{"id":4668,"date":"2018-01-12T01:49:00","date_gmt":"2018-01-12T00:49:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=4668"},"modified":"2022-11-03T10:38:07","modified_gmt":"2022-11-03T09:38:07","slug":"meltdown-and-spectre-what-windows-users-need-to-know","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/01\/12\/meltdown-and-spectre-what-windows-users-need-to-know\/","title":{"rendered":"Meltdown and Spectre: What Windows users need to know"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2018\/01\/04\/meltdown-und-spectre-was-windows-nutzer-wissen-mssen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]At the beginning of the year, a design flaw (Meltdown) in Intel's processors went public. Later on a 2nd attack, called Spectre, affecting nearly all processor have become public. OS vendors begun to rollout patches, to mitigate these security issues. In this blog post, I summarize information that is relevant and important for Windows users.<\/p>\n<p><!--more--><\/p>\n<h2>Some background information<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/9195e3287fb14c8ea3bd748a917be966\" width=\"1\" height=\"1\">Security researcher from Google Project Zero described (based on earlier documents from several university researchers) a <a href=\"https:\/\/googleprojectzero.blogspot.de\/2018\/01\/reading-privileged-memory-with-side.html\" target=\"_blank\" rel=\"noopener noreferrer\">design flaw in CPUs<\/a>, allowing \"speculative execution side-channel attacks\". Google' Jann Horn, from Project Zero, was able to write an exploit to attack systems using two methods called Meltdown and Spectre. All internal details may be found within the Google document linked above. The vulnerabilities are described within the following CVEs: <\/p>\n<ul>\n<li>Variant 1: bounds check bypass (CVE-2017-5753)\n<li>Variant 2: branch target injection (<a href=\"https:\/\/web.archive.org\/web\/20200903123448\/https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5715\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2017-5715<\/a>)\n<li>Variant 3: rogue data cache load (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5754\">CVE-2017-5754<\/a>)<\/li>\n<\/ul>\n<p>These methods are using theoretical basics, which has been published in various research documents (e. g. from the University of Graz) under the following names.  <\/p>\n<ul>\n<li><a href=\"https:\/\/spectreattack.com\/spectre.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Spectre<\/a> (Variant 1 and 2): This breaks the isolation between different applications. It allows an attacker to read data from the memory, used by other programs.&nbsp;\n<li><a href=\"https:\/\/meltdownattack.com\/meltdown.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Meltdown<\/a> (Variant 3): This breaks through the basic isolation between user applications and the operating system. This attack enables a program to access the kernel memory and the data of other programs and the operating system.<\/li>\n<\/ul>\n<p>More details may be found at <a href=\"https:\/\/meltdownattack.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">meltdownattack.com<\/a>.  <\/p>\n<p><a href=\"https:\/\/meltdownattack.com\/\"><img decoding=\"async\" title=\"Meltdown\/Spectre\" alt=\"Meltdown\/Spectre\" src=\"https:\/\/i.imgur.com\/EiTnfDa.jpg\"><\/a>  <\/p>\n<h2>Which CPUs are affected?<\/h2>\n<p>First, it was said that only Intel processors were affected (by Meltdown). Meanwhile, it has become clear that ARM CPUs and AMD processors are also vulnerable to Spectre design flaw. This means that other operating systems such as Android, Chrome, iOS, MacOS, Linux etc. are affected as well as Windows. Basically, it affects all processors that have been on the market since 1995 (see <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws\/\" target=\"_blank\" rel=\"noopener noreferrer\">also<\/a>).<\/p>\n<h2>Browser are also affected!<\/h2>\n<p>Microsoft addresses 'speculative execution side-channel' attacks in Microsoft Edge and Internet Explorer within <a href=\"https:\/\/blogs.windows.com\/msedgedev\/2018\/01\/03\/speculative-execution-mitigations-microsoft-edge-internet-explorer\/#HLRJH5myXGDGyCjf.97\" target=\"_blank\" rel=\"noopener noreferrer\">this document<\/a>. Both browsers has been patched by update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4056890\" target=\"_blank\" rel=\"noopener noreferrer\">KB4056890<\/a> to mitigate this vulnerabilities.&nbsp; The ability to successfully read memory using side channel attacks has been mitigated.  <\/p>\n<p>Users who use other browsers on Windows need to use updated version to mitigate the vulnerability. Mozilla developers, for example, have <a href=\"https:\/\/blog.mozilla.org\/security\/2018\/01\/03\/mitigations-landing-new-class-timing-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">confirmed<\/a> that an attack is even possible using JavaScript in the browser.  <\/p>\n<h2><font color=\"#333333\">How risky are these vulnerabilities<\/font>?<\/h2>\n<p>Microsoft wrote within <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/ADV180002\" target=\"_blank\" rel=\"noopener noreferrer\">this security advisory<\/a>, that no attacks against these vulnerabilities have been reported so far. Such attacks, if they happen, leave no trace and cannot be detected by security software such as virus scanners. I have received contradictory information about the practical usability.  <\/p>\n<p>Microsoft has issued security recommendations for its users for client and server operating systems.  <\/p>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Client<\/a>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\/windows-server-guidance-to-protect-against-the-speculative-execution\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server<\/a>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073225\/guidance-for-sql-server\" target=\"_blank\" rel=\"noopener noreferrer\">SQL-Server<\/a><\/li>\n<\/ul>\n<p>All documents addresses professional users and administrators. For consumers in short: Microsoft recommends updating the operating systems and browsers. The manufacturer has released appropriate updates for this purpose.  <\/p>\n<h2>Which Updates are available from Microsoft?<\/h2>\n<p>Microsoft has released a couple of updates since Januar 3, 2018 sowohl Sicherheitsupdates f\u00fcr seine Browser Edge und Internet Explorer, als auch f\u00fcr die unterst\u00fctzten Betriebssysteme freigegeben. Ich habe die Details in folgenden Blog-Beitr\u00e4gen dokumentiert.  <\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2018\/01\/04\/critical-updates-for-windows-and-browser-01-03-2018\/\">Critical Updates for Windows and Browser (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/05\/critical-security-updates-for-windows-7-8-1-server-01-03-2018\/\">Critical Security Updates for Windows 7\/8.1\/Server (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/04\/windows10-critical-updates-01-03-2018\/\">Windows 10: Critical Updates (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/08\/windows-7-8-1-updates-kb4056894-kb4056895-released\/\">Windows 7\/8.1: Updates KB4056894, KB4056895 released<\/a><\/p>\n<p>These updates are distributed through Windows Update (or in companies via WSUS or SCCM).<\/p>\n<h2>I didn't get updates, why?<\/h2>\n<p>The security updates for Windows as well as for the browsers Edge and Internet Explorer are distributed in waves via Windows Update (my guess). I haven't received the updates from January 3, 2018 on my Windows 7 and Windows 10 machines. Microsoft monitors which hardware configuration creates major problems with the updates, allowing Microsoft to fix them.<\/p>\n<p>There is another reason why Microsoft is holding back the update: If a third-party Internet Security Suite or virus scanner is installed and its manufacturer has not yet released the update for compatibility reasons. I noticed this and the mandatory registry entry in the Windows update articles listed above. In addition, Microsoft has published some information on the topic <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072699\/important-information-regarding-the-windows-security-updates-released\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<h2><font color=\"#333333\">Shall I install these u<\/font>pdates manually?<\/h2>\n<p>Currently, there are numerous internet pages offering direct download links for the update packages. Updates can also be downloaded from the Microsoft Update Catalog. Installing such updates manually bears the risk, that the machine won't boot anymore and stalls with blue screens. So I also recommend not to set the mandatory registry entry described within Microsoft's KB articles. Only, if you are sure, that the machine is capable for this update and not anti virus software is able to set the registry entry, do it manually. <\/p>\n<h2>Does the update decrease performance?<\/h2>\n<p>Yes, but the value for performance decrease depend from the environment and the hardware. In many cases, user should not detect some degradation, because the value is between 1-5%. On data base application, the system may lost up to 30 or 50 % performance. Microsoft's Windows VP, Terry Myserson, has published a blog post Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems with more details.  <\/p>\n<h2>How to test, if my machine is vulnerable?<\/h2>\n<p>Microsoft has provided a PowerShell cmdlet for Windows that allows you to check whether actions need to be taken.  <\/p>\n<p><img decoding=\"async\" title=\"Speculation-Control-Settings in PowerShell abfragen\" alt=\"Speculation-Control-Settings in PowerShell abfragen\" src=\"https:\/\/i.imgur.com\/GInznY5.jpg\">  <\/p>\n<p>Here the commands I've used in Windows 10:<\/p>\n<pre>Set-ExecutionPolicy Bypass&nbsp; Install-Module SpeculationControl\nGet-SpeculationControlSettings<\/pre>\n<p>Microsoft has realeased a <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe\" target=\"_blank\" rel=\"noopener noreferrer\">document<\/a>, discussing this approach. PowerShell need to be executed with administrative credentials (Run as administrator). On my Windows 7 machines the commands failes. I guess, it's necessary to update PowerShell and other components to the most recent version. Some details may be found at <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a>. <\/p>\n<p>There are also two other tests, you may use, without PowerShell knowledge. Read my two blog posts: <\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2018\/01\/10\/tool-tip-ashampo-spectre-meltdown-cpu-checker\/\">Tool tip: Ashampo Spectre Meltdown CPU-Checker<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/11\/test-is-my-browser-vulnerable-for-spectre-attacks\/\">Test: Is my browser vulnerable for Spectre attacks?<\/a><\/p>\n<p><strong>Similar articles<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2018\/01\/04\/microsoft-releases-windows-10-patch-to-fix-intel-bug\/\">Microsoft releases Windows 10 Patch to fix Intel Bug<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/04\/critical-updates-for-windows-and-browser-01-03-2018\/\">Critical Updates for Windows and Browser (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/05\/critical-security-updates-for-windows-7-8-1-server-01-03-2018\/\">Critical Security Updates for Windows 7\/8.1\/Server (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/04\/windows10-critical-updates-01-03-2018\/\">Windows 10: Critical Updates (01\/03\/2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/08\/windows-7-8-1-updates-kb4056894-kb4056895-released\/\">Windows 7\/8.1: Updates KB4056894, KB4056895 released<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/10\/tool-tip-ashampo-spectre-meltdown-cpu-checker\/\">Tool tip: Ashampo Spectre Meltdown CPU-Checker<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/10\/microsoft-patchday-office-flash-windows-january-9-2018\/\">Microsoft Patchday: Office, Flash, Windows (January 9, 2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/01\/11\/how-to-mitigate-spectre-in-google-chrome\/\">How to mitigate Spectre in Google Chrome<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]At the beginning of the year, a design flaw (Meltdown) in Intel's processors went public. Later on a 2nd attack, called Spectre, affecting nearly all processor have become public. OS vendors begun to rollout patches, to mitigate these security issues. &hellip; <a href=\"https:\/\/borncity.com\/win\/2018\/01\/12\/meltdown-and-spectre-what-windows-users-need-to-know\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[1216,69,1215,194],"class_list":["post-4668","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-meltdown","tag-security","tag-spectre","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4668"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4668\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}