Jump to content

Search the Community

Showing results for tags 'spectre'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 12 results

  1. Some of the protections against the Spectre CPU vulnerability introduced in modern browsers can be defeated, security researchers revealed this week. According to research published by Aleph Security on Tuesday, the company's researchers were able to put together proof-of-concept code that retrieves sensitive data from a browser's protected memory. The browsers were running a version that received mitigations against such attacks, researchers said. The Aleph team says their PoC bypassed Spectre mitigations and retrieved data from browsers such as Edge, Chrome, and Safari. They were not able to retrieve browser memory data from Firefox, mainly because of a different type of mitigation Mozilla had used for its browser. Researchers bypass Spectre v1 in-browser protections More precisely, researchers bypassed the in-browser mitigations introduced to fend off the Spectre v1 CPU vulnerability, the only one of the Meltdown and Spectre bugs that could be exploited via a web browser. Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1 Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2 Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown Variant 3a: rogue system register read (CVE-2018-3640) Variant 4: speculative store bypass (CVE-2018-3639) aka SpectreNG Back in January, when the first three Meltdown and Spectre flaws became known, browser makers introduced various types of protections inside their products. Mitigations against Spectre v1 have been rolled out and incorporated in Firefox, Chrome, Chromium, V8, Webkit (Safari), and Edge and IE. Mitigations vary from project to project, but in short, they are: 1〉 Index masking of array objects 2〉 Site-Isolation feature in Chromium-based browsers 3〉 Disabling SharedArrayBuffer 4〉 Reducing precision of performance.now() timers 5〉 Adding jitter to the response of performance.now() Edge, Chrome, Safari protections defeated But Noam Hadad and Jonathan Afek, two security researchers with Aleph Security, said they were able to find a way around the index masking mitigation (1), data timing mitigations (3 & 4) and jittered timer outputs (5). The two put together proof-of-concept code —also shared on GitHub— that defeats the above mitigations and retrieves data from a browser's protected memory —data that a malicious page should not be able to access under normal circumstances. "In [our] research we were able to show that even with the implemented Spectre mitigations, we were able to (1) read speculatively accessed memory in Chrome at around 1 bit per second; (2) Read accessed memory in Edge (not speculatively accessed) at around 1 bit per second; and (3) read accessed memory in Safari (not speculatively accessed) at around 1 bit per second," Hadad and Afek said. "We were not able use these techniques in Firefox, as they recently reduced the timer resolution to 2ms," the researchers said. Data that can typically be stolen with Spectre v1 attacks includes information shared by different pages and browser processes, such as HttpOnly cookies, cookies of other origins, saved passwords, and more. Better mitigations needed The PoC exfiltrates data at very slow speeds, but researchers did not develop it for offensive purposes. The research only probed the effectiveness of the Spectre in-browser patches. "This research shows that while the timing mitigations implemented in different browsers are effective at dramatically slowing down Spectre-like attacks, they are not effective at preventing them," the duo said. "This means that more robust solutions are required, such as site-isolation and index masking," Hadad and Afek recommended. "These timing mitigations are hurting performance and functionality for some web applications, and taking into account their limited effectiveness, reverting them should be considered," the tow added. Last week, Forcepoint researchers also warned that planned changes in the WebAssembly standard could accidentally negate some of the mitigations browser makers introduced in their browsers. Source
  2. Chipzilla checking fresh set of CVEs in chip side-channel flaw Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's processors. "So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable," Jürgen Schmidt reported. "Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent." The report notes that Intel has been alerted as to the exploit methods, though Chipzilla isn't saying much on the matter right now. "Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers," executive VP and general manager of product assurance and security Leslie Culbertson said in a statement to The Register. "We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations." The disclosure of new ways to leverage Spectre – which can be exploited by malicious software on a device or PC to extract passwords and other secrets from memory it shouldn't be allowed to access – should hardly come as a shock, given the nature of the deep design flaw and how difficult it is for chip designers to fully address. Seemingly every few weeks, brainiacs have found and written up new variants and points of entry related to the bug, and new variations will likely continue to be found until chipmakers can get redesigned processors to market later this year. Source
  3. ADN

    inSpectre #7

    Easily examine and understand any Windows system's hardware and software capability to prevent Meltdown and Spectre attacks. Now displays the system's =CPUID= to determine whether Microsoft's new Spectre patches are available for the CPU. Homepage Download Changelog :
  4. Microsoft said today that it would take Intel CPU microcode updates meant to fix the Spectre v2 vulnerability and ship these updates to users via a Windows update package. The announcement is a change of direction in regards to Microsoft's position towards the Meltdown and Spectre patching process. The complicated Spectre v2 patching process Meltdown and Spectre (v1 and v2) are three vulnerabilities that affect a large number of modern CPUs. Microsoft (and other OS makers) have supplied OS-level updates to address the Meltdown and Spectre v1 vulnerabilities and said that CPU makers, such as Intel, must issue so-called microcode (CPU firmware) updates that will need to be installed separately. PC owners have been waiting for these updates since early January when the Meltdown and Spectre flaws became public. Intel (and other CPU makers) were supposed to release these microcode updates so that OEMs would integrate them as motherboard firmware updates that users could download and install. Intel released an initial batch of microcode updates but was forced to withdraw them after reports of increased system reboots. Starting February, Intel began releasing new microcode updates meant to fix Spectre v2. It first released updates for some Skylake CPUs, then followed with a second batch for Kaby Lake, Coffee Lake, and more Skylake processors, and this week with a third batch for Broadwell and Haswell processors. But applying these updates will be a hell for many users because they'll either need to download them manually from Intel's site, or wait for a motherboard firmware update from their OEM (PC/notebook seller). Most users are unaware they have to do this. Microsoft steps in to save the day This is where Microsoft has decided to step in. The company announced today that it will help deliver some of these microcode updates to Windows users. Microsoft released today the first of such updates —KB4090007. This update package deploys Intel microcode updates that fix the Spectre Variant 2 vulnerability (CVE 2017-5715 [Branch Target Injection]). KB4090007 is only available for Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core). The update package is for Intel Skylake CPU owners only. Microsoft exec John Cable (Director of Program Management, Windows Servicing and Delivery) also said Microsoft and Intel are working on other Windows updates for more microcode fixes, for other Windows versions and processor series. Bleepingcomputer.com
  5. Intel says it has most -- but not all -- of the buggy Meltdown/Spectre firmware patches in order. While Microsoft announces but doesn’t ship a firmware fix for the Surface Pro 3. Thinkstock One month ago today, Intel told the world that their Meltdown/Spectre patches were a mess. Their advice read something like, “Ooopsie. Those extremely important BIOS/UEFI firmware updates we released a coupla weeks ago are causing Intel machines to drop like bungee cows. In spite of what we told you then, stop installing them now. And if you installed a bad BIOS/UEFI patch, well golly, contact your PC manufacturer to see if they know how to get you out of the mess.” Intel now says it has released really new, really good firmware versions for most of its chips. Intel chips covered, and those not covered Scanning the official Microcode Revision Guidance February 20, 2018 (pdf), you can see that Coffee Lake, Kaby Lake, Bay Trail and most Skylake chips are covered. On the other hand, Broadwell, Haswell, and Sandy Bridge chips still leave brown skid marks. Security Advisory INTEL-SA-00088 has been updated with this squib: We have now released new production microcode updates to our OEM customers and partners for Kaby Lake, Coffee Lake, and additional Skylake-based platforms. As before, these updates address the reboot issues last discussed here, and represent the breadth of our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. They also include our recently announced Intel® Xeon® Scalable and Intel® Xeon® D processors for datacenter systems. We continue to release beta microcode updates for other affected products so that customers and partners have the opportunity to conduct extensive testing before we move them into production. Intel's recommendations Intel goes on to recommend basically the same stuff they recommended last time, with a specific call-out: We continue to recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of previously released versions of certain microcode updates addressing variant 2 (CVE-2017-5715), as they may introduce higher-than-expected reboots and other unpredictable system behavior. We also continue to ask that our industry partners focus efforts on evaluating the beta microcode updates. For those concerned about system stability while we finalize these updated solutions, earlier this week we advised that we were working with our OEM partners to provide BIOS updates using previous versions of microcode not exhibiting these issues, but that also removed the mitigations for ‘Spectre’ variant 2 (CVE 2017-5715) Microsoft also provided two resources for users to disable original microcode updates on platforms exhibiting unpredictable behavior: For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 - client and server For advanced users – Refer to the following Knowledge Base (KB) articles KB4073119: IT Pro Guidance KB4072698: Server Guidance Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system. The “For most users” update is KB 4078130, the surprise Friday evening patch, released on Jan. 26, which I discussed almost a month ago: On Friday night, Microsoft released a strange patch called KB 4078130 that “disables mitigation against Spectre, variant 2.” The KB article goes to great lengths describing how Intel’s the bad guy and its microcode patches don’t work right: There aren’t any details, but apparently this patch — which isn’t being sent out the Windows Update chute — adds two registry settings that “manually disable mitigation against Spectre Variant 2” Rummaging through the lengthy Microsoft IT Pro Guidance page, there’s an important warning: Customers who only install the Windows January and February 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January and February security updates, a processor microcode, or firmware, update is required. This should be available through your OEM device manufacturer. Microsoft firmware update for Surface Pro 3 In what must be an amazing coincidence, last night Microsoft released a firmware update for the Surface Pro 3. It’s currently available as a manual download (“MSI format”) for Surface Pro 3. I haven’t seen it come down the Windows Update chute. Perhaps Microsoft is beta testing it once again. Per Brandon Records on the Surface blog: We've released a new driver and firmware update for Surface Pro 3. This update includes new firmware for Surface UEFI which resolves potential security vulnerabilities, including Microsoft security advisory 180002. This update is available in MSI format from the Surface Pro 3 Drivers and Firmware page at the Microsoft Download Center. Except, golly, the latest version of the patch on that page (as of 10 am Eastern US time) is marked “Date Published 1/24/2018.” The official Surface Pro 3 update history page lists the last firmware update for the SP3 as being dated Oct. 27, 2017. And, golly squared, Microsoft Security Advisory 180002 doesn’t even mention the Surface Pro 3. It hasn’t been updated since Feb. 13. It links to the Surface Guidance to protect against speculative execution side-channel vulnerabilities page, KB 4073065, which doesn’t mention the Surface Pro 3 and hasn’t been updated since Feb. 2. You’d have to be incredibly trusting — of both Microsoft and Intel — to manually install any Surface firmware patch at this point. Particularly when you realize that not one single Meltdown or Spectre-related exploit is in the wild. Not one. Thx Bogdan Popa Softpedia News. Fretting over Meltdown and Spectre? Assuage your fears on the AskWoody Lounge. Source: Intel releases more Meltdown/Spectre firmware fixes, Microsoft feints an SP3 patch (Computerworld - Woody Leonhard)
  6. Intel releases updated Spectre and Meltdown patches for Skylake systems It may have been a while since there was major news about the Spectre and Meltdown bugs, but the problems have not gone away. After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems. Despite the problems with both stability and performance with Spectre and Meltdown patches, Intel uses an announcement about the latest updates to stress the importance of installing patches in a timely fashion. There's more than a hint of irony in the fact that Intel had to tell users to stop using an earlier update because of the problems it was causing. The latest microcode update addresses not only the original vulnerability, but also the stability issues that stemmed from earlier patches. Intel has shared the updates with its partners, and they should be making their way out to systems in due course. For now, unfortunately, anyone without a Skylake system is out of luck. Problems with Broadwell, Haswell, Kaby Lake, Skylake X, Skylake SP and Coffee Lake still need to be addressed. In a post on the Intel website, executive vice president of the company, Navin Shenoy, says: Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production. He goes on to say: Ultimately, these updates will be made available in most cases through OEM firmware updates. I can't emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today's environment, that must change. According to the Department of Homeland Security's cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented with -- among other things -- regular system updates. If you have a Skylake-based system, you should -- hopefully -- receive a firmware update very soon, but just when this happens will vary depending on the hardware manufacturer. Source: Intel releases updated Spectre and Meltdown patches for Skylake systems (betanews) Poster's warning: Read this first BEFORE considering applying it... Intel says its new Spectre-busting Skylake firmware patch is ready (AskWoody.com)
  7. Hackers could be close to developing malware that exploits flaws, suggests a German cybersecurity firm. AV-Test, an independent German antivirus testing and security software company, has managed to identify nearly 139 malware samples that most probably indicate growing craze among cybercriminals to exploit the recently discovered CPU bugs Meltdown and Spectre. However, the majority of these samples are based upon already existing proof-of-concept coding from numerous security experts but it is indeed concerning that the number of unique samples has increased considerably over the past few weeks. The number of samples collected by AV-Test on January 7th was rather low but by January 21st the company managed to collect a hundred samples and at the end of January, the total count of samples reached 139. AV-Test AV-Test wrote on Twitter that the 139 samples discovered by its researchers “appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,” and posted SHA-256 hashes of some of the samples. Google exposed the Meltdown and Spectre flaws on January 3rd, 2018 and since then OS developers, chip makers, and browser creators have been trying to release patches to mitigate the three different types of speculative side-channel attacks, which are believed to affect WebAssembly and JavaScript supporting browsers. Apple had stated while releasing patches for the attacks that Spectre attacks are quite difficult to exploit even is the infected app runs locally on macOS or iOS device; but if the browser runs on JavaScript then the attacks are very much exploitable and if the attack meets success then it will leak all kinds of sensitive data including passwords. According to AV-Test CEO Andreas Marx, each one of the samples can use one of the three attacks but in case the files contain “problematic program codes” then it is impossible to confirm that all of them can exploit the vulnerabilities successfully. Marx stated that it won’t be surprising to identify first targeted attacks or widespread use of malware but he also explained that such attacks will happen only if threat actors find it easy to exploit Spectre and Meltdown vulnerabilities as they are currently focusing more on ransomware and cryptojacking exploits. “Due to the extremely high number of affected computers/systems and the complexity to ‘fix’ the Spectre-Meltdown vulnerabilities, I’m sure that the malware writers are just looking for the best ways to extract information from computers and especially browsers,” stated Marx. Marx also believes that the malware developers are currently in the research phase in which they are trying to identify ways to exploit Meltdown and Spectre attacks because most of the samples are either recompiled of extended versions of the proof-of-concepts. “Interestingly, for various platforms like Windows, Linux and MacOS. Besides this, we also found the first JavaScript POC codes for web browsers like Internet Explorer, Chrome or FireFox in our database now,” wrote Marx. On Tuesday Fortinet’s FortiGuard Labs published a report after assessing these samples and expressed its concerns regarding the probable potential of Meltdown and Spectre malware targeting enterprises and users. The company concluded that 83% of these samples were proof-of-concept based while the remaining 17% were not publicly shared probably for being under NDA. Fortinet has released various antivirus signatures to defend users against those samples but it would be difficult to detect other exploits that are related to these chip vulnerabilities and patch issues have further complicated the situation. To mitigate the threat Marx suggests that if the PC is not in use for over an hour then it is a wise idea to switch it off and always close the browser while going out on lunch break because it will minimize the attack surface to a great extent and also prevent loss of energy. https://www.hackread.com/139-malware-samples-identified-that-exploit-meltdown-spectre-flaws/
  8. If you were about to install Intel’s fix for Spectre and Meltdown, don’t be so fast: the chip company is advising those with certain processors to avoid the security patches currently available. Intel began pushing out fixes along with the help of its system partners earlier this month, as it tried to deal with the twin security issues identified by Google Project Zero and others. However, that process hasn’t been entirely smooth-running. Initially, plenty of attention was paid to just what sort of performance hit users could expect as a result of the patches. Early fears of a significant slowdown seemed to be unfounded, though independent testing of both consumer and server processors from Intel’s line-up did show some impact after the updates were installed. Others, though, ran into a more pressing problem. Users of computers based on Intel Haswell or Broadwell processors reported a greater than typical number of unexpected restarts. It’s been impacting both consumer and server systems, the chip-maker confirmed back on January 11, though at that point the advice was to continue applying whatever software updates were being released. Now, though, that’s guidance has changed. “We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” Intel said today. The company began testing a new version of the fix over the weekend, but it seems it’s not ready for public primetime quite yet. Instead, “we also ask that our industry partners focus efforts on testing early versions of the updated solution for Broadwell and Haswell we started rolling out this weekend, so we can accelerate its release,” the company said. Since leaving systems unpatched could mean they’re more vulnerable to a Spectre or Meltdown hack, though, Intel also has an interim plan in the works. It’s also working on a previous version of its patch which doesn’t, apparently, lead to the reboot problem in Haswell and Broadwell systems. However, that was only possible by moving the so-called Variant 2 Spectre mitigations from the patch, leaving it protecting only against Variant 1 Spectre and Variant 3 Meltdown. That will be delivered by a BIOS update. Clearly, it’s not been a great month for Intel. Though Spectre and Meltdown don’t affect the processor manufacturer uniquely, it seems to be having some of the most high-profile issues getting systems both patched and stably-so in the aftermath of the security flaws’ announcement. “I apologize for any disruption this change in guidance may cause,” Navin Shenoy, executive VP at Intel and general manager of the company’s Data Center Group, said today of the updated advice. “The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.” As for when the modified BIOS patch will be released, that will depend on the OEM responsible for manufacturing your computer or server. MORE Intel Microcode revision list [pdf link] source
  9. This page has all the information collected on Spectre and Meltdown and has links to various manufacturer sites and information on specific systems. It is an invaluable resource. https://meltdownattack.com/ (Admins: I thought this was the most appropriate place for this information. If I am wrong please move it. Thank you.)
  10. Take a look inside the new January Security-only patches specifically for Win7 and 8.1 AMD machines that were blue-screend by the original January Security-only patches. Win10 brickees still in limbo. Thinkstock I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by other bad patches, earlier this month, but they’ve arrived with no instructions — and a strange circular logic. Last week, Microsoft released two patches, with these official titles: KB 4073578: Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4073576: Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2 The Win7 KB article says: An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056897 (Security-only update) or January 4, 2018—KB4056894 (Monthly Rollup): AMD devices fall into an unbootable state… This update does not replace a previously released update. The Win8.1 article says the same thing, with reference to the analogous patches KB 4056898 and 4056895. … and that’s all of the description on offer. You can find lots of posts about the two patches and how they fix the “unbootable state” (what most of us would call a BSOD or blue screen), but there’s exactly zero advice on how to use the patches, or what fixes they include. And that part about “does not replace a previously released update” has my head whirling. Just for starters, if you installed one of this month’s buggy Meltdown/Spectre Windows patches on a machine with an older AMD processor (Athlon, Sempron, Turion, Opteron, Phenom and some Ryzen computers), you probably hit a blue screen. Microsoft pulled the patches a few days later, but a whole lot of people had to boot to a recovery environment or re-install Windows, just to get going again. Now we have patches for Win7 and 8.1 that appear to be the Meltdown/Spectre patches specifically for AMD machines. There’s something karmic about a patch that is designed to install on a machine that can’t boot, thus can’t install any patches. But let's move beyond the Kafkaesque dilemma. Here are just a few of the many, many questions swirling around over the weekend: Which AMD machines are targeted? I don’t know. Microsoft isn’t saying. Apparently these patches are meant for machines that threw BSODs with the earlier patches — but do you need to install the original patch and wait to see if you hit a BSOD, before installing these patches? If installing a patch just to see if it bricks your machine doesn’t sound like a fun way to spend a snowy day, can you put these new patches on any AMD machine? If so, what happens? Who knows? Are these patches replacements for the originals — do they cover the same ground — or are they somehow different? Poster @MrBrian on AskWoody says: On Windows 7 x64, I compared what KB4056897 installs vs. what KB4073578 installs. Considering just executable files, KB4073578 installs a newer version of some executable files. … Of the changed executable files between the two Windows 7 x64 updates (inspected with CBS Package Inspector), the only executable file that changed in size is hvax64.exe. So if the old and new versions of this month’s Windows/Spectre patches install different files, should you install the new patch on an AMD machine that somehow installed the old one? For that matter, can you install this newer version on an Intel machine and get away with it? @MrBrian in an intrepid moment tried that. His conclusion: As a test, I installed KB4073578 on two computers with two different Intel CPU models. I then rebooted and logged into a user account on each computer. There were no apparent problems. To recap, we have patches for Win7 and 8.1 AMD computers that officially only apply to bricked AMD computers, but still install on Intel computers, and come up with a newer hvax64.exe file. And the patches are only for Win7 and 8.1, not Win10. Care to chase this down the January patch rabbit hole? For example, as @PKCano notes, the Win8.1 Monthly Rollup appeared after the Win7 Monthly Rollup. Does the Win8.1 Monthly Rollup include the new security files or the old ones? What happens if you install the old patches and the new patches, in any time sequence combination of Security-only, Monthly Rollup, old and new? Let’s not forget that Microsoft started pushing the Meltdown/Spectre patches for some AMD processors, but are they old ones or new ones, and for which processors? Most of all, what happened to Windows 10? Microsoft yanked a half-dozen January Win10 cumulative updates because they were bricking AMD processors. At least some of those cumulative updates are going out again. Do they include the new files or the old ones? Since Microsoft doesn’t release Security-only patches for Win10, are we stuck with the old cumulative updates until the February Patch Tuesday cycle kicks in? What about those who have AMD machines that choke on the cumulative updates? I feel an Excedrin headache coming on. Join me on the AskWoody Lounge. Source: Microsoft's mystifying Meltdown/Spectre patches for AMD processors (Computerworld - Woody Leonhard) Welcome back nsane, missed you...
  11. Fake Spectre and Meltdown patch pushes Smoke Loader malware The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actually is malware. In fact, German authorities recently warned about phishing emails trying to take advantage of those infamous bugs. We identified a recently registered domain that is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors. While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity. Moreover, the same fraudulent domain has a link to a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip) containing the so-called patch (Intel-AMD-SecurityPatch-10-1-v1.exe), which really is a piece of malware. Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information: The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the .bid domain, including one that is a German template for a fake Adobe Flash Player update. We immediately contacted Comodo and CloudFlare to report on this abuse and within minutes the site did not resolve anymore thanks to CloudFlare’s quick response. Malwarebytes users were already protected at zero-hour against this malware. Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise. It’s always important to be cautious, especially when urged to perform an action (i.e. calling Microsoft on a toll-free number, or updating a piece of software) because there’s a chance that such requests are fake and intended to either scam you or infect your computer. There are very few legitimate cases when vendors will directly contact you to apply updates. If that is the case, it’s always good to verify this information via other online resources or friends first. Also, remember that sites using HTTPS aren’t necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam. Indicators of compromise Fraudulent site: Fake patch (Smoke Loader): Smoke Loader callbacks: Source
  12. Instant vulnerability check for Spectre and Meltdown Glaring security holes in all modern processors named Meltdown and Spectre have recently made the headlines. With Ashampoo Spectre Meltdown CPU Checker, you can determine at the click of a button whether your system is vulnerable. The program uses a Microsoft-based check that would usually require complex inputs and configuration work before you'd see results. Ashampoo Spectre Meltdown CPU Checker does it for you and checks both potential attack vectors. If your system is affected, the program will offer further information on how to protect your computer. Ashampoo Spectre Meltdown CPU requires no registration or installation to work. Download