair, this crap is actually hard. It was 20years before someone even found it to be a problem (or at least publicly revealed it). And they can’t exactly take the needed time to do it ‘right’. They have to do it ‘now’.

Okay, I suppose that doesn’t make it less of a shit show. Just one with “reasons”.

Looks like ASRock hasn’t updated my BIOS in years.

Should I disable javascript or what?

As much of a hassle as it can be, I’ve re-installed Noscript and only whitelisting trusted sites.

Paranoid? Maybe.

Intel has to push out new microcode for Skylake and later, because apparently they too are vulnerable to the same reboot issue hitting the Haswell and older chips

@Woolen_Horde Man Intel. Yikes.

Is “Pro” much better? I think you need to go “Ultimate” to get full control of your system.

You never know for sure where all the ads come from, though. Unless your “trusted sites” are like Qt3 and have no ads.

Yeah. You just do the best you can.

And the Register says these are hoaxes.

https://react-etc.net/entry/skyfall-and-solace-vulnerabilities

https://skyfallattack.com/

https://www.phoronix.com/scan.php?page=news_item&px=RETPOLINE_UNDERFLOW

Skylake and later CPUs, meaning any Intel CPUs starting with a 6, 7, or 8, are particularly vulnerable to Spectre. It remains to be seen if Google’s mitigation can cover it-- hopefully it does, as retpoline (Google’s work) is a much, much smaller performance hit than the alternative, IBRS, which will murder performance.

Interesting. Looks like I dodged a bullet sticking to my 4770K a little there.

Well, CPUs older than Broadwell take a much larger performance hit from Meltdown patches. And Microsoft has classified all CPUs older than Skylake as taking that much bigger Meltdown hit.

So, if your CPU is older than Skylake you get screwed on Meltdown patch performance, and if your CPU is Skylake or newer you get screwed on Spectre patch performance. The only way to not get completely screwed is to run AMD Ryzen, which has no Meltdown vulnerability at all and is less vulnerable to Spectre than any Intel CPU.

But it still remains to be seen, maybe they can make retpoline work with Skylake and newer CPUs, in which case they’ll be OK too. But with AWS using IBRS, it ain’t looking good.

Do I not have the patch yet? I have yet to notice any performance hits at all, and have no Windows Updates, or is the patch not out yet?