'Kernel memory leaking' Intel processor -- a serious cpu bug!?!
-
- KVRAF
- 35687 posts since 11 Apr, 2010 from Germany
Well, they needed to react quickly, with all that hysteria caused by the press. Most other patches AREN'T rushed. There's the beta program, and there's the insider program. You really can't say they don't test enough. If anything, then they implement too many new features, and hardly can keep up with bug fixing in succession. That's a thing, alongside the inability to configure updates so that you're able to install them at your will, that i criticize about Windows 10. They really should only roll out feature updates every 2 years or so, and make updates optional. Not their fault, if some people just won't update at all, and they shouldn't be their fault or problem either.
-
fluffy_little_something fluffy_little_something https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=281847
- Banned
- 12880 posts since 5 Jun, 2012
If they had not made such a public sensationalist fuss about those vulnerabilities, they would not be in such a hurry to fix them.
I am happy that so far the patch has still not been installed on my computer. Not sure what protects me from the patch, maybe Malwarebytes, maybe MS's own antivirus
I am happy that so far the patch has still not been installed on my computer. Not sure what protects me from the patch, maybe Malwarebytes, maybe MS's own antivirus
-
- KVRian
- 1062 posts since 3 Oct, 2011 from Christchurch, New Zealand
the kernel patches WERE NOT rushed - remember that microsoft/intel et al have known about this issue for about 6 months, and the release of the patches and press info were TIMED - the kernel patch has gone thru the usual beta/insider release same as any other patch.chk071 wrote:Well, they needed to react quickly, with all that hysteria caused by the press. Most other patches AREN'T rushed.
-
fluffy_little_something fluffy_little_something https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=281847
- Banned
- 12880 posts since 5 Jun, 2012
Since criminals know that operating system and CPU makers are distributing the patch, will they even bother to program nasty software to exploit those vulnerabilities? Isn't it a waste of time from their perspective? In other words, even if I never get the patch, I am probably safe, anyway.
- KVRAF
- 4141 posts since 11 Aug, 2006 from Texas
You live in a connected world where your PC executes foreign code all the time. JavaScript in web pages, demos of plugins, new versions of software. You can be 100% certain there will be exploits coded to use these new attack vectors to do bad things on your computer. Not installing security patches is an excellent way to becoming compromised at a future date. But hey, it's your stuff and your decision.fluffy_little_something wrote:In other words, even if I never get the patch, I am probably safe, anyway.
Feel free to call me Brian.
- KVRAF
- 2236 posts since 23 May, 2005 from West Country, UK
In case OS X / IOS users haven't picked this up yet:
High Sierra is now updated to 10.13.2 supplemental.
No news on Sierra or El Capitan Meltdown fixes, but Safari is now updated for JavaScript Spectre fixes to 11.0.2.
IOS is updated to 11.2.2; a couple of reports over at Audiob.us have it as improving GeekBench scores:
https://forum.audiob.us/discussion/2390 ... 2-2#latest
--
A couple of new El Reg stories (not affecting us):
https://www.theregister.co.uk/2018/01/0 ... elts_down/
https://www.theregister.co.uk/2018/01/0 ... _problems/
and one that (indirectly) might:
https://www.theregister.co.uk/2018/01/0 ... _slowdown/
High Sierra is now updated to 10.13.2 supplemental.
No news on Sierra or El Capitan Meltdown fixes, but Safari is now updated for JavaScript Spectre fixes to 11.0.2.
IOS is updated to 11.2.2; a couple of reports over at Audiob.us have it as improving GeekBench scores:
https://forum.audiob.us/discussion/2390 ... 2-2#latest
--
A couple of new El Reg stories (not affecting us):
https://www.theregister.co.uk/2018/01/0 ... elts_down/
https://www.theregister.co.uk/2018/01/0 ... _problems/
and one that (indirectly) might:
https://www.theregister.co.uk/2018/01/0 ... _slowdown/
-
- KVRAF
- 7105 posts since 22 Jan, 2005 from Sweden
So an interpreter like Javascript - how does it access direct windows API or calls attempting to use the security leak to kernel?bmrzycki wrote:You live in a connected world where your PC executes foreign code all the time. JavaScript in web pages, demos of plugins, new versions of software. You can be 100% certain there will be exploits coded to use these new attack vectors to do bad things on your computer. Not installing security patches is an excellent way to becoming compromised at a future date. But hey, it's your stuff and your decision.fluffy_little_something wrote:In other words, even if I never get the patch, I am probably safe, anyway.
I thought there were plenty layers in between browser and system. And regular Java engine(very much deeper access than Javascript) is kind of removed a long time ago as default in browser for the said reasons.
Many types of access that I deny all the time is location where I am at etc.
If Javascript can bypass everything - why even put the question?
If all you do online with daw computer is access updates for software you bought - how big a risk is that, really?
Probably none.
I don't even bother to use anti-virus software since they cause more problems than any virus I discovered.Even windows updates caused me more agony than any virus I ever encountered - worked for three days to get two windows 7 systems to even do updates - or check for updates!!!!! MS changed locations of everything and looking up latest windows update manually is what I had to do.
How much marketing is in this debackle ?
There is so much money in this security thingy - one really wonders what is fair risks and what is pure nonsense.
- KVRAF
- 16846 posts since 8 Mar, 2005 from Utrecht, Holland
The exploit can work without direct API access:lfm wrote:So an interpreter like Javascript - how does it access direct windows API or calls attempting to use the security leak to kernel?
https://www.react-etc.net/entry/exploit ... javascript

We are the KVR collective. Resistance is futile. You will be assimilated. 
My MusicCalc is served over https!!
My MusicCalc is served over https!!
-
- KVRian
- 853 posts since 13 Mar, 2012
JScript in modern browsers is not interpreted anymore, but compiled to x86 instructions and then executed.lfm wrote: So an interpreter like Javascript - how does it access direct windows API or calls attempting to use the security leak to kernel?
I thought there were plenty layers in between browser and system. And regular Java engine(very much deeper access than Javascript) is kind of removed a long time ago as default in browser for the said reasons.
So if you know what instruction sequence you need to run for doing a cetain attack and if you know about how the JScript engine is going to translate your JScript code to x86, you can do this attack via JScript. It's the reason why browser companies also had to release patches to "solve" this issue (not really solved, but they made it more difficult to run such attacks via JScript).
~~ ॐ http://soundcloud.com/mfr ॐ ~~
-
- KVRAF
- 2320 posts since 24 Jun, 2006 from London, England
Although ....aciddose wrote:Another reason I wouldn't recommend anyone should be running win10...
http://www.zdnet.com/article/microsoft- ... ce-issues/
Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches. Windows 7 and Windows 8 users will notice the greatest decrease in system performance after the processor patches are applied
- KVRAF
- 12615 posts since 7 Dec, 2004
Yes but that doesn't really carry any meaning. It shouldn't affect anyone's behavior, you certainly shouldn't just replace your current OS with win10 if the alternative is to simply not apply any patches.
The next time I upgrade my hardware I'll be running Linux.
Meanwhile, pathetic attempt at misdirection aside: if you're running win10 with AMD hardware and your system won't boot after the patch it might not be a great idea to reinstall win-v-anything.
I certainly won't be upgrading my hardware any time soon, what with all the available hardware suffering from massive security flaws and most of all Intel's hardware.
The next time I upgrade my hardware I'll be running Linux.
Meanwhile, pathetic attempt at misdirection aside: if you're running win10 with AMD hardware and your system won't boot after the patch it might not be a great idea to reinstall win-v-anything.
I certainly won't be upgrading my hardware any time soon, what with all the available hardware suffering from massive security flaws and most of all Intel's hardware.
-
- KVRAF
- 2320 posts since 24 Jun, 2006 from London, England
Awww bless, did I hurt your feelings. Come hereaciddose wrote:Meanwhile, pathetic attempt at misdirection aside
