NEW! Microsoft issues emergency Windows update for processor security bugs The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Intel says it’s working with AMD and ARM in a strongly worded statement, despite AMD engineer Tom Lendacky previously saying “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.” Intel says it planned to disclose this issue next week along with other vendors, but that it’s issuing a statement today due to what it angrily describes as “inaccurate media reports.” Intel® Management Engine Critical Firmware Update (Intel-SA-00086) Last Reviewed: 26-Dec-2017 Detection ToolVersion: 1.0.0.152 Windows and Linux: https://downloadcenter.intel.com/download/27150?v=t Previous Version: 1.0.0.135 was posted to this forum Nov 21, 2017. Note: Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVE's only affect systems with Intel Active Management Technology (Intel AMT) version 8.x-10.x. Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later, to help verify the status of their system in regards to the INTEL-SA-00086 Security Advisory. Possible performance issue with patch installation: https://www.theguardian.com/technol...tel-processors-computers-windows-mac-os-linux http://www.pcgamer.com/serious-inte...-but-probably-wont-affect-gaming-performance/ AMD has a similar technology built into their processors, including a hidden debug mode that's recently been reverse engineered. https://hackaday.com/2010/11/13/debug-mode-lurking-inside-amd-chips/
The first paragraph is the new issues identified. On Intel side, it is numbered as SA-00088. The rest of the previous post is a different one (SA-00086) which had been discussed around November 2017 in this forum previously.
Yes. The first paragraph is the new issue. And the links at the bottom refer to the new issue. The "old issue" has been updated also.
I ran the Intel Detection ToolVersion (1.0.0.152) on the UDOO X86 and it reports the "system is not vulnerable" to the Meltdown or Spectre flaws. From what I can see on my Intel based laptops, and those of friends and family, laptop models all appear safe. I'm guessing that mostly servers, desktops, and high-end gaming laptops support the Management and Trusted Execution Engines in their BIOS' and are therefore more at risk. I also noticed that for some reason (likely due to the X86's minimal use of unique devices) Microsoft installed the latest Win10 build 16299.192 on my UDOO X86 earlier than my other computers.
This thread is all about (from Intel point of view) SA-00088 issues (three of them.) There is a tool for SA-00086: Intel-SA-00086 Detection Tool 1.0.0.152 It is unrelated with what we are discussed here. ccs_hello
I didn't see the original thread. I'm aware of the following two additional processor related flaws, what is the third? CVE-2017-5753 https://01.org/security/advisories/intel-oss-10002 CVE-2017-5754 https://01.org/security/advisories/intel-oss-10003 It was my understanding that vulnerability tests for the above were added to Detection Tool version 1.0.0.152, but can't find where I read that. Note: CVE-2017-5716 https://01.org/security/advisories/intel-oss-10001 goes back to Aug., 2017.
Raspberry Pi Blog has nice article about how Spectre and Meltdown security vulnerabilities work. https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
There are 3 attack variants on this Jan 03, 2018 SA-00088 disclosure. Variant 1: CVE-2017-5753 (a flavor of) Spectre Variant 2: CVE-2017-5715 (another flavor of) Spectre Variant 3: CVE-2017-5754 Meltdown BTW, Intel-SA-00086 Detection Tool can be found here https://downloadcenter.intel.com/download/27150?v=t If you run GUI version of the tool (Intel-SA-00086-GUI.exe), it will show its version: 1.0.0.152 ccs_hello
