Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

How to protect your PC against the major ‘Meltdown’ CPU security flaw
www.theverge.com ^ | Jan 4, 2018, 8:12am EST | By Tom Warren

Posted on 01/04/2018 6:45:29 AM PST by Red Badger

Only Intel machines are affected by Meltdown

Details have emerged on two major processor security flaws this week, and the industry is scrambling to issue fixes and secure machines for customers. Dubbed “Meltdown” and “Spectre,” the flaws affect nearly every device made in the past 20 years. The Meltdown flaw only affects Intel processors, and researchers have already released proof of concept code that could lead to attacks using Meltdown.

The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other valuable information. Researchers are already showing how easy this attack works on Linux machines, but Microsoft says it has “not received any information to indicate that these vulnerabilities have been used to attack customers at this time.” "Protecting a Windows PC is complicated"

Protecting a Windows PC is complicated right now, and there’s still a lot of unknowns. Microsoft, Google, and Mozilla are all issuing patches for their browsers as a first line of defence. Firefox 57 (the latest) includes a fix, as do the latest versions of Internet Explorer and Edge for Windows 10. Google says it will roll out a fix with Chrome 64 which is due to be released on January 23rd. Apple has not commented on how it plans to fix its Safari browser or even macOS. Chrome, Edge, and Firefox users on Windows won’t really need to do much apart from accept the automatic updates to ensure they’re protected at the basic browser level.

For Windows itself, this is where things get messy. Microsoft has issued an emergency security patch through Windows Update, but if you’re running third-party anti-virus software then it’s possible you won’t see that patch yet. Security researchers are attempting to compile a list of anti-virus software that’s supported, but it’s a bit of mess to say the least.

A firmware update from Intel is also required for additional hardware protection, and those will be distributed separately by OEMs. It’s up to OEMs to release the relevant Intel firmware updates, and support information for those can be found at each OEM support website. If you built your own PC you’ll need to check with your OEM part suppliers for potential fixes.

If you own a Windows-powered PC or laptop, the best thing to do right now is ensure you have the latest Windows 10 updates and BIOS updates from Dell, HP, Lenovo, or one of the many other PC makers. We’re hoping Microsoft or Intel creates a simple tool (they have a PowerShell script right now) to check protection for both the firmware and Windows updates, but until such a tool is available you’ll need to manually check or get familiar with PowerShell. Here’s a quick step-by-step checklist to follow for now:

Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser Check Windows Update and ensure KB4056892 is installed for Windows 10 Check your PC OEM website for support information and firmware updates and apply any immediately

These steps only currently provide protection against Meltdown, the more immediate threat of the CPU flaws. Spectre is still largely an unknown, and security researchers are advising that it’s more difficult to exploit than Meltdown. The New York Times reports that Spectre fixes will be a lot more complicated as they require a redesign or the processor and hardware changes, so we could be living with the threat of a Spectre attack for years to come.

Update, 9:15AM ET: Removed links to Intel’s detection tool that a now deleted Microsoft security blog may have incorrectly referenced.


TOPICS: Business/Economy; Computers/Internet; Society
KEYWORDS: 10; 7; amd; android; apple; arm; chrome; computer; cpu; firefox; flaw; google; hack; hardware; hardwarebug; intel; intelchip; intelprocessor; kernelpanic; macos; meltdown; microsoft; mozilla; pc; smartphone; software; spectre; tablet; windows; windowspinglist; windowsupdate; xp
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-65 next last
To: snarkpup

The only thing Intel is interested in is selling silicon. Software is just a means to an end. So of course, they’d rather spend as little on it as possible. It causes all kinds of horrible decisions.


21 posted on 01/04/2018 9:06:53 AM PST by fuzzylogic (welfare state = sharing consequences of poor moral choices among everybody)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Vinnie

I’m running 10.68 and have no intention of upgrading ever.


22 posted on 01/04/2018 9:12:54 AM PST by PIF (They came for me and mine ... now it is your turn ...)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Red Badger

Just keep your browsers up to date and all will be well. Otherwise this is much to do about nothing.

No doubt all the new circuit boards being made in the future will have an updated firmware so this isn’t an issue in the future


23 posted on 01/04/2018 11:22:58 AM PST by Boomer (Leftism is a Cancer on Society; Pray for a Cure!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Thanks for the info. I’ll start shutting down and updating immediately, even though it’s a pain in the neck!


24 posted on 01/04/2018 11:57:42 AM PST by afraidfortherepublic
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cats1

Thanks!

I did a little digging and this is a pretty good article with several good links:
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/


25 posted on 01/04/2018 12:15:19 PM PST by jurroppi1 (The Left doesnÂ’t have ideas, it has cliches. H/T Flick Lives)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Red Badger

THanks. Just to make it clear, I am a bona fide techtard. I use Chrome and Firefox. I never updated Chrome or saw any notice about it, I will do a search and find out how. Windows 10 updates are breathing down my neck right now. I use the free Avast.

Is all the above sufficient, do you think?


26 posted on 01/04/2018 1:07:09 PM PST by little jeremiah (Half the truth is often a great lie. B. Franklin)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jurroppi1

Trying to look in to this can give a non-tech person a headache, but I’m glad I could help.

—On my way now to check out your article and crossing my fingers they don’t come up with new information that dooms old 32 bit computers. (My desktop’s got to be over 10 years old).


27 posted on 01/04/2018 1:09:38 PM PST by Cats1
[ Post Reply | Private Reply | To 25 | View Replies]

To: little jeremiah

Since this is a hardware error, not a software error, the updates will all have to be implemented. Avast is only good for viruses and malware from outside. They may cover this as well, we’ll see.

The browsers and the OS, Windows 10, have not as yet released any updates That I am aware of to fix this, but they are working on it....................


28 posted on 01/04/2018 1:12:02 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 26 | View Replies]

To: little jeremiah
THanks. Just to make it clear, I am a bona fide techtard. I use Chrome and Firefox. I never updated Chrome or saw any notice about it, I will do a search and find out how. Windows 10 updates are breathing down my neck right now. I use the free Avast. Is all the above sufficient, do you think?

I think it is very unlikely you need to do anything. But you can check to see if you have a Intel CPU Usually your case will have a sticker on it if it does, or hold down the Widows key (bottom left, with a flag on it) and the Pause/Break key at the same time and let go, which should give you that basic info. Or type msinfo32 in your run command (Windows key and the r key) and hit OK for a lot of info. You can also run dxdiag if you want more interesting data.

If it is Intel then download and run the Intel® Driver & Support Assistant and it should tell you what needs to be updated, and provide what is needed. Thanks be to God .

29 posted on 01/04/2018 1:52:33 PM PST by daniel1212 (Trust the risen Lord Jesus to save you as a damned and destitute sinner + be baptized + follow Him)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Red Badger; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; ...
How to protect against the Meltdown vulnerability for any Windows machines you may have... does not apply for your Apple Macs, they are already protected by Apple. — PING!


Intel Meltdown Vulnerability In Windows Computers
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

30 posted on 01/04/2018 2:09:30 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vinnie

Running HS on a 2008 3,1 Mac Pro no noticeable slow downs from Yosemite days. (8 core Xenon w/SSD 16 gig RAM).


31 posted on 01/04/2018 2:12:31 PM PST by Drago
[ Post Reply | Private Reply | To 19 | View Replies]

To: PIF
As far as Apple boxes are concerned, the problem was fixed in OS 10.13.2 High Sierra; iPhones need physical access to be compromised.

Thanks PIF for posting this reply. . . but it needs more information. Let me add to your comment:

iPhones need physical access AND THE USER'S PASSCODE, plus an Apple Certificated malware designed to rewrite the firmware app on the Apple App Store, to be compromised.

You had it almost correct on the iPhone/iPad part of it. . . and that is for the completely different mode of attack of the "Spectre" malware which affects Intel, AMD, and ARM based processors.

32 posted on 01/04/2018 2:21:20 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: daniel1212

Thank you very much!

My laptop says “Intel Inside” Core 17.

Sadly it is Windows 10 which I hate.

I have a desktop but not using it yet.

Being a techtard, I never know what to do/not do unless a kind person has mercy and tells me. :-)


33 posted on 01/04/2018 2:23:10 PM PST by little jeremiah (Half the truth is often a great lie. B. Franklin)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Red Badger
They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other...

That's what they said about rowhammer and it was wrong. There was no viable exploit through Javascript and it was easy to preclude in a browser JS engine. The problem with all of these types of exploits is they require special instructions. Javascript doesn't allow arbitrary instruction execution.

The only threat from this flaw is if you run an exe. That's why the VM providers are rushing to patch, their customers can run any exe they want including a malicious exe that attacks the host or another guest VM. But on your own PC you must run a malicious exe with the special instructions. As long as you practice safe computing you won't do that.

34 posted on 01/04/2018 2:24:30 PM PST by palmer (...if we do not have strong families and strong values, then we will be weak and we will not survive)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Thank you very much.

I do appreciate knowledgeable people responding to those of kindergartner level (such as me).


35 posted on 01/04/2018 2:24:31 PM PST by little jeremiah (Half the truth is often a great lie. B. Franklin)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Swordmaker

Can’t take credit - got it from your post on another thread. You had not commented on this one so I though to spread the word. All thanks to you.


36 posted on 01/04/2018 2:25:40 PM PST by PIF (They came for me and mine ... now it is your turn ...)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Vinnie
Aw, I’m running 10.10.5 Yosemite and have been reluctant to upgrade. Heard Hi Sierra can really slow down an older machine.

Nope, not really. The first macOS High Sierra 10.13.0 had a few bugs, but macOS High Sierra 10.13.1 solved the vast majority of those. Apple upgrade first releases are seldom perfect. It takes lots of people in the wild finding those pernicious hidden bugs using lots of variations of hardware and software mixes to find all of them, even with Apple where they control the whole widget.

There are several extremely important security upgrades between Yosemite and the last iteration of High Sierra you really need. If your hardware can use High Sierra, upgrade.

37 posted on 01/04/2018 2:28:37 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: little jeremiah

38 posted on 01/04/2018 2:28:55 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Red Badger
Since this is a hardware error, not a software error, the updates will all have to be implemented. Avast is only good for viruses and malware from outside. They may cover this as well, we'll see.

The point of antivirus is to preclude running malicious executables. If you don't run malicious executables then the intel flaw can't be exploited. But you don't need AV to preclude running malicious EXEs. Nor do you need any patch as long as you practice safe computing.

39 posted on 01/04/2018 2:28:59 PM PST by palmer (...if we do not have strong families and strong values, then we will be weak and we will not survive)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Red Badger

I know enough to cause trouble.


40 posted on 01/04/2018 2:30:57 PM PST by little jeremiah (Half the truth is often a great lie. B. Franklin)
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-65 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson