Chip giant warns some to hold off installing chip patches after it finds 3 problems
Intel is quietly advising some customers to hold off installing patches that address new security flaws affecting virtually all of its processors. It turns out the patches had bugs of their own.
The glitch underscores the complexity of Intel's challenge as it scrambles to fix the unprecedented vulnerabilities (marketwatch.com
morningstar.com
>intel is dying in your lifetime
Other urls found in this thread:
amd.com
media.ccc.de
phoronix.com
chiru.no
superuser.com
reuters.com
arstechnica.com
twitter.com
>mfw intel
lmao'in @ ur life.
Intel is fucking trash.
I g-give up..
AMD is still vulnerable but everyone seems to be focusing on Intel. Is there any uptdates on Spectre? Not a shill, I just have a new Ryzen so IDK what to do.
>am I fixed user
One needs physical access to an AMD machine for it to be vulnerable user, otherwise you're good.
Meltdown vuln are NOWHERE NEAR as hamful than Spectre v1 and v2 exploits. Hence to exploit v1 and v2 on AMD systems you need physical access.
intel a shit
>b b b buh buh amd almost had spectre too
Pathetic.
Holy shit fuck you Intel.
Thanks, but I suppose I should keep informed if future exploits are announced
>I prefer to root for a company like a stupid cheerleader instead of being worried of a major security issue.
Again I bought a ryzen.
yes yes kid, better focus on spectre and meltdown, not the government backdoor Intel ME that just recently started to stir shit up and became more widely known amongst normies
One (1) X299(C) RAID(R) KEY(TM) (299USD MSRP) has been sent to your home adress.
footnote: INTEL is a registered trademark of INTEL CORPORATION.
where are the shills
>AMD is still vulnerable
orly?
>v1 fixed
>v2 ''maybe''
>v3 nope
>When Solaris meme man calls out Intel
loving every laugh
NOOOOO this cant be happening
lewd elf
So... Is ARM vulnerable like Intel or vulnerable like AMD?
ARM is a fucking meme processor that can only compete in the smartphone and tablet market
Oh damn guess it doesn't matter then, it's not like smartphones and tablets are massive nowadays. You fucking idiot.
The ride never fucking ends.
v1 bug is on level of F-Secure AMT bug.
Just don't use non standard setting and v1 will never affect you.
lmao wtf are they doing
Intel is a shithole
>the fix has bugs of it's own
fucking lol
Listen here you fucking shill. Amd has nearly zero risk of vulnerability. The only reason they don't say 100% security is because you can never claim that something is 100% secure. Compared to shintel, amd is literally invulnerable.
AMD has PSP vulnerability
equally shit as Intel ME vuln, but ME can be patched out already
Intel still has the highest performing processors of any kind on the market. Also, even with meltdown and spectre, Intel products are proven the MOST secure digital processor products per capita. Delete your life.
>remote bios access
an hero yourselves
for
>Again i bought a ryzen
>never even said he bought a ryzen in the first place
fuck off shill
Absolute bullshit but they believe it
Can you read?
>AMD is still vulnerable but everyone seems to be focusing on Intel. Is there any uptdates on Spectre? Not a shill, I just have a new Ryzen so IDK what to do.
>> I just have a new Ryzen
...
they have no shame, whatsoever
This wouldn't have happened if they hired less pajeets
Hmm, if I blame Intel for borking my CPU, do you think I can somehow force them to give me a new one?
What the hell I'm tired of this shit. I have a cheap haswell but I wasn't looking forward for this shit, that's for sure.
So "don't update yet" but what the fuck are you supposed to do if you use something like Windows 10
EPYC absolutely ass blasts XEONS,
AMD has the fastest processors now my cuck friend.
Try to be more subtle you third world shitholer
buy a mac
I claim that Intel won't exist anymore in 2020.
Discuss.
>what Solaris meme?
>which still has intel
No thanks.
nah they have way too much money desu. Theyre probably gonna bring out some new processors and since theyll have to be designed differently toall of them from the past 15 years theyll be gimped as fuck
Windows doesn't update microcode automatically, does it? Microcode updates are usually part of bios updates.
Don't confuse the updates. There are microcode patches, workaround patches in the OS and mitigation in highly affected userland like web browsers
cantrill is a con man
Oh well, then I guess I have no problem because my motherboard ain't getting no updates anyways.
Excuse me, but from what?
Their mobile segment was a flop. They sold their ARM division before the iPhone existed, billions lost forever. Then they tried making that gap up using the Atom phones (e.g. Asus Zenfone), that division got ended as well because nobody wanted Android with no apps.
Now their servers suck. They've still got the gamer market, sure. But for how long?
i dont really know too much about them desu but i cant imagine this would cause intel to close down. But you never know
>Excuse me, but from what?
Enterprise and OEM. If they lose that they're royally fucked. Now enterprises and OEMS have at least three good reasons to stay away from Intlel.
>price
>security
>performance after meltdown & spectre patch
I am not updating my BIOS. V2 is hard to exploit and hopefully so long as I apply enough common sense I will not be vulnerable to such a exploit (V2 requires a foothold first).
when will windows 10 enterprise get meltdown and spectre patch?
Yes.
Yes.
Did something happen with Intel's ME that I should know about?
>AMD has PSP vulnerability
[citation needed]
Anyone? I have a Pro and Enterprise installation and neither seemingly have the patch.
Worth it [spoiler]for the doujins[/spoiler]
AMD rolled out BIOS update to disable PSP last month, didn't they?
Im very dissatirfied by the vaugeness and evasions of amd on this issue. everybody else released whitepapers explaining the problem and existing/possible mitigations. the arm whitepaper is excellent.
but all we get from amd are their "assurances" that their chips are immune to meltdown and "resistant" to "most" of specter, without being forthcoming on any details.
not only that, but the patch they submitted for the linux kernal basically leaked meltdown before it was supposed to be announced.
seems pretty unethical if you ask me.
they already backtracked on their initial claim of immunity to spectre, so itll be interesting to see how this pans out for them.
watch ccc talks at media.ccc.de from december 2017
it's starting to become real botnet, from Sup Forumsmeme to reality as research is being done. exploits would be a gold mine. even mcafee wouldnt be able to help you to get rid of a minix infection. currently it's still about making use of/accessing/understanding the minix but bear in mind: it's nearly been a month again.
what a coincidence. brian krzanich knew half a year ago and suddenly (literally days after!!!) when hacks start to surface a new scandal is being pushed into the media to distract.
Bryan Cantrill.
Probably. SmartOS is good for what it's made for.
>they already backtracked on their initial claim of immunity to spectre, so itll be interesting to see how this pans out for them.
not sure about that one because all i ever get to hear is amd fanboys crying about it being perfect
but wasn't the official position that v1 was patched and v2 was not proven to be possible on amd hardware until a day or so ago when they said that they are going to patch v2 too?
i don't remember amd directly implying imunity to spectre.
in regards of meltdown they are immune to it though? or did anything change in that regard
Yup.
PSP nowhere near the issuue Intel ME is.
Intel shills are still clinging on whatever they still can.
>PSP can be patched out already
FTFY
0.15 shekels has been deposited to your account
inb4 patch to fix this burn your house
Good thing I didn't install the fix desu
> triple faulting in my hasty massive page table kernel patch? never!
anybody who dreamed of the KPTI change going off without a hitch was a complete fucking moron.
IT'S A FEATURE
don't mind me
What does the physical size of a device matter in this case?
Spectre is not much of a problem. The exploit, as described in the white paper, seems to be of limited usability and the risks are very minimal (it basically exploits the cached data from a branch mispredict, which will rarely contain sensitive data and is highly dependent on the target app).
Meltdown is the really scary one, able to bypass security altogether and read reams of sensitive kernel data. As a professional computer programmer, I won't lose any sleep over Spectre, but Meltdown absolutely terrifies me.
What Intel tried to do was conflate the two, and make it look like other CPU manufacturers have the same problems - they don't.
SHOAH
They have always been this way. AMD has a terrible track record of documenting CPU errata and this is no exception. Their "near 100%" is no exception.
amd.com
>While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
So I guess not as near 100% at they claim and if you notice they use "mitigate".
Funny I updated my 4690K microcode when the update was released (about 8 hours after it was available in the intel download website) yet I have to experience any crashes and I'm running an OC of 4.6Ghz with a Z87 board.
>watch ccc talks at media.ccc.de from december 2017
This?
media.ccc.de
>but all we get from amd are their "assurances" that their chips are immune to meltdown and "resistant" to "most" of specter, without being forthcoming on any details.
They have said that their branch predictor in Ryzen uses the full memory address of the branch target rather than a typical BTB that you find in older AMD and all Intel chips, that stores only part of the address. This means they are not very vulnerable to Spectre variant 2, but there may be unexplored attacks that would make them vulnerable.
>not only that, but the patch they submitted for the linux kernal basically leaked meltdown before it was supposed to be announced.
Uh, no? The patches leaked the security problem. All the AMD patch did was tell people that it's mostly an Intel problem.
>they already backtracked on their initial claim of immunity to spectre, so itll be interesting to see how this pans out for them.
They never ever said this. They said that they are at "near-zero risk" of exploitation by Spectre variant 2 specifically, a stance they maintain still. There's no harm in shipping IBPB and IBRS support in their microcode to mitigate it completely. They have never said they are invulnerable to Spectre variant 1, because they aren't.
They are less at risk from Spectre, however. AMD processors flag errors before speculative execution, which means that page faults etc. are raised before speculative execution is carried out on a memory address that shouldn't be accessible, which is why Meltdown doesn't work on AMD processors and why Spectre is unable to leak userspace memory from other applications (while this is possible on Intel).
>dying in your lifetime
Only if the OEMs move to AMD, which I don't see happening anytime soon.
Wonder how big an undertaking it would take to move MacOS to AMD.
>AMD is still vulnerable but everyone seems to be focusing on Intel. Is there any uptdates on Spectre? Not a shill, I just have a new Ryzen so IDK what to do.
AMD is as vulnerable to Spectre variant 1 as every other processor that speculatively executes code. Variant 2 is to date not known to be exploitable although they're releasing microcode to offer mitigation proactively. They are not vulnerable to Meltdown.
Note that they are not vulnerable to Meltdown because AMD processors flag errors immediately as they happen during speculative execution, which means they are also not able to leak memory from other userspace applications using a Spectre attack. Intel processors can leak memory from other userspace applications because they allow speculative execution on normally inaccessible addresses and only flag errors afterwards (thus rolling back every executed instruction, except the cache remains modified allowing the exploit to happen), and this also lets Meltdown become a problem on their processors.
Spectre variant 1 is not fixed on AMD processors nor any other processor. Variant 1 needs to be mitigated by patching the actual software running on the machine and can't be fixed without an actual hardware overhaul to the processor nor can the OS protect running applications from this particular variant (and maybe not even with a CPU design overhaul can it be fixed, since speculative execution on a shared and limited resource will always have observable side-effects).
>Meltdown vuln are NOWHERE NEAR as hamful than Spectre v1 and v2 exploits.
Yes, it is? What enables Meltdown is the bypass of the MMU protections in the processor, and Intel is affected because they don't flag or even check errors until after the speculative execution has been carried out.
>Hence to exploit v1 and v2 on AMD systems you need physical access.
Spectre is remotely exploitable, the only thing you need is to be able to execute code on the machine.
You don't. You are thinking of the attack on the PSP through a TPM implementation vulnerability.
phoronix.com
Requires physical access.
>where are the shills
everywhere. have you checked this very thread?
>but wasn't the official position that v1 was patched and v2 was not proven to be possible on amd hardware until a day or so ago when they said that they are going to patch v2 too?
That's right except for that they said variant 1 can be patched in software (meaning all running software on a machine needs a patch, not just the OS), but they did say and still maintain that variant 2 is not particularly exploitable on AMD Ryzen processors. They are shipping microcode proactively.
>Variant 1 needs to be mitigated by patching the actual software
which was already done
>Wonder how big an undertaking it would take to move MacOS to AMD.
None at all since hackintosh can run on ryzen fairly easily with a few quirks
Intel makes more in operating income each year than AMD is worth.
If Intel doesn't stoop to blackmail and bribery to keep OEMs from using AMD, a Ryzen PRO APU looks extremely attractive to a business. More power than an Intel quad core, less power draw, cheaper, and all the security features that come with the PRO series. Even without the PRO features Ryzen APUs are a better option.
>which was already done
Yep, you heard it here folks. All the software on the ENTIRE planet has been patched against Spectre.
>linux
check
>firefox
check
>
>Windows doesn't update microcode automatically, does it?
Yes it does just like linux, during boot, check mcupdate_GenuineIntel.dll.
superuser.com
...
nice pasta
Just make a patch to patch the patch.
>vaugness
how? Their statements are crystal clear and they didn't backtrack on any of them. Vulnerable to spectre version 1, almost zero risk for vulnerability to version 2, not vulnerable to meltdown.
And in regards to spectre version 2:
>Why no IBRS on Zen? AMD argues that Zen's new branch predictor isn't vulnerable to attack in the same way. Most branch predictors have their own special cache called a branch target buffer (BTB) that's used to record whether past branches were taken or not. BTBs on other chips (including older AMD parts, Intel chips, ARM's designs, and Apple's chips) don't record the precise addresses of each branch. Instead, just like the processor's cache, they have some mapping from memory addresses to slots in the BTB. Intel's Ivy Bridge and Haswell chips, for example, are measured at storing information about 4,096 branches, with each branch address mapping to one of four possible locations in the BTB.
>[...]
>Zen's branch predictor, however, is a bit different. AMD says that its predictor always uses the full address of the branch; there's no flattening of multiple branch addresses onto one entry in the BTB. This means that the branch predictor can only be trained by using the victim's real branch address
arstechnica.com
which is why bios/microcode updates for AM4 are optional, not required, and IBRS isn't used even if you choose to install them.
The only shit that needs to be patched is anything that allows jit compiling. Specter is a serious bug, unlike what a lot of ppl here are trying to wave it off as, but it can be patched fairly easily. The beauty of open source operating systems is that the entire user space CAN be recompiled in a day.
>The only shit that needs to be patched is anything that allows jit compiling.
Not true. Any exploitable application can potentially read out your entire memory if you're on an Intel processor, and KPTI only protects the kernel. Are you talking about Project Zero using eBPF JIT to exploit the machine with Spectre vulnerabilities?
>but it can be patched fairly easily
Yes, automatically by a compiler even.
>The beauty of open source operating systems is that the entire user space CAN be recompiled in a day.
But you still have tons of Winbabby software and proprietary software that doesn't get patched, and is exploitable. Obviously what's most important is the browser, but any network application can be exploitable and allow an attacker to use Spectre/Meltdown to attack the system.
Again, any network application is a real sore spot.
They've had 6 MONTHS to fix this and now they still have issues with it. Really a joke of a company.