{"id":11278,"date":"2018-01-29T06:30:02","date_gmt":"2018-01-29T14:30:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/29\/news-5049\/"},"modified":"2018-01-29T06:30:02","modified_gmt":"2018-01-29T14:30:02","slug":"news-5049","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/01\/29\/news-5049\/","title":{"rendered":"Windows surprise patch KB 4078130: The hard way to disable Spectre 2"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 05:49:00 -0800<\/strong><\/p>\n

As we crawl deeper down the Meltdown\/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the \u201cfix\u201d that\u2019s supposed to protect you against one of the Spectre variants. It\u2019s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.<\/span><\/p>\n

I\u2019m tempted to call it an out-of-band patch, but truth is that all of this month\u2019s patches have been out of band.<\/span><\/p>\n

You\u2019ve no doubt been inundated by the news about <\/span>Meltdown and Spectre<\/span><\/a>, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer. <\/span><\/p>\n

You all know that Intel <\/span>has acknowledged <\/span><\/a>that\u00a0its latest firmware patches <\/span>can cause<\/span><\/a> \u201chigher system reboots after applying firmware updates\u201d in essentially <\/span>all modern versions<\/span><\/a> of its chips. If you\u2019ve been paying attention, you also know that, on the software side, Microsoft has <\/span>patched<\/span><\/a>, <\/span>bricked<\/span><\/a> (more accurately, \u201crendered unbootable\u201d), <\/span>pulled<\/span><\/a>, <\/span>repatched<\/span><\/a> and generally changed Windows patching from a once-a-month headache to an <\/span>advanced persistent threat<\/span><\/a>. <\/span><\/p>\n

Now for something completely different.<\/span><\/p>\n

On Friday night, Microsoft released a strange patch called <\/span>KB 4078130<\/span><\/a> that \u201cdisables mitigation against Spectre, variant 2.\u201d The KB article goes to great lengths describing how Intel\u2019s the bad guy and its microcode patches don\u2019t work right:<\/span><\/p>\n

While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 \u2013 \u201cBranch target injection vulnerability.\u201d In our testing this update has been found to prevent the behavior described. <\/span><\/p>\n

There aren\u2019t any details, but apparently this patch \u2014 which isn\u2019t being sent out the Windows Update chute \u2014 adds two registry settings that \u201cmanually disable mitigation against Spectre Variant 2\u201d:<\/span><\/p>\n

“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management” \/v FeatureSettingsOverride \/t REG_DWORD \/d 1 \/f<\/span><\/p>\n

“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management” \/v FeatureSettingsOverrideMask \/t REG_DWORD \/d 1 \/f<\/span><\/p>\n

It appears that these are the same changes implemented weeks ago by Steve Gibson in his <\/span>InSpectre program<\/span><\/a>. Steve\u2019s program gives you the option to turn off Spectre protection. The registry keys were <\/span>originally documented <\/span><\/a>on Jan. 3 \u2014 they\u2019re hardly new.<\/span><\/p>\n

But how, you may ask, does KB 4078130 actually work? It probably doesn\u2019t disable Intel\u2019s BIOS\/UEFI firmware (although there was one occasion I can recall, years ago, when a Windows patch <\/span>did update Intel microcode<\/span><\/a>). More likely, the registry changes implement some sort of bypass within Windows itself to avoid using the dicey Spectre 2 part of the Intel microcode. Only Microsoft knows for sure, and Microsoft ain\u2019t saying.<\/span><\/p>\n

So, the proverbial bottom line: Should you be concerned?<\/span><\/p>\n

Short answer, no. In particular, if you\u2019ve followed my recommendations and avoided this entire Meltdown\/Spectre upgrading debacle \u2014 haven\u2019t installed any of this month\u2019s patches, haven\u2019t installed the latest BIOS\/UEFI microcode \u2014 there\u2019s nothing in KB 4078130 that\u2019s of interest.<\/span><\/p>\n

On the other hand, if you <\/span>have installed your vendor\u2019s microcode update<\/span><\/a>, <\/span>and <\/strong>you\u2019ve installed the January Windows patches (one or more of the gazillion on offer), <\/span>and <\/strong>you\u2019re having problems \u2014 your machine stops unexpectedly, or performance hit the bottom of a molasses sludge pit \u2014 then<\/span> installing KB 4078130 <\/span><\/a>may help. Or maybe not.<\/span><\/p>\n

Thx, @MrBrian, @abbodi86<\/span><\/p>\n

What do you think about these mangled, useless patches? Join us on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>. <\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 05:49:00 -0800<\/strong><\/p>\n

\n
\n

As we crawl deeper down the Meltdown\/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the \u201cfix\u201d that\u2019s supposed to protect you against one of the Spectre variants. It\u2019s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.<\/span><\/p>\n

I\u2019m tempted to call it an out-of-band patch, but truth is that all of this month\u2019s patches have been out of band.<\/span><\/p>\n

You\u2019ve no doubt been inundated by the news about <\/span>Meltdown and Spectre<\/span><\/a>, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer. <\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761],"class_list":["post-11278","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11278"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11278\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}