Major flaw in millions of Intel chips revealed

Another BBC article with more information:
http://www.bbc.co.uk/news/technology-42562303

 

Some patches have been issued with more to come. Note that Microsoft has said that some a/v s/w uses the processer kernal so until the a/v s/w supplier deals with this, the Microsoft patch won't be available.

 

There are warnings that once the patch has been implemented on your computer/device that there could be a slowdown in computer performance. More likely on intensive processor usage.

 

The issues also apply to servers so there could be some impact as a result.

Thanks EC and El ....yes I saw that ...but I am sure I read somewhere in the Mac community , that at least some patches were done in the IOS 11.2 update ....but I might be wrong . In any rate I’m sure they will be sorting something out ....which is why I always keep my updates up to date 

Baz posted:

Thanks EC and El ....yes I saw that ...but I am sure I read somewhere in the Mac community , that at least some patches were done in the IOS 11.2 update ....but I might be wrong . In any rate I’m sure they will be sorting something out ....which is why I always keep my updates up to date 

I read on an article on the BBC website that iPads and iPhones which had the IOS 11.2 update were “safe” 

Yogi19 posted:
Baz posted:

Thanks EC and El ....yes I saw that ...but I am sure I read somewhere in the Mac community , that at least some patches were done in the IOS 11.2 update ....but I might be wrong . In any rate I’m sure they will be sorting something out ....which is why I always keep my updates up to date 

I read on an article on the BBC website that iPads and iPhones which had the IOS 11.2 update were “safe” 

Phew! 😉😁

Yogi19 posted:
Baz posted:

Thanks EC and El ....yes I saw that ...but I am sure I read somewhere in the Mac community , that at least some patches were done in the IOS 11.2 update ....but I might be wrong . In any rate I’m sure they will be sorting something out ....which is why I always keep my updates up to date 

I read on an article on the BBC website that iPads and iPhones which had the IOS 11.2 update were “safe” 

Well; up to a point...

The thing is that there are two different problems: "Meltdown" and "Spectre" (although for those in the industry this an oversimplification too as there are actually three variants, with "Spectre" covers two of them). My understanding is that Spectre cannot really be fixed: only patched or worked-around. The official line from Apple is that they had already put in fixes ("mitigations") for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2 before the story broke, but they're still working on updates to Safari to "mitigate" Spectre.

https://support.apple.com/en-us/HT208394

 

This whole story was really broken (at least in the UK) by The Register: the BBC Tech pages get a lot of their stories from "El Reg", and their articles on this look a bit like a patchwork of stories. The latest Register article can be found here.

Eugene's Lair posted:
Yogi19 posted:
Baz posted:

Thanks EC and El ....yes I saw that ...but I am sure I read somewhere in the Mac community , that at least some patches were done in the IOS 11.2 update ....but I might be wrong . In any rate I’m sure they will be sorting something out ....which is why I always keep my updates up to date 

I read on an article on the BBC website that iPads and iPhones which had the IOS 11.2 update were “safe” 

Well; up to a point...

The thing is that there are two different problems: "Meltdown" and "Spectre" (although for those in the industry this an oversimplification too as there are actually three variants, with "Spectre" covers two of them). My understanding is that Spectre cannot really be fixed: only patched or worked-around. The official line from Apple is that they had already put in fixes ("mitigations") for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2 before the story broke, but they're still working on updates to Safari to "mitigate" Spectre.

https://support.apple.com/en-us/HT208394

 

This whole story was really broken (at least in the UK by The Register: the BBC Tech pages get a lot of their stories from "El Reg", and their articles on this look a bit like a patchwork of stories. The latest Register article can be found here.

Thanks Eugene, I’ll check out that link 

Update on my post of the 4th re the Microsoft patch not being processed if your a/v s/w isn't on their list.
This is a link to a document of various a/v s/w which shows the current status of a/v s/w:
Link to the document
AVG, Norton, Symantec are on the list. McAfee is supported but is yet to sort out the registry key.

 

The registry key referred to is in the computer registry. It's a key which Microsoft states must be set for the update to be processed. There are suggestions that Microsoft won't let any future updates be processed until that key is set. I think that for many of us that key will be set automatically by your a/v s/w. I have ckecked on mine and it has now been set. I won't go into details as unless you know what you are doing, tampering with the registry editor on your computer will make the computer unusable.

Although the registry key has been set on my computer, I realised that the expected Microsoft updates had not come through - they were due on Windows 7 computers yesterday or first thing this morning. I found via Control Panel - Windows Update that the update process is not running. Although a restart was advised that had no effect.

 

I contacted my local computer shop and I'm going to have to take the computer in to them to get this sorted out.

 

This is likely to be the same for many people.

 

It's clear that this is considerably worse than the so called Millenium bug.

El Loro posted:

Update on my post of the 4th re the Microsoft patch not being processed if your a/v s/w isn't on their list.
This is a link to a document of various a/v s/w which shows the current status of a/v s/w:
Link to the document
AVG, Norton, Symantec are on the list. McAfee is supported but is yet to sort out the registry key.

 

The registry key referred to is in the computer registry. It's a key which Microsoft states must be set for the update to be processed. There are suggestions that Microsoft won't let any future updates be processed until that key is set. I think that for many of us that key will be set automatically by your a/v s/w. I have ckecked on mine and it has now been set. I won't go into details as unless you know what you are doing, tampering with the registry editor on your computer will make the computer unusable.

QFT 

El Loro posted:

Although the registry key has been set on my computer, I realised that the expected Microsoft updates had not come through - they were due on Windows 7 computers yesterday or first thing this morning. I found via Control Panel - Windows Update that the update process is not running. Although a restart was advised that had no effect.

 

I contacted my local computer shop and I'm going to have to take the computer in to them to get this sorted out.

 

This is likely to be the same for many people.

 

It's clear that this is considerably worse than the so called Millenium bug.

This is worrying news, EL - not least because of the latest I've been reading on The Register where they're now getting deeply concerned about the potential risks if the registry key is not set.

Putting it very simply: it appears that if the registry key is not set (normally by a/v s/w as you say), not only will it prevent the Meltdown fix from being installed, but it will block all future updates.  Another WannaCry-type outbreak is suddenly a very real worry. 

https://www.theregister.co.uk/...ti_malware_conflict/

 

I'm on Windows 10 and haven't seen any problems so far, however we use a lot of Windows 7 computers at work so I've been passing the word around re your problems and similar issues reported on The Register. 

I hope you get it fixed quickly. 

El Loro posted:

Microsoft have now released an update (reference KB4100480) for 64 bit versions of Windows 7 computers to deal with the problems with some computers following Microsoft's patch dealing with the Meltdown vulnerability.

http://www.theregister.co.uk/2...n_out_of_band_patch/

 

 

 

BTW, and as a little light relief given the date:

Go to the message board of that link (or any Register message board), and have a look at the avatar on each of the posts: unusually they're all the same, and upside-down. Now left-click on one of the avatars...

https://forums.theregister.co....n_out_of_band_patch/

 ˥Ǝ 'pooƃ ʎɹǝΛ

 

/ɥɔʇɐd‾puɐq‾ɟo‾ʇno‾uʍopʇlǝɯ‾ʇɟosoɹɔᴉɯ/6ᄅ/Ɛ0/8Ɩ0ᄅ/Ɩ/ɯnɹoɟ/ʞn˙oɔ˙ɹǝʇsᴉƃǝɹǝɥʇ˙sɯnɹoɟ//:sdʇʇɥ
˙˙˙sɹɐʇɐʌɐ ǝɥʇ ɟo ǝuo uo ʞɔᴉlɔ-ʇɟǝl ʍoN ˙uʍop-ǝpᴉsdn
 puɐ 'ǝɯɐs ǝɥʇ llɐ ǝɹ,ʎǝɥʇ ʎllɐnsnun :sʇsod ǝɥʇ ɟo ɥɔɐǝ uo ɹɐʇɐʌɐ ǝɥʇ ʇɐ ʞool ɐ
 ǝʌɐɥ puɐ '(pɹɐoq ǝƃɐssǝɯ ɹǝʇsᴉƃǝɹ ʎuɐ ɹo) ʞuᴉl ʇɐɥʇ ɟo pɹɐoq ǝƃɐssǝɯ ǝɥʇ oʇ oפ
:ǝʇɐp ǝɥʇ uǝʌᴉƃ ɟǝᴉlǝɹ ʇɥƃᴉl ǝlʇʇᴉl ɐ sɐ puɐ 'ʎɐʍ ǝɥʇ ʎq

pǝʇsod ɹᴉɐ˥ s,ǝuǝƃnƎ

 

 

Add Reply

Likes (0)
×
×
×
×
×