'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

[Puppy]

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.


ADMIN EDIT:
Intel: Stop firmware patching until further notice
January 23, 2018

[TPFanatic]

Speculative execution is a feature on Intel CPUs as early as the Pentium III. (maybe earlier)

AMD processors do not have this security flaw however the OS patches will indiscriminately affect both Intel and AMD computers.

[Puppy]

Microsoft issues emergency Windows update for processor security bugs

Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft’s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today.

[shawross]

Seems like disabling Javascript for everything except trusted sites wasn't a bad idea.

[dr_st]

Assuming the cited performance drops are really across the board, one has to wonder whether this terrible flaw, which evidently has been around for almost 2 decades without being exploited, is worth patching.

Given the state of panic everyone seems to be in, I would assume that there must be some really easy ways to exploit the flaw, and the only reason it hasn't been so far is that no one really realized it?

[Puppy]

Given the state of panic everyone seems to be in, I would assume that there must be some really easy ways to exploit the flaw, and the only reason it hasn't been so far is that no one really realized it?

There are two different issues Meltdown and Spectre https://meltdownattack.com/ Meltdown can be exploited by any javascript kiddie on Intel CPUs while Spectre is harder to exploit, but almost impossible to fix without changes in hardware design and affects all Intel/AMD/ARM architectures.

The root cause is always the same, maximum performance vs security

[Puppy]

Seems like disabling Javascript for everything except trusted sites wasn't a bad idea.

Yes, time to install the pesky NoScript addon for a while

[RealBlackStuff]

Methinks that people who work on "secret" stuff shouldn't go online with such a machine to begin with!
Problem solved (for them).

[shawross]

Reports are that Academia and Google discovered the exploit.

Could this have been the partnership between IBM (Watson) and Google? Academia is a bit too obscure and general IMO.

[Puppy]

Nothing can be more untrustworthy than Google (or Facebook). The page https://meltdownattack.com/ credits more sources that independently discovered the issue. For me, the Rambus source makes the most sense.

[Puppy]

More info regarding possible JavaScript attack in browsers

Firefox 57: https://blog.mozilla.org/security/2018/ ... ng-attack/
IE11/Edge: https://blogs.windows.com/msedgedev/201 ... -explorer/

[shawross]

Finding an exploit that arguably affects all computer hardware which can only be fixed by slowing down that hardware is potentially a huge boost to the computer industry.

Apple eat your heart out this is how it is done.

I wonder if the update to Windows 7 will be as efficient as the Windows 10 update.

[Puppy]

Some sources indicates the bug is already being exploited on web sites.

Video demonstration of the issue https://twitter.com/misc0110/status/948706387491786752

[dr_st]

The root cause is always the same, maximum performance vs security

Yeah, but specifics matter. How easy is it to craft an exploit? How easy is it to get practical information from it? Does it require an unusual set of circumstances to get anything rather than random garbage? If you have a malicious program hunting for leaked data - what are the odds of finding something valuable? 1 in 1? 1 in 100? 1 in 1,000,000? How much a performance hit are you going to take by patching against this behavior? 5% 10% 50%? Across the board or in specific workflows? etc, etc.

These questions are not easy to answer, and it seems that these days every darn click-bait site is oh-so-happy to publish any amount of FUD and make users think that if they don't apply every freaking patch the second it's out, then they might just as well broadcast their social security numbers and the code to their household safe on national television.

My understanding is that these new exploits (well, not really new, just newly discussed) are considered especially bad because they break the user-space / kernel-space separation and allow a user-level process to obtain kernel-level data without seemingly doing anything "wrong". So of course it's "horrible". However, given how easy it is to get naive folks to install a kernel-mode rootkit without noticing, and how many "privilege escalation" exploits have been published over the years that simply elevate malicious processes to root/system level where they can do anything anyways, is this new one really so much worse than all the others? Especially given that to date no one seems to know of a single in-the-wild abuse case.

[Puppy]

Yeah, but specifics matter. How easy is it to craft an exploit? How easy is it to get practical information from it?

Check the twitter link in my last reply.

My understanding is that these new exploits (well, not really new, just newly discussed) are considered especially bad because they break the user-space / kernel-space separation and allow a user-level process to obtain kernel-level data without seemingly doing anything "wrong". So of course it's "horrible". However, given how easy it is to get naive folks to install a kernel-mode rootkit without noticing, and how many "privilege escalation" exploits have been published over the years that simply elevate malicious processes to root/system level where they can do anything anyways, is this new one really so much worse than all the others? Especially given that to date no one seems to know of a single in-the-wild abuse case.

I understand you but most of these privilege escalation bugs gets fixed soon or later (and technologies like ASLR can partially prevent them) so it is hard to exploit them because there is limited time span an attacker can do that and it is CPU architecture specific. These two are much more serious. The Meltdown probably can be fixed but the performance penalty is rather unknown yet. Many users will start panic and try to skip the update so we will have many vulnerable machines that can be used as 'zombie machines' by attackers. The Spectre is probably the most interesting vulnerability for attackers because is OS a CPU architecture agnostic thus it makes sense to try to exploit it since there is no real fix.

[thinkpadcollection]

Update, there is article at anandtech on this processor attack. This is not even includes as way back as 1st gen i core series, problem does extend back to 1995 era processors as well. The true fix will be in future new processors. For time being the fix is OS themselves needs to be patched and problem is this does not include XP and any older OSes support is in question except current versions of OSes get the fixes. The problem is widespread and I did not mean just windows, all OSes on any processors in use worldwide. In nutshell this is serious. Impact of performance is unknown but everyone is working on measuring the impact of performance with the patch applied.

Cheers, thinkpadcollection

[Puppy]

needs to be patched and problem is this does not include XP

I still run R51 with the XP patches POS trick, let's see whether there is the update available or not.

It is also unknown how it affects virtualization (VirtualBox) that is very important for me.

[Puppy]

Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock
https://www.businessinsider.com.au/inte ... law-2018-1

[TPFanatic]

Windows 10 patches:
http://www.catalog.update.microsoft.com ... =KB4056892

Windows 8.1 patches:
http://www.catalog.update.microsoft.com ... =KB4056898

Windows 7 patches:
http://www.catalog.update.microsoft.com ... =KB4056897


Having installed the Windows 7 x64 patch on my T500 I don't notice any difference in performance.

[Puppy]

The Windows Update Catalog site seems to be under high load and down.

EDIT, if you change the links to https://..., it works

There is another one for IE11/Edge https://portal.msrc.microsoft.com/en-US ... /ADV180002

[Puppy]

BTW VirtualBox forum pointed to this article http://pythonsweetness.tumblr.com/post/ ... page-table that links another one https://arxiv.org/abs/1710.00551 stating the Rowhammer DRAM bug is still possible to exploit. It looks like 2018 is year of vulnerabilities.

[shawross]

It makes you wonder how many more "Exploits" did Edward Snowden forward on to Project Zero

Intel will need to design some new backdoors for the NSA

[TPFanatic]

Suremost way to secure your computer:

[thinkpadcollection]

Intel and hammer is immature but funny, but get serious. I did not specify which processors, how to get to the computer by any means in question is immaterial, this problem lies in speculative execution that nearly 90% of processors out there supports this and this is done mostly in software as well as hardware in some way. This include POWER, ARM, Intel, AMD (currently via Spectre attack), etc.

Despite the articles on Meltdown and Spectre both requires direct access to the computer itself to pry data from processor via speculative execution attack. Yet not only way by direct access in person there is other way I knew all you do is begin that by drive by attack. In order to do this via drive by download attack to drop this speculative execution attack payload in place and execute that and use other payloads to gather up the information gleaned from this speculative execution attack in this fashion.

Project Zero is Google's arm in their one of their many departments, also not only one, other teams from other industries are working together on this as well. Frankly, I do not like NDA especially how processor makers wanted to keep lid on more details till this 9th of Jan, 2018. Because of this my comment stems from speculative execution attack methods was found out last summer of 2017.

Cheers, thinkpadcollection

[TPFanatic]

The wireless card is supposed to symbolize a wireless card.

[Puppy]

Firefox 57.0.4 update https://www.mozilla.org/en-US/security/ ... sa2018-01/

[dr_st]

The wireless card is supposed to symbolize a wireless card.

The "Telstra ADSL" joke never gets old.

[Puppy]

There will not be patch for Intel 2nd Gen CPUs in .20 ThinkPad series https://support.lenovo.com/cz/cs/solutions/len-18282

[dr_st]

Good. I wish someone comes up with an easy way to fully reject the OS patches as well.

[Puppy]

Why? The real performance impact is close to zero but the risk of these vulnerabilities is too high.