Jump to content

Digitama

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. @exile360 , it is as John L. Galt said. So far, Spectre can only be used for reading data on targeted machine. No writing "yet". The payload delivery method = javascript on unpatched web browser. Spectre exploit "used" to work on web browsers through simple javascript execution. You just have to visit booby trapped site and somehow linger around the site for long time...... (I mean there are web operator abusing tiny sized pop-under ads that appears hidden way behind the main browser window rather instead of appearing in front of it.) The big three web browsers (edge,chrome,firefox) mitigate it by disabling SharedArrayBuffer, reducing the resolution of performance.now timer and adding some timing jitter (firefox nightly Bug 1448869). However, few reports indicated these mitigations are useless because one can construct high precision timer through HTML5 Web Workers. Unfortunately, a lot of companies never update their web browsers .......so, between traditional phishing or "high-tech" phishing with NSA Spectre payload style.....which one do you prefer? Connectivity issue? Firewall normally let web browsers traffic through..... EDIT: By the way, Intel just cancelled microcode update for 45nm core 2, Bloomfield and Clarkfield. Old system be damned. EDIT2: If you read linux kernel commit comments, Google Repotline method only won't protect Skylake against spectre. Microcode update is required. https://lkml.org/lkml/2018/1/4/432
  2. There is no advantage of installing microcode via VMWare driver, unless the you run virtual machine....then the os within the virtual machine will get protected from Spectre. Let start with Meltdown CVE-2017-5754. This one doesn't require microcode update, purely software based fix with PCID/INVPCID accelerated optimization to minimize the slowdown from the fix. More info on how microsoft Meltdown fix works over here https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/ This is why "Windows OS support for kernel VA shadow is enabled" is shown as True. The bad news, there is no PCID optimization enabled for Win7 even though your CPU supports PCID/INVPCID. The optimization only enabled on windows 10 if the cpu supports PCID/INVPCID. Now, for the Spectre CVE-2017-5715 part, your windows 7 kernel is vulnerable to spectre because windows kernel is not able to detect IBRS, IBPB and STIBP existence (the proper microcode is not loaded before kernel initialization = VMware microcode loader loads the microcode too late in booting stage) and thus the kernel does not set-up to use these MSRs to protect your system against spectre as I highlighted in red. IBRS, IBPB and STIBP documentation can be find over here https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
  3. Hmm?Opps... Just noticed my minor mistake on vmware method about getspeculationsettings report. You should get report status above with vmware method indicating the kernel mitigation isn't enabled even though "Hardware support for branch target injection mitigation is present" is shown as True. Check for "Windows OS support for branch target injection mitigation is enabled" status. Don't trust InSpectre result. It is unreliable. Trust only Microsoft's SpeculationControl. edit: The performance regression with microcode enabled.......
  4. I know operating system can load microcode just fine. However, for KB4090007 (windows 10 and skylake to coffee generation only) case, Microsoft bootloader loads its own microcode from Intel at bootloader stage which new MSRs are detectable by the kernel. Then the kernel will be able to activate the mitigation. As you mentioned, it is unlikely for Microsoft to do so for Win7 or old CPU. I never said anything about hard requirement for a bios update....... I am saying the vmware loads the microcode too late in the booting stage for windows kernel to detect those MSRs and mitigation activation. So, for the Get-SpeculationControlSettings, you need to install latest powershell from microsoft. https://docs.microsoft.com/en-us/powershell/ https://github.com/PowerShell/PowerShell/releases Don't forget to install Powershell prerequisites too ----> Windows Management Framework 5.0 (Google it?) After powershell installation is done, open powershell with admin privilege: Install-Module SpeculationControl Set-ExecutionPolicy Bypass Get-SpeculationControlSettings Thus, you will be able to see the status of windows kernel mitigation for Spectre and Meltdown Don't forget to set the ExecutionPolicy to restricted after you are done checking. Set-ExecutionPolicy Restricted Source: https://support.microsoft.com/en-my/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell
  5. Kay'....time to break your bubble as I did to others and please stop spreading "fake news" (pun intended) about vmware tools being able to help with Spectre fix First, I would like to inform you that VMware CPU Microcode Update Driver does not work and you are TOTALLY not shielded Please do not trust InSpectre result. Do make a use of Get-SpeculationControlSettings provided by Microsoft If you use VMware tools, InSpectre will report your system is protected from Spectre, however IT IS NOT. You don't believe me? Fine, run Get-SpeculationControlSettings and you will see : Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is enabled: False Notice the bottom two line. The mitigation is not enabled by Windows 7 kernel at all. Why? Recall back the booting procedure: BIOS/UEFI--->Boot loader phase--->Kernel--->Session Manager--->Driver ----> Application VMWare microcode loader Driver is loaded way too late for windows kernel to detect IBRS and IBPB command MSRs (These two only available from Intel latest microcode) The correct result and properly "shielded" system would be : Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True *I specifically registered on this site to inform you on this issue. A lot of newbie think VMware CPU Microcode Update Driver will do the trick by using latest intel microcode, but the fact --> it does not* Which is why you didn't notice any performance regression....... ~.~ Sorry for breaking your hope.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.