Microsoft Spectre v1 Patches Borking Older AMD Systems

[FrgMstr]

You may have seen that Microsoft has halted distributing security patches related to GPZ Variant 1 (one of the variants of Spectre) due to the update causing some older AMD systems to get into an unbootable state. Wanted to make it clear this patch is to address GPZ Variant 1 (one of the variants of Spectre) and not GPZ Variant 3 (Meltdown).

AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend. AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for these impacted shortly.

 

[GiGaBiTe]

My moms' Inspiron 531 was bricked by this awesome and obviously well tested update earlier today. The next totally awesome thing about it is that it also makes the machine crash in any sort of safe mode, so you can't use the recovery console, system restore, etc. to try and roll back the update.

And people call me crazy for keeping Windows update in a perpetual state of being turned off. I only install updates manually after they've been out for at least a month or two to avoid cancer like this.

 

[ir0nw0lf]

https://answers.microsoft.com/en-us...1/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1

Not sure how accurate/complete this list is:

Based on other reports, this is effecting Windows 10, Windows 7, Windows Server 2008 R2, 32-bit and 64-bit installs for all older AMD CPUs. It is not related to the anti-virus registry key. Many reports are running standard Microsoft Security Essentials. AMD CPUs effected include Athlon, Sempron, Opteron and Turion:

• AMD Athlon X2 6000+
• AMD Athlon X2 5600+
• AMD Athlon X2 5200+
• AMD Athlon X2 5050e
• AMD Athlon X2 4800+
• AMD Athlon X2 4600+
• AMD Athlon X2 4200+
• AMD Athlon X2 3800+
• AMD Athlon X2 BE-2400
• AMD Opteron 285
• AMD Opteron 2220
• AMD Turion X

 

[cyclone3d]

MS test stuff so well as of late.. don't they?

 

[pcgeekesq]

This is definately MS's fault of course, but Intel and AMD should both be checking MS's work on patches related to micro-architectural details. That's apparently not the case.

This flub calls into question how extensive the hardware base is in MS' validation labs. Not extensive enough, obviously. Windows 10 is marketed as running on any x86 processor with a clock speed of 1GHz or more. That means processors as old as the Athlon processor first sold in early 2000: 18 years. Clearly, if MS is bricking AMD systems from 2012, MS is not validating their patches on platforms that old.

For anyone deploying systems with an expected lifetime of 5 or more years, MS has provided a good argument in favor of an open source OS. Especially with how aggressive the proprietary OS vendors are about forcing patches.

 

[admiralperpetual]

my old room mate was still running my old X2 3800+ and called me in a panic yesterday.. his system won't boot now and he can't get into the recovery shell either. maybe i can finally talk him into an upgrade!

 

[kju1]

For anyone deploying systems with an expected lifetime of 5 or more years, MS has provided a good argument in favor of an open source OS. Especially with how aggressive the proprietary OS vendors are about forcing patches.

Or made a case for having shorter refresh cycles. Refresh cycles that long (i.e. >5 yrs) tend to increase your TCO by requiring more maint and more expensive and/or harder to find parts. I "get" that its cool to build a box that lasts 20 yrs but its not really that efficient unless you get lucky and nothing breaks.

 

[Link]

I didn't expect anything better than this from MS in the first place.

 

[Simmonz]

Windows users expected something other than Windows shitting itself ?

 

[bugleyman]

Well...in fairness to Microsoft, if you PC won't boot you probably aren't vulnerable to Spectre.

 

[heatlesssun]

Windows users expected something other than Windows shitting itself ?

Well actually, yes. If Windows were routinely shitting on thousands of dollars of hardware I use everyday it's not like I or anyone in that position would have a choice.

 

[GiGaBiTe]

Refresh cycles that long (i.e. >5 yrs) tend to increase your TCO by requiring more maint and more expensive and/or harder to find parts.

Office PCs are a dime a dozen, I can still find parts for stock office PCs from 15 years ago for basically nothing. The only place where you'd run into this is on the server end, where far fewer were manufactured.

 

[kju1]

Office PCs are a dime a dozen, I can still find parts for stock office PCs from 15 years ago for basically nothing. The only place where you'd run into this is on the server end, where far fewer were manufactured.

Well you didnt specify . Plus it still increases you TCO and incurs extra downtime for employees.

 

[GiGaBiTe]

Well you didnt specify . Plus it still increases you TCO and incurs extra downtime for employees.

A single instance of downtime for hardware maintenance every few months/years vs. microshaft continually shitting out bastardized rolling updates that break everything every other week, the latter is going to drive up TCO substantially more.

I have customers with data logs showing rolling updates costing more in productivity losses from shit breaking all of the time.

 

[dandirk]

A single instance of downtime for hardware maintenance every few months/years vs. microshaft continually shitting out bastardized rolling updates that break everything every other week, the latter is going to drive up TCO substantially more.

I have customers with data logs showing rolling updates costing more in productivity losses from shit breaking all of the time.

I guess each experience is different. We support about 10k devices (600 apps, 800 individual packages on endpoint alone) and the cumulative update process overall is working well enough. Certainly not breaking all the time or every 2 weeks etc. Intel/HP driver security issues are making more work for us than MS, we have something like 5 critical security vulnerabilities we are working on atm.

This is certainly one of the bigger challenges of this model given if you can't patch you can't patch in the future, but it has only been a week. When other issues have occurred the patches have been fixed within days.

Given how everyone is going nutz about meltdown I am sure MS and others rushed fixed out (they were released a week early).

Quite honestly we are just starting to see more issues in general due to staying behind and not keeping our stuff up to date (cause it just works). Take meltdown, we didn't finish a SEP upgrade on servers and now people are scrambling and freaking out.

It certainly is also a big change for us as well, we are starting to push back on customization and flexibility due to the overhead and agility we lose because of it. Is this overall a good thing, I think so but time will tell.

 

[GiGaBiTe]

This is certainly one of the bigger challenges of this model given if you can't patch you can't patch in the future, but it has only been a week. When other issues have occurred the patches have been fixed within days.

My customers aren't large corporations, they're small to medium sized businesses and when a patch causes breakages for days, it's a big deal that can cost them lots of time and money.

Microsoft QC on patches and updates has drastically fallen over the past few years, and it doesn't help that they force them down your throat with a toilet plunger and make them a nightmare to uninstall. It used to be a pretty rare occurrence that a bad patch/update was ever pushed out, and the severity of it when it was bad doesn't compare to now. You could maybe expect minor program issues, not your whole box going down with a corrupt irrecoverable Windows install.

Given how everyone is going nutz about meltdown I am sure MS and others rushed fixed out (they were released a week early).

Spectre and Meltdown are fairly tame problems when it compares to the black box walled fortress that is Intel Management Engine. You know where you can have silent rootkit installs into the firmware of the CPU/Chipset which can't be detected that have stealth access to the network. I'm not sure where Intel got it into their minds that IME was ever a great idea, I have a feeling that spooks had something to do with it existing.

 

[dandirk]

My customers aren't large corporations, they're small to medium sized businesses and when a patch causes breakages for days, it's a big deal that can cost them lots of time and money.

Microsoft QC on patches and updates has drastically fallen over the past few years, and it doesn't help that they force them down your throat with a toilet plunger and make them a nightmare to uninstall. It used to be a pretty rare occurrence that a bad patch/update was ever pushed out, and the severity of it when it was bad doesn't compare to now. You could maybe expect minor program issues, not your whole box going down with a corrupt irrecoverable Windows install.



Spectre and Meltdown are fairly tame problems when it compares to the black box walled fortress that is Intel Management Engine. You know where you can have silent rootkit installs into the firmware of the CPU/Chipset which can't be detected that have stealth access to the network. I'm not sure where Intel got it into their minds that IME was ever a great idea, I have a feeling that spooks had something to do with it existing.

MS has been pretty up front, yes they have been forced to reduce labor and resources which is actually the reason for cumulative "forced" updates. They had something like 20k test cases with the old individual patch method, the new system is to reduce fragmentation.

IMO the walled garden is a better end state for you and your small businesses. Yes getting there will be bumpy and stuff like this always is, things won't be as customizable but in most cases that gets you into more trouble (its one the big reasons apple is successful imo).

We have "small" company software for some of our specialized departments and it doesn't surprise me you run into more issues with this newer update method. Vendors (and IT) have been pretty bad in the past to "fix" things using the openness MS has given and allowed. In the short term you get what you want but in the long term most do it wrong/pporly and then end up putting themselves in a deeper hole.

Good news is these vendors are quickly changing. We used to be forced to hold off with .Net updates or IE upgrades etc for a year or more while these small vendors drag you along all the while you HOPE another product doesn't require the newer version(s). We are seeing these vendors update their stuff and fixing old antedated methods a lot faster to adapt to these new requirements.


I made the point that other 3rd parties cause more issues than MS patching, your mention of Intel IME is a perfect example and has nothing to do with MS patching.

We are not a very organized organization and we deploy all MS patches needed each month and maybe run into small issues 2 times a year, most of which are more annoying than "breaking". At a certain point I think people need to look inwards to find a part of the problem. You can't do it the same way anymore, the IT world is moving fast and you have to figure out a way to adapt. I know our organization is struggling with this as well, but while kicking and screaming it still is improving, though slower then most would want.