Utility for mitigations CVE-2017-5715 and CVE-2017-5754 status check

Well the only thing that comes to mind is with the cpu/system overclock, I have the power states still enabled and use offset voltage so it's not a constant.
Remote desktop options are all turned off, Firewall enabled, AV enabled, I very rarely do online multiplayer and I've started switching off the psu whenever I shutdown.No social media apps are running at any time either and I try to keep all drivers/software updated as much as i can.

 

But hackers work through the content of web pages. Relax, I was joking (mostly).
I configured two power plans - balanced for average usage (performance on demand, with C-states and P-states enabled), and performance one (with only C-states enabled). So befiore I game I just switch plans. But actually it can be done automatically on per-process basis.

 

do i need to be super nerd to know what chips those are?

SKL-U/Y D0
SKL-H/S R0

is one these the 6700k? lol

 

No, you don't have be a super nerd

Your Core i7-6700K belongs to SKL-H/S R0 group, it's CPUID is 506E3. But as it seems latest C2 microcode for it is dated 2017-11-16 so it's not fixed yet. Sorry

SKL-U/Y D0 stands for Skylake versions of low-power Core i7/i5/i3/Pentium/Celeron CPU's in U and Y revisions mostly used in laptops.

edit.
So it's my fault, not all CPU microcodes Intel has released on 2018-01-08 are fixed to mitigate Meltdown/Spectre security flaw. Intel made a real confusion with this.

edit #2
Cmon Intel, now I'm confused. Just found this list on few sites with CPU microcodes released by Intel 2018-01-08 sorted by release date:

Looking at the dates CPU codes were made (after Meltdows/Spectre security flaw has been ) it looks like Kaby Lake and Coffe Lake CPU's are the only one with CPU microcode dates made on 2018-01-04 so those are the only one from complete list of updated CPU microcodes who actually got fixed CPU microcode ready mitigate Meltdown/Spectre. Shoot me, just shoot me!!! Omg Intel, what the hell are you doing, confusion is everywhere1? Why they didn't make a clear note about that in readme file that can be found in 2018-01-08 CPU microcode package!

edit #3 lol
I really don't know what to think anymore Few days ago Intel released benchmarks with "fully" (OS patches + CPU microcodes fixed) Meltdwod/Spectre mitigated systems running Win7 & Win10, Coffe, Kaby and Sky (6700K) CPU's are listed, but how come Skylake 6700K CPU microcode is fixed for Meltdown/Spectre when it's microcode C2 was made on 2017-11-16!?

Jesus Christ this is so confusing.....

 

Because they know about this problem almost half year already...from today 22d bios for z170-d3h:

Code:

-------[ MC Extractor v1.13.1 r52 ]-------

File (1/1): Z170D3H.22d

+-------------------------------------------------------------------------------------------------------+
|                                                 Intel                                                 |
+---+-------+-----------------+---------+------------+---------+---------+----------+----------+--------+
| # | CPUID |     Platform    | Version |    Date    | Release |   Size  | Checksum |  Offset  | Latest |
+---+-------+-----------------+---------+------------+---------+---------+----------+----------+--------+
| 1 | 506E8 |    22 [1, 5]    |    34   | 2016-07-10 |   PRD   | 0x17800 | 57D53E7A | 0x5D0400 |  Yes   |
+---+-------+-----------------+---------+------------+---------+---------+----------+----------+--------+
| 2 | 506E3 | 36 [1, 2, 4, 5] |    C2   | 2017-11-16 |   PRD   | 0x18400 | 328B43AF | 0x5E7C00 |  Yes   |
+---+-------+-----------------+---------+------------+---------+---------+----------+----------+--------+
| 3 | 906E9 |   2A [1, 3, 5]  |    80   | 2018-01-04 |   PRD   | 0x18000 | 6AA1DE93 | 0x600000 |  Yes   |
+---+-------+-----------------+---------+------------+---------+---------+----------+----------+--------+

 

my mind is in meltdown, this one huge mess if it was fixed in the 2017-11-16 update, then asrock boards (z170) dont even have bios for it, last offical release was in january 2017 there was one relased as a beta bios with microcode from july 17 2017 which was "hyperthread" fix. so that would mean EVEN if it as updated by intel asrock never bother to release update for that

I still running microcode from jun of 2016 "74h"

this all make me want to just say frack and let MS deal with it cause they have push everything needed to patch majority of public or majority will never be patched.

Im surprised "consoles" arnt effect by this? if it is and effect them too I highly doubt they would publicize that, either less some person want his day in spot light it says it does and make things worse. just image if it and nothing is said bout and it silently patched and these system really get hit game no long play like they where, only image how that would blow up.



they way this was info was released and handle is down right shameful. if people didnt know about all this werent looking for ways to expliot it they will now.

 

I ain't gonna touch, flash, mod or anything microcode/BIOS wise related at least for another two or three weeks, minimum. As @Tomatone stated above now I'm quite sure Intel knew for this security flaws at least for half a year, maybe even more, but they quietly uptated fixed CPU microcodes for most CPU's released past years (and those releases were spreaded in few mucrocode packs), motherboard vendors weren't aware of those microcode security fixes so they didn't bothered to release most of their motherboard BIOS's from 1150 and 1151 gen for year or two +/- 6 months. Intel started to silently release fixed microcodes in November and December 2017 and few days after the crap has come up to the surface now they say almost by these words: "...yeah, yeah, come CPU's got Meltdown/Spectre fixed microcode a bit earlier but we didn't bothered to inform motherboard vendors about those important microcode fixes but we did it NOW and right now we're going to release rest of fixed microcodes for other new and old CPU's, there's gonna be a stabillity issues with those microcodes for sure (Haswell, Bradwell...) but don't panic, everthing is under control...". Bullshit...

If they get away with this in EU without HUGE penalties then they're going to hide possible future security flaws like snake is hiding it's legs.

I ain't touching my Haswell based 1150 builds and earlier 1155, 1366 for some time until dust settles at least for few weeks even if I knew everything OS patches wise and microcodes related has been "fixed", but really fixed without any kind of stabillity issues.

 

at this point i dont even want to do bios update or do manual mircocode updates., and frankly it's in best interest of MS to push all this updates and microcode to public or majority of them will never be patched, then MS will be hot water for not pushing the codes knowing full well if they dont the majority of public will never be protected , when they can.


You cant expect people and companies like INTEL/MS/AMD cant expect people to do manual updates for such things, when majority of people just let windows do the update they need in first place cause they dont know how to do the stuff manual or willing too

This one huge hot mess.

 

^^^ Completely agree with this. Fixed CPU microcode updates from Intel first, fixed and without stabillity issues. Then it's MS turn to propperly release those via WU because as you already said most of average Joes are not even aware of these security issues, let alone to update BIOS or modd BIOS with fixed microcodes on ther own.

Just imagine all those poor programers working for HP, Dell, Lenovo... who struggles right now to rebuild and test BIOS's for hundreds of differfnt desktops, laptops, servers and workstations. Admins in huge systems whose "serurity aware" bosses yell at them to DO SOMETNIGG OR MELTDOWN IS GONNA RUIN OUR BUSSINES! All if them are swearing Intel first and then MS.

Hope this is gonna cost them (Intel and MS) huge...

 

yah sadly all those programmers @ HP/Dell/ETC might release update for them but there work will be moot for majority of public. majority wont know about and even if they arnt gona do, All the cpu makers need to make need micro code for effect cpu, and then MS need to push them. along with everthing else needed.

If MS dont they will be in hot water for not pushing them when the could. Either way MS will see do things happen.

Outrage from performance lose
or
Outrage and bigger issue for them 100 of millions of people are hit by these flaws and have there data stole ( god forbid this actual happens). all cause they didnt want all the need patches.

 

I ran across another utility linked in this site (InSpectre tool)

https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

I tried in in VM and very simple to use, just run it.
As you can read from above post gives answer to the two types, just a single no/yes for each and it has a performance rating.
Seems anything older than Haswell will trigger non good rating.
There also enable/disable buttons, didn't try this but I guess changes a reg flag maybe.

I got nothing to do with it, just figure I post info.

FWIW: performance rating of my 3570k was "slower"

 

No secret what that performance rating says - presence or absence of PCID feature in CPU and its support in OS.

 

test GRC tool told me what i already knew i still vulnerable to spec, says my performance is good though. and i pretected from meltdown I hoping asrock release bios for my boardz10 soon, or MS release microcode needed( this still the only option for majority of people to get protected), which ever happens first i will use, dont want to do bios update but i want to do UBU even less.

 

thank you very much ! works great here

 

MS issued Cumulative Updates for Win10 versions today. You can check for updated microcode - we can believe in miracles.

 

Thank you mbk1969!

After windows upadte+new bios flashing on a gigabyte Z270 motherborad

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]



Additional CPU information

Name: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Description: Intel64 Family 6 Model 158 Stepping 9
CPUID: 0x000906E9



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 16299
SKU: 48
Service Pack: 0.0

 

What's the KB number on the update?

 

KB4057144 for 1703
KB4057142 for 1607
But for 1709 they issued only update KB4073291 for x86 version: "This update provides additional protections for 32-Bit (x86) version of Windows 10 1709".

 

This would explain why I haven't seen an update for my x64 systems. Like anyone is using 1709 x64.... duh! </sarcasm>

EDIT: Aha found (KB4073290) dated 1/17/18

 

I also found it in the Microsoft Update catalog.
Quite big update(603mb).
Are you going to try it or wait for it to be offered via windows update ?
Is it possible that it will never be offered to who owns an intel cpu as it fixes an AMD related issue ?