New Tool Detects If Your PC Is Vulnerable To Meltdown And Spectre

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,455
Gibson Research has released a new tool called InSpectre to detect if your PC is vulnerable to Meltdown and Spectre. The tiny 122 KB program runs in place and checks identifiers as well as Microsoft updates to be sure you are protected from these flaws.

Very cool little piece of software. Running it on my machine told me that Windows was updated to protect against Meltdown, but I was still vulnerable to Spectre. Hopefully MSI comes out with a BIOS update for me shortly. Gibson Research also notes DO NOT download the tool from any 3rd party websites, as it could be malicious.

Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads. This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
 

1_rick

2[H]4U
Joined
Feb 7, 2017
Messages
3,431
Does ol' Steve still write all his programs in 100%-organic assembly language?
 

dburgo

n00b
Joined
Feb 3, 2017
Messages
48
Anyone know when Asus will bios update for the X99 branding? I have done the windows update but my pc shows vulnerability with spectre. Is this the issue plaguing the hardware? Am I missing any other update for win 10 and an asus x99 6850k setup? I almost feel naked telling anyone my specs now a days.. Any-who the checker says that I am vulnerable to spectre because of a cpu or bios update which protects the hardware. After Google searching for any known update, I have come up with nothing. Hope someone here reports if at the very least, Intel does something about this. Oh BTW AMD has 2 class action suits in progress and Intel has 4. Does that mean money back to like, anyone who bought one of the affected CPUs? (Hope it is and also hope I can now buy a memory upgrade as prices are astronomical for 16GB quad channel with said suit "pay outs".... ) Thanks for keeping us informed H.
 
Last edited:

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,455
Anyone know when Asus will bios update for the X99 branding? I have done the windows update but my pc shows vulnerability with spectre. Is this the issue plaguing the hardware? Am I missing any other update for win 10 and an asus x99 6850k setup. I almost feel naked telling anyone my specs now a days..

I have the same issue, have to wait/hope that a BIOS update comes
 

dburgo

n00b
Joined
Feb 3, 2017
Messages
48
I have the same issue, have to wait/hope that a BIOS update comes
It would be absolutely Good news once any of these companies figure things out. BTW there are 4 class action suits against Intel and 2 for AMD. Might be a good story. :)
 

Blazestorm

Supreme [H]ardness
Joined
Jan 17, 2007
Messages
6,940
Windows 10 has the functionality built in via a powershell module... not sure how easy it is to grab/test on 7/8.

Code:
  --Accept prompt to install the NuGet provider if requested
Win + X + A
Install-Module SpeculationControl
Import-Module SpeculationControl
Get-SpeculationControlSettings

  --If you don't want the module installed after checking: 
Uninstall-Module SpeculationControl

Good report:

Code:
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True
 

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
20,377
My Xeons are taking a performance hit apparently.
2670-inspectre.jpg
 

JargonGR

Limp Gawd
Joined
Dec 16, 2006
Messages
500
Just run it on my old system Q9550 -

Vulnerable to Spectre + Performance Hit.

Have not tested it on my new PC (X299 7940x) as it is not online yet. And it is the one I care to be honest.
 

Azphira

[H]ard|Gawd
Joined
Aug 18, 2003
Messages
1,883
Is the fix disabled through windows update because of the AMD bricking?
 

ziddey

Supreme [H]ardness
Joined
Dec 24, 2002
Messages
5,392
Joined
Sep 17, 2012
Messages
767
So, my Inspiron 7559, which I've updated to the latest BIOS that is supposed to fix Spectre/Meltdown, still shows me as vulnerable.

My Thinkpads at work and at home both show that I'm OK. They also were updated in the past 2 weeks.

Either Lenovo's better at fixing their stuff than Dell, or GRC is slipping on this utility. My systems have the latest updates...
 

ziddey

Supreme [H]ardness
Joined
Dec 24, 2002
Messages
5,392
So, my Inspiron 7559, which I've updated to the latest BIOS that is supposed to fix Spectre/Meltdown, still shows me as vulnerable.

My Thinkpads at work and at home both show that I'm OK. They also were updated in the past 2 weeks.

Either Lenovo's better at fixing their stuff than Dell, or GRC is slipping on this utility. My systems have the latest updates...
Vulnerable to both? Windows update should be good enough for meltdown, but spectre requires a microcode update. You can use hwinfo to check your microcode. See the post above yours to apply the microcode via windows.
 

WhoMe

Gawd
Joined
Jan 3, 2018
Messages
827
Anyone know when Asus will bios update for the X99 branding? I have done the windows update but my pc shows vulnerability with spectre. Is this the issue plaguing the hardware? Am I missing any other update for win 10 and an asus x99 6850k setup? I almost feel naked telling anyone my specs now a days.. Any-who the checker says that I am vulnerable to spectre because of a cpu or bios update which protects the hardware. After Google searching for any known update, I have come up with nothing. Hope someone here reports if at the very least, Intel does something about this. Oh BTW AMD has 2 class action suits in progress and Intel has 4. Does that mean money back to like, anyone who bought one of the affected CPUs? (Hope it is and also hope I can now buy a memory upgrade as prices are astronomical for 16GB quad channel with said suit "pay outs".... ) Thanks for keeping us informed H.
Apparently the micro-code for Broadwell-e is not stable yet. I'm guessing they don't want to release it yet until it can cover all compatible processors. That's per Intel apparently asking Lenovo to stop distributing the update.
 

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,455
Anyone know when Asus will bios update for the X99 branding? I have done the windows update but my pc shows vulnerability with spectre. Is this the issue plaguing the hardware? Am I missing any other update for win 10 and an asus x99 6850k setup? I almost feel naked telling anyone my specs now a days.. Any-who the checker says that I am vulnerable to spectre because of a cpu or bios update which protects the hardware. After Google searching for any known update, I have come up with nothing. Hope someone here reports if at the very least, Intel does something about this. Oh BTW AMD has 2 class action suits in progress and Intel has 4. Does that mean money back to like, anyone who bought one of the affected CPUs? (Hope it is and also hope I can now buy a memory upgrade as prices are astronomical for 16GB quad channel with said suit "pay outs".... ) Thanks for keeping us informed H.

https://www.hardocp.com/news/2018/01/17/uefi_bios_updates_for_spectre
 

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,455
'Yes, they actually mention this on the site

Windows Defender “SmartScreen” appears to have decided that InSpectre is malware. This also happened briefly after the release of our Never10 utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.

If you have any non-Microsoft web browser (Chrome, Firefox, Opera, etc.) you should be able to obtain and use InSpectre without trouble.
 

ziddey

Supreme [H]ardness
Joined
Dec 24, 2002
Messages
5,392
Weird. Applied the kabylake 90 microcode but inspectre is still showing vulnerable.
 
Joined
Sep 17, 2012
Messages
767
Vulnerable to both? Windows update should be good enough for meltdown, but spectre requires a microcode update. You can use hwinfo to check your microcode. See the post above yours to apply the microcode via windows.

Tried those files, still coming back saying I'm vulnerable to both on the Inspiron. Double checked the website about the BIOS upgrade, and it specifically mentions it dealing with Meltdown/Spectre.

When I run the CMCUpdate thing, it says this in event viewer: No CPUs needed an update. Your system might not need this driver.

Intel Core i7 6700HQ. Both show microcode revision of C2.



I tested this on an old E5430 that went through a car wreck, but is good for testing stuff out. Ivy Bridge. It showed I was protected from Meltdown (expected based on the 5 day younger but just-as-patched version of Windows), not protected from Spectre (there is no BIOS update for this model yet), and that performance was SLOWER. Not surprised based on the age of the CPU.

The CMCUpdate DID change the microcode revision after I ran it.

So...I'm not sure why I'm getting the false positives.
 
Last edited:

ziddey

Supreme [H]ardness
Joined
Dec 24, 2002
Messages
5,392
hmm, this post: http://forum.notebookreview.com/thr...-fix-and-meltdown.806451/page-4#post-10662550

Currently the method of updating microcode via the vmware driver, does not activate mitigations (no performance penalty is applied, no protection against Spectre variant 2 too) in Windows, check powershell Get-SpeculationControlSettings script.

Hello.

Recently I updated CPU microcode for my Intel CPU, and now I see in PowerShell:

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False

I created both registry values FeatureSettingsOverrideMask = 3 and FeatureSettingsOverride = 0, rebooted, but still receive
Windows OS support for branch target injection mitigation is enabled: False

Can it be due to usage of VMware driver for updating CPU microcode? I mean kernel is loaded => sees no HW support for BTI and turns mitigation off => then VMware driver is loaded and updates CPU microcode (only too late).

Update: So I succeeded in modifying the BIOS file with updated CPU microcode and flashing it to BIOS. And after that BTI mitigation is reported as enabled. So I was right about too late stage of applying CPU microcode update through VMware driver.

seems to work on 6600k/asus z170-k though at least as far as inspectre is concerned.


edit: not sure if a subsequent reboot changed things or if it was disabling hyper-v, but the kabylake is now showing spectre protection.
 
Last edited:

techie81

[H]ard for [H]ardware
Joined
Jan 12, 2005
Messages
6,059
Intel 7820x here on an a MSI board, its telling me I have herpe...I mean vulnerable to Spectre. So I guess I will be waiting for a bios update too.
 

pendragon1

Extremely [H]
Joined
Oct 7, 2000
Messages
43,901
lol this is more like that dormant zombie virus that everyone is carrying.
 

OldBuzzard

Gawd
Joined
Jun 6, 2004
Messages
911
'Yes, they actually mention this on the site

Windows Defender “SmartScreen” appears to have decided that InSpectre is malware. This also happened briefly after the release of our Never10 utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.

If you have any non-Microsoft web browser (Chrome, Firefox, Opera, etc.) you should be able to obtain and use InSpectre without trouble.

The easy way around that is:

1. ALT+X (brings up the tools menu.)

2. Click on SAFETY.

3. Click on TURN OFF SMARTCREEN FILTER

4.. D/L the program.

5. Do 1 & 2 above and turn the SmartScreen filter back on.
 

pendragon1

Extremely [H]
Joined
Oct 7, 2000
Messages
43,901
I just clicked the little link that said more info, then proceed anyways and then download anyways when the program was deemed "unsafe". it says my old pos is only vulnerable to spectre but the patched/unpatched box is greyed out. I'm not really that worried about patching this old pos anyways...
 

Slade

2[H]4U
Joined
Jun 9, 2004
Messages
2,924
tool reads clean for my home pc. tested on some work machines, it detects the windows patch. Fails them on the bios ones since I have yet to implement them.
 

dpoverlord

[H]ard|Gawd
Joined
Nov 18, 2004
Messages
1,880
found a few machines that it says vulnerable to, is there supposed to be a bios update? how do we make something vulnerable not?
 

mvmiller12

[H]ard|Gawd
Joined
Aug 7, 2011
Messages
1,330
http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

http://forum.notebookreview.com/threads/ucode-fix-for-spectre-ht-bug-fix-and-meltdown.806451/

For anyone who needs to update microcode via windows for spectre / is waiting for a new bios / doesn't want to update microcode in bios manually. The amd microcode download was dead at the time I tried, so I pulled it from the debian repo.

pKMOxBq.png


I tried the manual microcode update method detailed in the links above on my 5 home PC systems running Windows. I acquired the current Intel uCode updates (dated 1/8/18) from Intel and the current AMD uCode updates from the Debian FTP (dated 1/10/18). The linked microcode updates from the Notebook Review forums above are either outdated or offline. uCode downloads were extracted into the temp folder used by the VMWare-provided uCode installer as instructed. All systems have the latest firmware from their respective MB manufacturers installed. Results as follows:


1) AMD Ryzen 1700 system - the VMWare-provided utility installed without error. On reboot, Event Manager showed no uCode update installed because of an error reading a uCode file. Checked the Windows\System32\Drivers folder (where the uCode installer places the uCode files) and noticed the Family 16 and Family 17 AMD uCode .bin files were not there. Manually copied them over and rebooted again. Now Event Viewer indicates that no supported CPU is detected, and no uCode was installed (error is now gone). InSpectre indicates this machine as NO to Meltdown, YES to Spectre and GOOD to Performance.

2) AMD Ryzen 1600X system - same as 1) above.

3) Intel Skylake i5 system - the VMWare-provided utility installed without error. On reboot, Event Viewer indicates a compatible CPU was found and the uCode update was installed. InSpectre indicates this machine as NO to Meltdown, NO to Spectre and GOOD to Performance. (System indicated YES to Spectre prior to this update)

4) AMD FX-8350 system - the VMWare-provided utility installed without error. On reboot, Event Viewer indicates a compatible CPU was found and the uCode update was installed (not surprising since the last firmware update available for the Asus M5A97 EVO mainboard this system runs is dated December of 2012). InSpectre indicates this machine as NO to Meltdown, YES to Spectre and GOOD to Performance.

5) Intel Haswell i5 system (MS Surface 2 Pro 8G) - same as 3) above. And yes, InSpectre also shows Performance as GOOD.


I am uncertain if the AMD uCode update just doesn't have anything for the plain Ryzen (possible only Threadripper and/or Epyc), if the mainboard is blocking installation (both using Asus Prime B350 Plus), or if the VMWare-provided utility is not correctly detecting/enabling the uCode update on Ryzen-class AMD CPUs.
 
Last edited:

mvmiller12

[H]ard|Gawd
Joined
Aug 7, 2011
Messages
1,330
found a few machines that it says vulnerable to, is there supposed to be a bios update? how do we make something vulnerable not?

Ultimately, your mainboard manufacturer should release a firmware update that contains the uCode fixes, but some are better about this than others. If you are running Linux or Windows, you can manually update your microcode through a software loader, though it will need to reapply itself on every reboot/processor wakeup. If you're running Windows, these links from Ziddey can get you going (though my post above has the links to the current Intel and AMD uCode updates directly). VMWare provides a utility that can be run in Windows that will load the uCode patches at startup, and the links below describe how to get it going.

http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

http://forum.notebookreview.com/threads/ucode-fix-for-spectre-ht-bug-fix-and-meltdown.806451/
 

ziddey

Supreme [H]ardness
Joined
Dec 24, 2002
Messages
5,392
"Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs"

might have something to do with it

you can check which microcode you're using with hwinfo
 
Last edited:

mvmiller12

[H]ard|Gawd
Joined
Aug 7, 2011
Messages
1,330
"Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs"

Yes, but that should have no effect on the uCode updater, only the actual OS patch from Microsoft - and all of my AMD systems had the Windows 10 patches installed prior to that.
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,477
Considering what the vulnerabilities of Meltdown and Spectre are, I would take any tool like this with caution. It's the perfect opportunity to do good with something malicious snuck inside to do exactly the opposite in the background.
 

Wade88

Gawd
Joined
Jun 21, 2015
Messages
930
Gigabyte GA-X99P SLI here, here's to hoping it's among the handful of Gigabyte X99 boards with a new UEFI BIOS in testing.
 

hexamon

Weaksauce
Joined
Oct 21, 2006
Messages
97
Considering what the vulnerabilities of Meltdown and Spectre are, I would take any tool like this with caution. It's the perfect opportunity to do good with something malicious snuck inside to do exactly the opposite in the background.

In general you aren't wrong, but in this specific case I am not worried. Gibson Research is a old name in this area. Steve Gibson has been releasing tools like this for like 30 years now.
 
Joined
Sep 17, 2012
Messages
767
In general you aren't wrong, but in this specific case I am not worried. Gibson Research is a old name in this area. Steve Gibson has been releasing tools like this for like 30 years now.

I'm SysAdmin at my company, and get to try to fix this for some 1500+ computers. So, a tool like this that could help out with systems that Dell is unlikely to deal with (we have a bunch of Optiplex 3010 and 390s still in use that are being replaced as they fail) would be great for me. Use a tool to push this out, and stop worrying. I asked my manager to run this to see what his computer showed, and he was very hesitant to run it. I fully understand his viewpoint, but as hexamon said, GRC is well respected. I've been using their tools for nearly 20 years.
 

Hitti2

Limp Gawd
Joined
Dec 3, 2016
Messages
340
I guess if patched I'm gonna get a performance hit.
leWjEBK.jpg


Could someone please explain in laymen terms how the attack is hit on the machine, what the attack does and how to prevent it from happening by taking security measures without patching???
 
Top