INTEL-SA-00115, new microcode updates?

RvdH · June 14, 2018, 3:32pm

Should we expect new microcode updates once again?
https://www.intel.com/content/www/us/en/…l-sa-00115.html

Pete12 · June 14, 2018, 4:26pm

Not very clear , where to download ??
HOW can we get this new update ??
Can not find this on Intel-sites…!!

RvdH · June 14, 2018, 5:55pm

Intel has released Beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD) – CVE-2018-3639. SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.

The microcode updates will also address Rogue System Register Read (RSRR) – CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return data under certain conditions. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. No operating system or hypervisor changes are required to support the RDMSR change.

It is expected beta microcode updates will be fully production qualified in the coming weeks.

dash · June 15, 2018, 2:22am

Yes, a few of those are already available in the usual places. Both Linux and the latest Windows 10 builds have SSBD support (disabled by default, because it HURTS performance just as much as the Meltdown fixes (separate page tables for kernel/userspace) did).

dash · June 15, 2018, 2:25am

The fixes for RSRR are transparent and harder to detect (assume anything that claims to support SSBD MSR has RSRR fixed), and RSRR would be used as a tool to bypass ASLR or other such steps in a multi-vulnerability chain to get privilege escalation – it is not going to leak user or kernel data, but rather the contents of MSRs such as page table locations, etc.

RvdH · June 19, 2018, 11:25pm

Haswell CPU Micro-Code Rev. 25 (cpu306C3_plat32_ver00000025_2018-04-02_PRD_5F430452.bin) brings hardware support for CVE-2018-3639

How to enable mitigation
Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown

Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is enabled system-wide: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : True

thurask · June 19, 2018, 11:49pm

I have the same results with Skylake and microcode C6.

N6O7 · June 19, 2018, 11:49pm

@RvdH and all,

I would not recommend at all to set "enable fix" in the registry settings for "protect against speculative execution side-channel vulnerabilities".

1) Mitigation against Spectre Variant 2
To enable the fix

and

2) Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown
To enable the fix

From what I 've tested it will breaks many softwares as for example AI Suite II, Windows Explorer, IE 11, IRST, etc… by a violation access code.

Doing by sfc /scannow will not repair any of them.
I had to do a restore point at boot with original DVD after having disable my raid0 array in order to repair.

Good luck!

RvdH · June 19, 2018, 11:55pm

@N6O7
I can not say i have experienced any issues with both (CVE-2017-5715/CVE-2017-5754 and CVE-2018-3639) protections enabled (yet)

N6O7 · June 20, 2018, 12:02am

I’m using windows 7 x64 Pro and as I saw, it’s new to the OS system having enable SSBD.

Since the OS system had been patched and most of the intel microcodes too, you can see/use with such tool as “InSpectre” or “SpectreMeltdownCheck” if the fix is enable or not. Also can be use the PowerShell script provided in the MS article to verify.

But using the registry aswell, will override as it says in the registry dword key “FeatureSettingsOverride”

RvdH · June 20, 2018, 12:07am

@N6O7
No idea what your last comment is about???
I have enabled all protections against CVE-2017-5715/CVE-2017-5754 and CVE-2018-3639 as you can see here

I am just saying this has NOT broken anything here!

N6O7 · June 20, 2018, 12:11am

So you did it by registry settings?. Adding the dword keys?

What I’m telling is that all of this is patched in lastest MS Updates and intel/amd microcodes, thus are not always visible in the registry keys. My OS do not have those keys in registry, but protections are enabled.
Just no need to add them

RvdH · June 20, 2018, 12:25am

On Windows 10 you don’t have to set CVE-2017-5715/CVE-2017-5754, as by default, this update is enabled. see https://support.microsoft.com/en-us/help…nerabilities-in
On Windows Server 2016 you have to enable both CVE-2017-5715/CVE-2017-5754 mitigations manually (because they are not enabled by default, like they are on Windows 10). see https://support.microsoft.com/en-us/help…ative-execution

CVE-2018-3639 is disabled by default on both Windows 10/Windows Server 2016 and you need to enable mitigation manually, see https://support.microsoft.com/en-us/help…ative-execution and https://support.microsoft.com/en-us/help…nerabilities-in

N6O7 · June 20, 2018, 12:41am

Well at least the end users should care of which OS version this should be applied using the registry settings.

The MS article mention:

Mitigation against Spectre Variant 2:

Spectre and Meltdown are patched on my OS but not the SSBD (Speculative Store Bypass Detection)

and this one is not enabled by default

Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown:

I found the last combination dangerous for my OS windows 7 SP1 to enable both "mitigations around Speculative Store Bypass" and "Spectre Variant 2/Meltdown". in registry

RvdH · June 20, 2018, 12:45am

Whatever… you are the one mentioning all these registry settings and confusing people, not me…I just point people to the proper documents/instructions

N6O7 · June 20, 2018, 12:49am

I do not blame you, but by posting such article including registry change can lead some users to wrong informations and have to be read carefully

RvdH · June 20, 2018, 12:52am

You are ridiculous… you are the one posting registry changes!!!

N6O7 · June 20, 2018, 12:59am

I just warn some users not using the registry change posted in the article without knowing the risk I experienced too.

BTW, You’re not supposed jumping on your big horses by answering me. Free others to read.
Discussion closed

RvdH · June 25, 2018, 11:59am

FYI …
Intel just released an updated “Microcode Revision Guidance” dated June 21 2018 for INTEL-SA-00115

https://www.intel.com/content/dam/www/pu…te-guidance.pdf

Pete12 · July 10, 2018, 10:16am

It looks as if the "medicin " is worse then the disease…!