New Tool Detects If Your PC Is Vulnerable To Meltdown And Spectre

Discussion in 'HardForum Tech News' started by rgMekanic, Jan 17, 2018.

  1. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,721
    Joined:
    May 13, 2013
    Gibson Research has released a new tool called InSpectre to detect if your PC is vulnerable to Meltdown and Spectre. The tiny 122 KB program runs in place and checks identifiers as well as Microsoft updates to be sure you are protected from these flaws.

    Very cool little piece of software. Running it on my machine told me that Windows was updated to protect against Meltdown, but I was still vulnerable to Spectre. Hopefully MSI comes out with a BIOS update for me shortly. Gibson Research also notes DO NOT download the tool from any 3rd party websites, as it could be malicious.

    Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads. This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
     
    Red Falcon likes this.
  2. SystemIdleProcess

    SystemIdleProcess n00b

    Messages:
    6
    Joined:
    Feb 28, 2005
  3. 1_rick

    1_rick Limp Gawd

    Messages:
    384
    Joined:
    Feb 7, 2017
    Does ol' Steve still write all his programs in 100%-organic assembly language?
     
  4. admiralperpetual

    admiralperpetual Limp Gawd

    Messages:
    415
    Joined:
    May 7, 2015
  5. dburgo

    dburgo n00b

    Messages:
    40
    Joined:
    Feb 3, 2017
    Anyone know when Asus will bios update for the X99 branding? I have done the windows update but my pc shows vulnerability with spectre. Is this the issue plaguing the hardware? Am I missing any other update for win 10 and an asus x99 6850k setup? I almost feel naked telling anyone my specs now a days.. Any-who the checker says that I am vulnerable to spectre because of a cpu or bios update which protects the hardware. After Google searching for any known update, I have come up with nothing. Hope someone here reports if at the very least, Intel does something about this. Oh BTW AMD has 2 class action suits in progress and Intel has 4. Does that mean money back to like, anyone who bought one of the affected CPUs? (Hope it is and also hope I can now buy a memory upgrade as prices are astronomical for 16GB quad channel with said suit "pay outs".... ) Thanks for keeping us informed H.
     
    Last edited: Jan 17, 2018
  6. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,721
    Joined:
    May 13, 2013
    I have the same issue, have to wait/hope that a BIOS update comes
     
    dburgo likes this.
  7. dburgo

    dburgo n00b

    Messages:
    40
    Joined:
    Feb 3, 2017
    It would be absolutely Good news once any of these companies figure things out. BTW there are 4 class action suits against Intel and 2 for AMD. Might be a good story. :)
     
  8. Blazestorm

    Blazestorm [H]ardness Supreme

    Messages:
    6,940
    Joined:
    Jan 17, 2007
    Windows 10 has the functionality built in via a powershell module... not sure how easy it is to grab/test on 7/8.

    Code:
      --Accept prompt to install the NuGet provider if requested
    Win + X + A
    Install-Module SpeculationControl
    Import-Module SpeculationControl
    Get-SpeculationControlSettings
    
      --If you don't want the module installed after checking: 
    Uninstall-Module SpeculationControl
    Good report:

    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    
    Hardware support for branch target injection mitigation is present: True
    
    Windows OS support for branch target injection mitigation is present: True
    
    Windows OS support for branch target injection mitigation is enabled: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    
    Windows OS support for kernel VA shadow is present: True
    
    Windows OS support for kernel VA shadow is enabled: True
    
    Windows OS support for PCID optimization is enabled: True
     
    heatlesssun likes this.
  9. Zepher

    Zepher [H]ipster Replacement

    Messages:
    16,654
    Joined:
    Sep 29, 2001
    My Xeons are taking a performance hit apparently.
    2670-inspectre.jpg
     
    JustReason likes this.
  10. MMitch

    MMitch Gawd

    Messages:
    589
    Joined:
    Nov 29, 2016
    Same here, 2500K with only windows patch and I'm vulnerable to Spectre + slower perf...
    Zen refresh can't come fast enough
     
  11. JargonGR

    JargonGR Limp Gawd

    Messages:
    493
    Joined:
    Dec 16, 2006
    Just run it on my old system Q9550 -

    Vulnerable to Spectre + Performance Hit.

    Have not tested it on my new PC (X299 7940x) as it is not online yet. And it is the one I care to be honest.
     
  12. Azphira

    Azphira [H]ard|Gawd

    Messages:
    1,821
    Joined:
    Aug 18, 2003
    Is the fix disabled through windows update because of the AMD bricking?
     
  13. viper1152012

    viper1152012 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Jun 20, 2012
    6850k (great chip) on asrock x99 waiting for bios with fingers crossed
     
  14. ziddey

    ziddey [H]ardness Supreme

    Messages:
    5,392
    Joined:
    Dec 24, 2002
    Spartacus likes this.
  15. burritoincognito

    burritoincognito Gawd

    Messages:
    759
    Joined:
    Sep 17, 2012
    So, my Inspiron 7559, which I've updated to the latest BIOS that is supposed to fix Spectre/Meltdown, still shows me as vulnerable.

    My Thinkpads at work and at home both show that I'm OK. They also were updated in the past 2 weeks.

    Either Lenovo's better at fixing their stuff than Dell, or GRC is slipping on this utility. My systems have the latest updates...
     
  16. ziddey

    ziddey [H]ardness Supreme

    Messages:
    5,392
    Joined:
    Dec 24, 2002
    Vulnerable to both? Windows update should be good enough for meltdown, but spectre requires a microcode update. You can use hwinfo to check your microcode. See the post above yours to apply the microcode via windows.
     
  17. WhoMe

    WhoMe Gawd

    Messages:
    827
    Joined:
    Jan 3, 2018
    Apparently the micro-code for Broadwell-e is not stable yet. I'm guessing they don't want to release it yet until it can cover all compatible processors. That's per Intel apparently asking Lenovo to stop distributing the update.
     
  18. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,721
    Joined:
    May 13, 2013
    https://www.hardocp.com/news/2018/01/17/uefi_bios_updates_for_spectre
     
    dburgo likes this.
  19. dgz

    dgz [H]ardness Supreme

    Messages:
    5,038
    Joined:
    Feb 15, 2010
    Same here.
     
  20. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Oct 7, 2000
  21. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,721
    Joined:
    May 13, 2013
    'Yes, they actually mention this on the site

    Windows Defender “SmartScreen” appears to have decided that InSpectre is malware. This also happened briefly after the release of our Never10 utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.

    If you have any non-Microsoft web browser (Chrome, Firefox, Opera, etc.) you should be able to obtain and use InSpectre without trouble.
     
    pendragon1 likes this.
  22. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Oct 7, 2000
    thnx ill tell it to ignore it.
     
  23. ziddey

    ziddey [H]ardness Supreme

    Messages:
    5,392
    Joined:
    Dec 24, 2002
    Weird. Applied the kabylake 90 microcode but inspectre is still showing vulnerable.
     
  24. burritoincognito

    burritoincognito Gawd

    Messages:
    759
    Joined:
    Sep 17, 2012
    Tried those files, still coming back saying I'm vulnerable to both on the Inspiron. Double checked the website about the BIOS upgrade, and it specifically mentions it dealing with Meltdown/Spectre.

    When I run the CMCUpdate thing, it says this in event viewer: No CPUs needed an update. Your system might not need this driver.

    Intel Core i7 6700HQ. Both show microcode revision of C2.



    I tested this on an old E5430 that went through a car wreck, but is good for testing stuff out. Ivy Bridge. It showed I was protected from Meltdown (expected based on the 5 day younger but just-as-patched version of Windows), not protected from Spectre (there is no BIOS update for this model yet), and that performance was SLOWER. Not surprised based on the age of the CPU.

    The CMCUpdate DID change the microcode revision after I ran it.

    So...I'm not sure why I'm getting the false positives.
     
    Last edited: Jan 17, 2018
  25. ziddey

    ziddey [H]ardness Supreme

    Messages:
    5,392
    Joined:
    Dec 24, 2002
    hmm, this post: http://forum.notebookreview.com/thr...-fix-and-meltdown.806451/page-4#post-10662550

    seems to work on 6600k/asus z170-k though at least as far as inspectre is concerned.


    edit: not sure if a subsequent reboot changed things or if it was disabling hyper-v, but the kabylake is now showing spectre protection.
     
    Last edited: Jan 17, 2018
  26. techie81

    techie81 [H]ard for [H]ardware

    Messages:
    4,938
    Joined:
    Jan 12, 2005
    Intel 7820x here on an a MSI board, its telling me I have herpe...I mean vulnerable to Spectre. So I guess I will be waiting for a bios update too.
     
  27. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Oct 7, 2000
    lol this is more like that dormant zombie virus that everyone is carrying.
     
  28. OldBuzzard

    OldBuzzard Gawd

    Messages:
    911
    Joined:
    Jun 6, 2004
    The easy way around that is:

    1. ALT+X (brings up the tools menu.)

    2. Click on SAFETY.

    3. Click on TURN OFF SMARTCREEN FILTER

    4.. D/L the program.

    5. Do 1 & 2 above and turn the SmartScreen filter back on.
     
  29. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Oct 7, 2000
    I just clicked the little link that said more info, then proceed anyways and then download anyways when the program was deemed "unsafe". it says my old pos is only vulnerable to spectre but the patched/unpatched box is greyed out. I'm not really that worried about patching this old pos anyways...
     
  30. Slade

    Slade 2[H]4U

    Messages:
    2,539
    Joined:
    Jun 9, 2004
    tool reads clean for my home pc. tested on some work machines, it detects the windows patch. Fails them on the bios ones since I have yet to implement them.
     
  31. dpoverlord

    dpoverlord [H]ard|Gawd

    Messages:
    1,707
    Joined:
    Nov 18, 2004
    found a few machines that it says vulnerable to, is there supposed to be a bios update? how do we make something vulnerable not?
     
  32. mvmiller12

    mvmiller12 Gawd

    Messages:
    629
    Joined:
    Aug 7, 2011

    I tried the manual microcode update method detailed in the links above on my 5 home PC systems running Windows. I acquired the current Intel uCode updates (dated 1/8/18) from Intel and the current AMD uCode updates from the Debian FTP (dated 1/10/18). The linked microcode updates from the Notebook Review forums above are either outdated or offline. uCode downloads were extracted into the temp folder used by the VMWare-provided uCode installer as instructed. All systems have the latest firmware from their respective MB manufacturers installed. Results as follows:


    1) AMD Ryzen 1700 system - the VMWare-provided utility installed without error. On reboot, Event Manager showed no uCode update installed because of an error reading a uCode file. Checked the Windows\System32\Drivers folder (where the uCode installer places the uCode files) and noticed the Family 16 and Family 17 AMD uCode .bin files were not there. Manually copied them over and rebooted again. Now Event Viewer indicates that no supported CPU is detected, and no uCode was installed (error is now gone). InSpectre indicates this machine as NO to Meltdown, YES to Spectre and GOOD to Performance.

    2) AMD Ryzen 1600X system - same as 1) above.

    3) Intel Skylake i5 system - the VMWare-provided utility installed without error. On reboot, Event Viewer indicates a compatible CPU was found and the uCode update was installed. InSpectre indicates this machine as NO to Meltdown, NO to Spectre and GOOD to Performance. (System indicated YES to Spectre prior to this update)

    4) AMD FX-8350 system - the VMWare-provided utility installed without error. On reboot, Event Viewer indicates a compatible CPU was found and the uCode update was installed (not surprising since the last firmware update available for the Asus M5A97 EVO mainboard this system runs is dated December of 2012). InSpectre indicates this machine as NO to Meltdown, YES to Spectre and GOOD to Performance.

    5) Intel Haswell i5 system (MS Surface 2 Pro 8G) - same as 3) above. And yes, InSpectre also shows Performance as GOOD.


    I am uncertain if the AMD uCode update just doesn't have anything for the plain Ryzen (possible only Threadripper and/or Epyc), if the mainboard is blocking installation (both using Asus Prime B350 Plus), or if the VMWare-provided utility is not correctly detecting/enabling the uCode update on Ryzen-class AMD CPUs.
     
    Last edited: Jan 18, 2018
  33. mvmiller12

    mvmiller12 Gawd

    Messages:
    629
    Joined:
    Aug 7, 2011
    Ultimately, your mainboard manufacturer should release a firmware update that contains the uCode fixes, but some are better about this than others. If you are running Linux or Windows, you can manually update your microcode through a software loader, though it will need to reapply itself on every reboot/processor wakeup. If you're running Windows, these links from Ziddey can get you going (though my post above has the links to the current Intel and AMD uCode updates directly). VMWare provides a utility that can be run in Windows that will load the uCode patches at startup, and the links below describe how to get it going.

    http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

    http://forum.notebookreview.com/threads/ucode-fix-for-spectre-ht-bug-fix-and-meltdown.806451/
     
  34. ziddey

    ziddey [H]ardness Supreme

    Messages:
    5,392
    Joined:
    Dec 24, 2002
    "Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs"

    might have something to do with it

    you can check which microcode you're using with hwinfo
     
    Last edited: Jan 18, 2018
  35. mvmiller12

    mvmiller12 Gawd

    Messages:
    629
    Joined:
    Aug 7, 2011
    Yes, but that should have no effect on the uCode updater, only the actual OS patch from Microsoft - and all of my AMD systems had the Windows 10 patches installed prior to that.
     
  36. Cerulean

    Cerulean [H]ardForum Junkie

    Messages:
    9,218
    Joined:
    Jul 27, 2006
    Considering what the vulnerabilities of Meltdown and Spectre are, I would take any tool like this with caution. It's the perfect opportunity to do good with something malicious snuck inside to do exactly the opposite in the background.
     
  37. Wade88

    Wade88 Limp Gawd

    Messages:
    172
    Joined:
    Jun 21, 2015
    Gigabyte GA-X99P SLI here, here's to hoping it's among the handful of Gigabyte X99 boards with a new UEFI BIOS in testing.
     
  38. hexamon

    hexamon [H]Lite

    Messages:
    98
    Joined:
    Oct 21, 2006
    In general you aren't wrong, but in this specific case I am not worried. Gibson Research is a old name in this area. Steve Gibson has been releasing tools like this for like 30 years now.
     
  39. burritoincognito

    burritoincognito Gawd

    Messages:
    759
    Joined:
    Sep 17, 2012
    I'm SysAdmin at my company, and get to try to fix this for some 1500+ computers. So, a tool like this that could help out with systems that Dell is unlikely to deal with (we have a bunch of Optiplex 3010 and 390s still in use that are being replaced as they fail) would be great for me. Use a tool to push this out, and stop worrying. I asked my manager to run this to see what his computer showed, and he was very hesitant to run it. I fully understand his viewpoint, but as hexamon said, GRC is well respected. I've been using their tools for nearly 20 years.
     
  40. Hitti2

    Hitti2 Limp Gawd

    Messages:
    335
    Joined:
    Dec 3, 2016
    I guess if patched I'm gonna get a performance hit.
    [​IMG]

    Could someone please explain in laymen terms how the attack is hit on the machine, what the attack does and how to prevent it from happening by taking security measures without patching???