Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
As Intel’s microcode updates for Spectre Variant 2 can result in "higher than expected reboots and other unpredictable system behavior" that may lead to "data loss or corruption,” Microsoft has issued an emergency update to disable Spectre Variant 2 mitigation. Dell, HP, and Red Hat Enterprises have all already done something similar.

Intel is not the only major CPU maker having issues with Spectre Variant 2 patching. This bug also caused issues for devices with AMD processors, so much so that Microsoft paused the rollout of Windows updates for devices with AMD processors. Microsoft resumed these updates, but only after AMD worked with Microsoft to correct reported BSOD errors.
 
This is a train wreck...

that said I am looking fondly at my nice Ryzen Gentoo setup with GCC-7.3 just appearing in the tree for full Spectre 1&2 coverage.
Not liking my work laptop tho :(
 
Step+back_f8f55c_3111438.jpg
 
Unreal.. anyone heard how that class action lawsuite against intel is going?

I have had several VM's in Azure go to complete crap in performance so much so RDP wont even load with a single vCPU, and doing nothing but AD for very few auths.
 
The real legal action will happen if a data center(the most likely target for the vulnerability), suffers a breach to a system that has the patch rolled back off because the patch sucks. Intel went public without a viable patch, pretty much declaring open season for the bad guys. Intel had months to get something ready and apparently failed miserably.
 
Great. Ive been dealing with BSODs on my up until recently rock solid gaming rig.
GTFO with this piece of s@#t patch.
 
This has wreaked havoc on one of my five Intel systems. So not pleased. I guess it's time to part out my x79 box and upgrade the gamer. I should have denied fix's, patches, and updates till they had a grasp on a real fix.
 
On x99 and its been misbehaving since I enabled updates to get the patch..... Suppose I should roll back with restore ....
 
I sure hope they don't do any quality control or testing on the next patch they release to fix the patch they released.
You can't make this shit up because fiction has to make sense.
 
Do not worry, some one come out and claim AMD is fully affected, Intel is not at fault and their stock will go up. But do not worry, you all can buy a new cpu and board at the end of the year that will have a hardware fix. Enjoy.
 
  • Like
Reactions: Meeho
like this
rezerekted said:
Why does AMD need this patch when they said AMD was not vulnerable?
Click to expand...

AMD is vulnerable to Specter, and it's the Specter patches that's causing all the headaches. From what I've seen, a LOT of device drivers made assumptions that, post Specter, are no longer true, and you see the chaos that's resulting.

I think whatever the next version of Windows is, MSFT is going to get really strict about device drivers following the Windows API's to the letter, because this is a mess.
 
If I had any friggin' clue what updates MS put on my Win10 installs, I guess I could check this.

Since the Update History cute little button on my cute little Win10 gear icon and then circle with arrow icon is so worthless, I'll just shrug and keep typing.
 
rezerekted said:
Why does AMD need this patch when they said AMD was not vulnerable?
Click to expand...
AMD has a near zero risk to Spectre 2, they will be releasing optional firmware updates to reduce this to zero for the super paranoid. I don't believe they have done so so far. They have zero risk to Meltdown.

This is why AMD had BSODs: https://www.bleepingcomputer.com/ne...meltdown-and-spectre-patches-for-amd-devices/

All devices have to install the patch even if not affected, although everyone's vulnerable to Spectre 1 which can be fixed with simple software updates to various programs, maybe this is all to do with that or the changes to the Windows Kernel to fix the Intel problems; it's unclear.

According to AMD it was an issue with the OS patch for Spectre 1 that caused the BSOD:https://www.amd.com/en/corporate/speculative-execution and it only affected older AMD Athlon, Turion and Opteron processors.
 
Last edited:
I'm not concerned as none of my machines, one of which is only six months old has not seen a bios update since Jul 2017. And the lists I've seen don't address any machines that are not current models. Companies are never going to upgrade bios on non current models. Considering Intel is screwing up the firmware fixes this is a good thing. I am getting an HP Rysen tomorrow. I went to Hp and the only Bios is dated Dec 2017. Don't think I would update any bios after that.
 
ltron said:
AMD has a near zero risk to Spectre 2, they will be releasing optional firmware updates to reduce this to zero for the super paranoid. I don't believe they have done so so far. They have zero risk to Meltdown.

This is why AMD had BSODs: https://www.bleepingcomputer.com/ne...meltdown-and-spectre-patches-for-amd-devices/

All devices have to install the patch even if not affected, although everyone's vulnerable to Spectre 1 which can be fixed with simple software updates to various programs, maybe this is all to do with that or the changes to the Windows Kernel to fix the Intel problems; it's unclear.

According to AMD it was an issue with the OS patch for Spectre 1 that caused the BSOD:https://www.amd.com/en/corporate/speculative-execution and it only affected older AMD Athlon, Turion and Opteron processors.
Click to expand...

Code: 
uname -a; for f in /sys/devices/system/cpu/vulnerabilities/*; do echo "${f##*/}:$(cat $f)" ;done
Linux fluidmotion 4.15.0-rc8 #1 SMP PREEMPT Sat Jan 20 16:15:55 GMT 2018 x86_64 AMD Ryzen 5 1600 Six-Core Processor AuthenticAMD GNU/Linux
meltdown:Not affected
spectre_v1:Vulnerable
spectre_v2:Vulnerable: Minimal AMD ASM retpoline
 
naib said:
Code: 
uname -a; for f in /sys/devices/system/cpu/vulnerabilities/*; do echo "${f##*/}:$(cat $f)" ;done
Linux fluidmotion 4.15.0-rc8 #1 SMP PREEMPT Sat Jan 20 16:15:55 GMT 2018 x86_64 AMD Ryzen 5 1600 Six-Core Processor AuthenticAMD GNU/Linux
meltdown:Not affected
spectre_v1:Vulnerable
spectre_v2:Vulnerable: Minimal AMD ASM retpoline
Click to expand...
Near zero risk is not zero risk no matter how small so I don't see how this disproves anything I said, if that was your intent.
 
ltron said:
Near zero risk is not zero risk no matter how small so I don't see how this disproves anything I said, if that was your intent.
Click to expand...
It wasn't meant to disprove ... It was meant to confirm your statments
 
naib said:
It wasn't meant to disprove ... It was meant to confirm your statments
Click to expand...
Okay, thank you. I'm getting the info from AMD so it depends on their veracity and whether they have done their due diligence. There are certainly plenty of people who are skeptical about this, whether that's fair or not. Intel definitely has the biggest problem though, we can all agree on that.
 
You must log in or register to reply here.
Back
Top