Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

How to protect your PC against the major ‘Meltdown’ CPU security flaw
www.theverge.com ^ | Jan 4, 2018, 8:12am EST | By Tom Warren

Posted on 01/04/2018 6:45:29 AM PST by Red Badger

Only Intel machines are affected by Meltdown

Details have emerged on two major processor security flaws this week, and the industry is scrambling to issue fixes and secure machines for customers. Dubbed “Meltdown” and “Spectre,” the flaws affect nearly every device made in the past 20 years. The Meltdown flaw only affects Intel processors, and researchers have already released proof of concept code that could lead to attacks using Meltdown.

The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other valuable information. Researchers are already showing how easy this attack works on Linux machines, but Microsoft says it has “not received any information to indicate that these vulnerabilities have been used to attack customers at this time.” "Protecting a Windows PC is complicated"

Protecting a Windows PC is complicated right now, and there’s still a lot of unknowns. Microsoft, Google, and Mozilla are all issuing patches for their browsers as a first line of defence. Firefox 57 (the latest) includes a fix, as do the latest versions of Internet Explorer and Edge for Windows 10. Google says it will roll out a fix with Chrome 64 which is due to be released on January 23rd. Apple has not commented on how it plans to fix its Safari browser or even macOS. Chrome, Edge, and Firefox users on Windows won’t really need to do much apart from accept the automatic updates to ensure they’re protected at the basic browser level.

For Windows itself, this is where things get messy. Microsoft has issued an emergency security patch through Windows Update, but if you’re running third-party anti-virus software then it’s possible you won’t see that patch yet. Security researchers are attempting to compile a list of anti-virus software that’s supported, but it’s a bit of mess to say the least.

A firmware update from Intel is also required for additional hardware protection, and those will be distributed separately by OEMs. It’s up to OEMs to release the relevant Intel firmware updates, and support information for those can be found at each OEM support website. If you built your own PC you’ll need to check with your OEM part suppliers for potential fixes.

If you own a Windows-powered PC or laptop, the best thing to do right now is ensure you have the latest Windows 10 updates and BIOS updates from Dell, HP, Lenovo, or one of the many other PC makers. We’re hoping Microsoft or Intel creates a simple tool (they have a PowerShell script right now) to check protection for both the firmware and Windows updates, but until such a tool is available you’ll need to manually check or get familiar with PowerShell. Here’s a quick step-by-step checklist to follow for now:

Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser Check Windows Update and ensure KB4056892 is installed for Windows 10 Check your PC OEM website for support information and firmware updates and apply any immediately

These steps only currently provide protection against Meltdown, the more immediate threat of the CPU flaws. Spectre is still largely an unknown, and security researchers are advising that it’s more difficult to exploit than Meltdown. The New York Times reports that Spectre fixes will be a lot more complicated as they require a redesign or the processor and hardware changes, so we could be living with the threat of a Spectre attack for years to come.

Update, 9:15AM ET: Removed links to Intel’s detection tool that a now deleted Microsoft security blog may have incorrectly referenced.


TOPICS: Business/Economy; Computers/Internet; Society
KEYWORDS: 10; 7; amd; android; apple; arm; chrome; computer; cpu; firefox; flaw; google; hack; hardware; hardwarebug; intel; intelchip; intelprocessor; kernelpanic; macos; meltdown; microsoft; mozilla; pc; smartphone; software; spectre; tablet; windows; windowspinglist; windowsupdate; xp
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-65 next last
Hat Tip to JoeProBono............
1 posted on 01/04/2018 6:45:30 AM PST by Red Badger
[ Post Reply | Private Reply | View Replies]

To: Red Badger

None of our Linux machines use the Internet


2 posted on 01/04/2018 6:47:03 AM PST by AppyPappy (Don't mistake your dorm political discussions with the desires of the nation)
[ Post Reply | Private Reply | To 1 | View Replies]

To: AppyPappy

Do they have wifi or bluetooth?

They could be accessed from a smartphone................


3 posted on 01/04/2018 6:48:25 AM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Red Badger

Here’s the offending code.

If (NSA) then [do nothing];


4 posted on 01/04/2018 6:49:40 AM PST by Fhios (1987: Where's Waldo -- 2017: Where's Jeff Sessions.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

so my dual xeon from a decade ago will have some sort of update from HP? Yeah, I highly doubt it.

What about my 6/7 year old Dell?

Most likely I am not going to find updates for either perfectly functional machine.


5 posted on 01/04/2018 6:54:23 AM PST by jurroppi1 (The Left doesnÂ’t have ideas, it has cliches. H/T Flick Lives)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

It said “Javascript from a browser”.
the browsers only access the localhost Tomcat server.


6 posted on 01/04/2018 6:56:02 AM PST by AppyPappy (Don't mistake your dorm political discussions with the desires of the nation)
[ Post Reply | Private Reply | To 3 | View Replies]

To: jurroppi1

I JUST HAD A THOUGHT, AND NO IT DIDN’T HURT:

What if this was all planned out 10 years ago to make us all freak out and go out and buy new computers?................


7 posted on 01/04/2018 6:57:26 AM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 5 | View Replies]

Comment #8 Removed by Moderator

To: Red Badger
How to protect your PC against the major ‘Meltdown’ CPU security flaw...

Step One: Log out and turn the PC OFF
Step Two: Unplug the PC from its electrical outlet
Step Three: Carry the PC outside and place it on a stump or other level surface.
Step Four: Verify that the area behind the chosen level surface is free and clear of people, animals, houses, vehicles, etc.
Step Five: Discharge three to five rounds from a 12 gauge shotgun in to the cabinet of the PC.
NOTE:'00' Buck is preferred, but regardless of your choice of loads, be sure to spread your shots evenly across the face of the cabinet.
Step Six: Discard the remains of the PC in an environmentally responsible manner.

9 posted on 01/04/2018 6:58:14 AM PST by WayneS (An appeaser is one who feeds a crocodile, hoping it will eat him last. - Winston Churchill)
[ Post Reply | Private Reply | To 1 | View Replies]

To: WayneS

See post #7..................


10 posted on 01/04/2018 7:00:03 AM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Red Badger

Had a laptop crash Jan. 1. Looks like a hard drive failure. Hmmmm.


11 posted on 01/04/2018 7:06:47 AM PST by BipolarBob (At one time I held the world record as the worlds youngest person on the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BipolarBob

It happens.

My work computer HD failed back in June..................


12 posted on 01/04/2018 7:07:53 AM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Red Badger; rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; ...

13 posted on 01/04/2018 7:08:28 AM PST by ShadowAce (Linux - The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Suddenly feeling better about building my latest pc with ryzen.


14 posted on 01/04/2018 7:45:11 AM PST by OldNukeDaddy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

I wouldn’t put it past any of the large chip manufacturers. I work in the electronics industry and I see what passes for decision making in a highly regulated environment. I’ve also worked for other companies that weren’t as regulated.

Most of the time you will see management looking out for management and doing things that have the immediate impact of making management look good, but are or no benefit (usually a detriment) long term.


15 posted on 01/04/2018 7:46:30 AM PST by jurroppi1 (The Left doesnÂ’t have ideas, it has cliches. H/T Flick Lives)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Red Badger

As far as Apple boxes are concerned, the problem was fixed in OS 10.13.2 High Sierra; iPhones need physical access to be compromised.


16 posted on 01/04/2018 7:49:54 AM PST by PIF (They came for me and mine ... now it is your turn ...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jurroppi1
Most of the time you will see management looking out for management and doing things that have the immediate impact of making management look good, but are or no benefit (usually a detriment) long term.

About a decade or two ago, I saw a remark in an electronics trade magazine that Intel's success was dependent on the ability of its engineers to override management.

17 posted on 01/04/2018 8:00:30 AM PST by snarkpup (The swamp is draining; and the alligators are allegating.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: jurroppi1

The article posted on FR yesterday said the flaw was in the Intel x86-64 hardware. I googled it and it looks like they’re talking about 64 bit computer processors. I know it’s still early and info’s still coming out, but I’m glad I’m running a 32 bit.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/


18 posted on 01/04/2018 8:02:07 AM PST by Cats1
[ Post Reply | Private Reply | To 5 | View Replies]

To: PIF

Aw, I’m running 10.10.5 Yosemite and have been reluctant to upgrade. Heard Hi Sierra can really slow down an older machine.


19 posted on 01/04/2018 8:36:55 AM PST by Vinnie
[ Post Reply | Private Reply | To 16 | View Replies]

To: Red Badger

Ok guys before you all have kittens.
All Intel microprocessors can have their microcode patched thru BIOS update.
Lets all wait till all the info comes out.

The only one in the history of Intel which couldn’t be fixes was the FPU flaw and the problem was once the error showed up, it did NOT throw an exception error.

Thus you couldn’t detect it or fix it with a microcode patch.


20 posted on 01/04/2018 8:38:06 AM PST by Zathras
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-65 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson