| Page 4 of 5 |
Nalo
nothing
Posts: 13439
|
 Posted: Sun, 14th Jan 2018 10:05 Post subject: |
|
 |
Last edited by Nalo on Wed, 3rd Jul 2024 05:57; edited 2 times in total
|
|
| Back to top |
|
|
tonizito
Posts: 51051
Location: Portugal, the shithole of Europe.
|
| Posted: Sun, 14th Jan 2018 11:58 Post subject: |
|
|
| VGAdeadcafe wrote: |
LOL Says Win Management Framework 5 or above is not installed 
So it needs an extra installation just to do a PoC vulnerability check on a fully updated win8 OS? Excellent piece of software! How about I don't install extra shit?
You can't spell Ashampoo without poo. |
Installed WMF, now it says error during scan
Anyway I just wanted to check my old P7350 (laptop's CPU), but it's probably affected too
| boundle (thoughts on cracking AITD) wrote: | | i guess thouth if without a legit key the installation was rolling back we are all fucking then |
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 16th Jan 2018 05:01 Post subject: |
|
|
|
|
|
| Back to top |
|
|
Stige
Posts: 3542
Location: Finland
|
| Posted: Tue, 16th Jan 2018 05:54 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 16th Jan 2018 07:58 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 16th Jan 2018 09:08 Post subject: |
|
|
How.. as my mobo didn't receive a bios update I manually updated the microcode, yet I'm still spectre vulnerable? 
|
|
| Back to top |
|
|
Przepraszam
VIP Member
Posts: 14398
Location: Poland. New York.
|
| Posted: Tue, 16th Jan 2018 10:22 Post subject: |
|
|
|
|
|
| Back to top |
|
|
Frant
King's Bounty
Posts: 24433
Location: Your Mom
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 16th Jan 2018 14:29 Post subject: |
|
|
No, same for me. You will not be 100% safe unless you receive a bios/microcode update.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 16th Jan 2018 16:57 Post subject: |
|
|
I only read that the performance impact for Ryzen are neglible with the updates.
Out of interest i checked BIOS updates for my board, but nothing so far from asshole Asus.
Is it even that important for Ryzen to get patched?
I haven't followed this drama long enough.
Enthoo Evolv ATX TG // Asus Prime x370 // Ryzen 1700 // Gainward GTX 1080 // 16GB DDR4-3200
|
|
| Back to top |
|
|
tonizito
Posts: 51051
Location: Portugal, the shithole of Europe.
|
| Posted: Thu, 18th Jan 2018 10:59 Post subject: |
|
|
|
|
|
| Back to top |
|
|
mtj
Posts: 2315
Location: Austria / Finland
|
| Posted: Thu, 18th Jan 2018 11:07 Post subject: |
|
|
| PumpAction wrote: | | No, same for me. You will not be 100% safe unless you receive a bios/microcode update. |
It's like having sex, to be sure, you need to use condom, birth control and abstain from sexual activity!
|
|
| Back to top |
|
|
Stige
Posts: 3542
Location: Finland
|
| Posted: Thu, 18th Jan 2018 11:11 Post subject: |
|
|
Still don't understand so I'll ask again:
Why would anyone in their right mind want to install this piece of shit of an update on their home PC?
It's only downsides and zero upsides to it.
So why would you install it?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 18th Jan 2018 12:35 Post subject: |
|
|
ROG MAXIMUS VIII HERO ALPHA 3703 is update for mine, but I wont be going near it with a barge pole.
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Thu, 18th Jan 2018 14:28 Post subject: |
|
|
 here guys...
This tool is way easier to understand, it tells you EXACTLY whats going on with your system (cpu).
And, oh, well. My CPU is AFFECTED.. it was cool as loong as i believed it haha...
anyway, heres the summary:
| Quote: |
This freeware download offers you the Free inSpectre, this tool tool checks Windows computers for Meltdown and Spectre vulnerabilities. Besides checking whether the system is vulnerable to the Spectre and Meltdown attack, the tool also checks whether performance of the computer has been decreased.
This application is made by security researcher Steve Gibson. To fully protect against both attacks, users have to update both their BIOS and operating system. This can have a negative impact on performance, depending on the tasks performed on the computer. InSpectre shows which updates have been installed and what has to be done to protect the system against the attacks. The tool also makes it possible to enable or disable protection against Spectre and Meltdown.
In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.
Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
Gibson warns that his tool is new and that conclusions on the output of the tool should be carefully considered as he writes, “it has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now.
“But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris,” Gibson adds. |
Get it here:
https://www.grc.com/inspectre.htm
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::..  |
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Stige
Posts: 3542
Location: Finland
|
| Posted: Thu, 18th Jan 2018 17:34 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Thu, 18th Jan 2018 18:06 Post subject: |
|
|
BUT, with this tool you can enable or disable the patch with one click..
good to benchmark before - after..
to be honest, i do not see or feel any slowdowns for my work, so ill just leave it..
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::.. |
|
| Back to top |
|
|
|
|
| Posted: Thu, 18th Jan 2018 18:12 Post subject: |
|
|
|
|
|
| Back to top |
|
|
ixigia
[Moderator] Consigliere
Posts: 64926
Location: Italy
|
| Posted: Thu, 18th Jan 2018 18:40 Post subject: |
|
|
Haha indeed, my motherboard from 2011 is most likely going to ignore the entire thing for the time being (not that it actually matters). Luckily the Meltdown update hasn't brought any visible annoyance to my daily PC needs, so I'm okay with it..I guess. The weneveraskedforit effect still stands though!
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Wed, 28th Mar 2018 03:09 Post subject: |
|
|
UPDATE!!!!!!!!
"You had one Job @ Microsoft" 
| Quote: |
Total Meltdown?
Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.
Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.
No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required - just standard read and write!
Accessing memory at over 4GB/s, dumping to disk is slower due to disk transfer speeds.
How is this possible?
In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.
The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM. For more in-depth information about paging please have a look at Getting Physical: Extreme abuse of Intel based Paging Systems - Part 1 and Part 2.
PML4 self-referencing entry at offset 0xF68 with value 0x0000000062100867.
Windows have a special entry in this topmost PML4 page table that references itself, a self-referencing entry. In Windows 7 the PML4 self-referencing is fixed at the position 0x1ED, offset 0xF68 (it is randomized in Windows 10). This means that the PML4 will always be mapped at the address: 0xFFFFF6FB7DBED000 in virtual memory. This is normally a memory address only made available to the kernel (Supervisor). Since the permission bit was erroneously set to User this meant the PML4 was mapped into every process and made available to code executing in user-mode.
"kernel address" memory addresses mapped in every process as user-mode read/write pages.
Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization. All one have to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory.
The last '7' in the PML4e 0x0000000062100867 (from above example) indicates that bits 0, 1, 2 are set, which means it's Present, Writable and User-mode accessible as per the description in the Intel Manual.
Excerpt from the Intel Manual, if bit 2 is set to '1' user-mode access are permitted.
Can I try this out myself?
Yes absolutely. The technique has been added as a memory acquisition device to the PCILeech direct memory access attack toolkit. Just download PCILeech and execute it with device type: -device totalmeltdown on a vulnerable Windows 7 system.
Dump memory to file with the command: pcileech.exe dump -out memorydump.raw -device totalmeltdown -v -force .
If you have the Dokany file system driver installed you should be able to mount the running processes as files and folders in the Memory Process File System - with the virtual memory of the kernel and the processes as read/write.
To mount the processes issue the command: pcileech.exe mount -device totalmeltdown .
Please remember to re-install your security updates if you temporarily uninstall the latest one in order to test this vulnerability.
A vulnerable system is "exploited" and the running processes are mounted with PCILeech.
Process memory maps and PML4 are accessed.
Is my system vulnerable?
Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn't patched since December 2017 or if it's patched with the 2018-03 patches or later it will be secure.
Other Windows versions - such as Windows 10 or 8.1 are completely secure with regards to this issue and have never been affected by it.
Other
I discovered this vulnerability just after it had been patched in the 2018-03 Patch Tuesday. I have not been able to correlate the vulnerability to known CVEs or other known issues.
Update
Windows 2008R2 was vulnerable as well. |
| Quote: |
In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself. |
source:
https://blog.frizk.net/2018/03/total-meltdown.html
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::..
|
|
| Back to top |
|
|
JBeckman
VIP Member
Posts: 34486
Location: Sweden
|
| Posted: Wed, 28th Mar 2018 07:50 Post subject: |
|
|
Looks like it's fixed though but there's two months of compromised updates if users are still on the January or February 2018 update roll-up for Windows 7 so it is a problem especially with how slow some corporate environments update their systems where this could be a big security issue.
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 28th Mar 2018 09:37 Post subject: |
|
|
Hmm I got an email from MSI(?) directing me to an ftp server to download new BIOS that, supposedly, protects you from the recent invulnerabilities.
Yet when I visit the official site the new BIOS update is not listed. Do you guys think I should install the new update or wait for some official confirmation? The ftp server seems legit but then again...who knows nowadays...
Rig: i7-5820k, MSI X99 Plus, Corsair 16GB DDR4:3000, Inno3d GTX 1080, Samsung 850 Pro 512GB, Corsair 850i PSU, AOC G2460PG.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Thu, 29th Mar 2018 01:37 Post subject: |
|
|
| scaramonga wrote: | | Breezer_ wrote: | Windows 10  |
Corrected. |
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::.. |
|
| Back to top |
|
|
| Page 4 of 5 |
All times are GMT + 1 Hour |
Now we can only wait for an upgrade which will *probably* never come 
