Windows Client Guidance against speculative execution vulnerabilities

  1.    12 Jul 2018 #720

    Variant 1.1 (Bounds Check Bypass Store) is now mentioned in the Windows Client Guidance, but strangely I can't find any information about either of the new vulnerabilities on the Intel web site.

    Q16. I heard that CVE-2018-3693 (Bounds Check Bypass Store) is related to Spectre. Will Microsoft release mitigations for it?

    A16
    . Bounds Check Bypass Store (BCBS) was disclosed on July 10, 2018 and assigned CVE-2018-3693. We consider BCBS to belong to the same class of vulnerabilities as Bounds Check Bypass (Variant 1). We are not currently aware of any instances of BCBS in our software, but we are continuing to research this vulnerability class and will work with industry partners to release mitigations as required. We continue to encourage researchers to submit any relevant findings to Microsoft’s Speculative Execution Side Channel bounty program, including any exploitable instances of BCBS. Software developers should review the developer guidance that has been updated for BCBS at https://aka.ms/sescdevguide.

    https://support.microsoft.com/en-us/...erabilities-in
      My ComputerSystem Spec

  2.    12 Jul 2018 #721

    Ground Sloth said: View Post
    Variant 1.1 (Bounds Check Bypass Store) is now mentioned in the Windows Client Guidance, but strangely I can't find any information about either of the new vulnerabilities on the Intel web site.

    https://support.microsoft.com/en-us/...erabilities-in
    I think it's in there that they think that Variant 1 mitigations are sufficient.

    I see the latest MCU are for Spectre Variant 3a and 4 (Rogue System Register Read & Specualtive Store Bypass).

    CVE's are in this article here
      My ComputersSystem Spec

  3.    12 Jul 2018 #722

    Ground Sloth said: View Post
    There are two more speculative execution side-channel vulnerabilities: Variant 1.1 and Variant 1.2.

    It's unclear if current protection against Variant 1 provides sufficient protection against these two new variants.


    https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/



    OR:
    https://www.ghacks.net/2018/07/11/he...ao0cqqj%2e29te
      My ComputerSystem Spec

  4.    13 Jul 2018 #723

    Due to the limitations of the InSpectre tool as is, I am attempting to validate Variant 4 patching against SSB via the PowerShell script.

    I can't seem to get it activated despite following the notes. It validates that Variant 1 (not 1.1 or 1.2) & 2 patching is active.

    I have applied the registry keys, rebooted and ran the script as Adminstrator.

    Anyone else tried it?
      My ComputersSystem Spec


  5. Posts : 20
    Windows 10 Insider + Ubuntu 18.10
       13 Jul 2018 #724

    winactive said: View Post
    Due to the limitations of the InSpectre tool as is, I am attempting to validate Variant 4 patching against SSB via the PowerShell script.

    I can't seem to get it activated despite following the notes. It validates that Variant 1 (not 1.1 or 1.2) & 2 patching is active.

    I have applied the registry keys, rebooted and ran the script as Adminstrator.

    Anyone else tried it?
    I tried, and SSBD isnt enabled on this build. But a few build back, 17692 or something like that, its enabled. And PowerShell script tells me my CPU Microcode isnt patched for Spectre v4, but actually my microcode is the latest with both Spectre v3a/4 and I verified patching status of microcode under Linux....
      My ComputerSystem Spec

  6.    13 Jul 2018 #725

    spektykles said: View Post
    I tried, and SSBD isnt enabled on this build. But a few build back, 17692 or something like that, its enabled. And PowerShell script tells me my CPU Microcode isnt patched for Spectre v4, but actually my microcode is the latest....
    I've just come to try it on a machine that has exactly that. My desktop has the July MCU whereas the laptop has the April MCU (both via UEFI).

    Edit: As you can guess, it made no difference. Not patched.
    Last edited by winactive; 13 Jul 2018 at 13:12.
      My ComputersSystem Spec

  7.    16 Jul 2018 #726

    I had an advisory from Dell today about a UEFI update for a machine I no longer own (I returned it due to poor battery performance). It was an update to mitigate Intel-SA-00115 (Spectre 3a & 4) and Intel-SA-00118 (Intel ME CSME vulnerability) so it contained MCU and ME images.

    So, you would hope that patching could be enabled in a production OS if the MCUs are being pushed by OEMs.
      My ComputersSystem Spec


  8. Posts : 20
    Windows 10 Insider + Ubuntu 18.10
       16 Jul 2018 #727

    Im already running latest Intel ME FW and MCU, not patched and it looks so bad on latest Insider build, I sent some feedback to MS already
      My ComputerSystem Spec

  9.    19 Jul 2018 #728

    spektykles said: View Post
    I tried, and SSBD isnt enabled on this build. But a few build back, 17692 or something like that, its enabled. And PowerShell script tells me my CPU Microcode isnt patched for Spectre v4, but actually my microcode is the latest with both Spectre v3a/4 and I verified patching status of microcode under Linux....
    I did it.

    Click image for larger version. 

Name:	Untitled.png 
Views:	0 
Size:	71.2 KB 
ID:	196451

    Problem lay in the reg file I'd created, it's fixed now (and attached).

    I also updated my version of WMF using PowerShell so I ran the WMF 5.1 version of the PS script not the alternate, had to install two (Nu-Get) updates. Imported the reg file as Admin, rebooted and ran the


    Get-SpeculationControlSettings and got the desired response.
    Windows Client Guidance against speculative execution vulnerabilities Attached Files
    Last edited by winactive; 19 Jul 2018 at 16:37.
      My ComputersSystem Spec

  10. Caledon Ken's Avatar
    Posts : 11,091
    Windows 10 Pro x64 Build 1803
       21 Jul 2018 #729

    To cover CVE-2018-3659 is it necessary to install latest UEFI or is there a Windows update that covers. I fail in the Speculative Store Bypass tests.

    Click image for larger version. 

Name:	image.png 
Views:	40 
Size:	34.3 KB 
ID:	196637

    Thanks
      My ComputerSystem Spec


 

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:33.
Find Us